Re: [syzbot] WARNING: refcount bug in qrtr_node_lookup
From: Paul Moore
Date: Thu Sep 02 2021 - 09:58:48 EST
On Thu, Sep 2, 2021 at 12:13 AM Hillf Danton <hdanton@xxxxxxxx> wrote:
> On Wed, 01 Sep 2021 19:32:06 -0700
> >
> > syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> > UBSAN: object-size-mismatch in send4
> >
> > ================================================================================
> > UBSAN: object-size-mismatch in ./include/net/flow.h:197:33
> > member access within address 000000001597b753 with insufficient space
> > for an object of type 'struct flowi'
> > CPU: 1 PID: 231 Comm: kworker/u4:4 Not tainted 5.14.0-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
> > Call Trace:
> > __dump_stack lib/dump_stack.c:88 [inline]
> > dump_stack_lvl+0x15e/0x1d3 lib/dump_stack.c:105
> > ubsan_epilogue lib/ubsan.c:148 [inline]
> > handle_object_size_mismatch lib/ubsan.c:229 [inline]
> > ubsan_type_mismatch_common+0x1de/0x390 lib/ubsan.c:242
> > __ubsan_handle_type_mismatch_v1+0x41/0x50 lib/ubsan.c:271
> > flowi4_to_flowi_common include/net/flow.h:197 [inline]
>
> This was added in 3df98d79215a ("lsm,selinux: pass flowi_common instead of
> flowi to the LSM hooks"), could you take a look at the UBSAN report, Paul?
Sure, although due to some flooding here at home it might take a day
(two?) before I have any real comments on this.
--
paul moore
www.paul-moore.com