Re: net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Cong Wang
On Fri, Jan 1, 2016 at 5:58 AM, Dmitry Vyukov wrote: > GPF seems to be caused by a data race on socket state. Seems you are right, I think the following patch should work: diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index ecf0a01..5a91997 100644 --- a/net/nfc/llcp_sock.c +++

Re: net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Cong Wang
On Fri, Jan 1, 2016 at 12:58 PM, Cong Wang wrote: > > It looks like we forget to initialize ->service_name_len > and ->servicce_name before bind(). Never mind, __GFP_ZERO is passed in sk_alloc()... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a

Re: net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Cong Wang
On Fri, Jan 1, 2016 at 5:58 AM, Dmitry Vyukov wrote: > > kasan: GPF could be caused by NULL-ptr deref or user memory > accessgeneral protection fault: [#51] SMP KASAN > Modules linked in: > CPU: 2 PID: 4207 Comm: a.out Not tainted 4.4.0-rc7+ #184 > Hardware name: QEMU Standard PC (i440FX +

net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Dmitry Vyukov
Hello, The following program triggers GPF in llcp_sock_getname: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include #include #include #include #include #include #include #include int fd; void *thr(void *arg) { struct sockaddr_nfc_llcp sa;

Re: net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Cong Wang
On Fri, Jan 1, 2016 at 5:58 AM, Dmitry Vyukov wrote: > GPF seems to be caused by a data race on socket state. Seems you are right, I think the following patch should work: diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index ecf0a01..5a91997 100644 ---

Re: net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Cong Wang
On Fri, Jan 1, 2016 at 5:58 AM, Dmitry Vyukov wrote: > > kasan: GPF could be caused by NULL-ptr deref or user memory > accessgeneral protection fault: [#51] SMP KASAN > Modules linked in: > CPU: 2 PID: 4207 Comm: a.out Not tainted 4.4.0-rc7+ #184 > Hardware name: QEMU

Re: net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Cong Wang
On Fri, Jan 1, 2016 at 12:58 PM, Cong Wang wrote: > > It looks like we forget to initialize ->service_name_len > and ->servicce_name before bind(). Never mind, __GFP_ZERO is passed in sk_alloc()... -- To unsubscribe from this list: send the line "unsubscribe

net/nfc: GPF in llcp_sock_getname

2016-01-01 Thread Dmitry Vyukov
Hello, The following program triggers GPF in llcp_sock_getname: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include #include #include #include #include #include #include #include int fd; void *thr(void *arg) { struct sockaddr_nfc_llcp sa;