I ran into this:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: [#1] PREEMPT SMP KASAN
CPU: 2 PID: 2012 Comm: trinity-c3 Not tainted 4.7.0-rc7+ #19
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
task: 8800b745f2c0 ti: 88011174 task.ti: 88011174
RIP: 0010:[] []
irttp_connect_request+0x36/0x710
RSP: 0018:880111747bb8 EFLAGS: 00010286
RAX: dc00 RBX: RCX: 69dd8358
RDX: 0009 RSI: 0027 RDI: 0048
RBP: 880111747c00 R08: R09:
R10: 69dd8358 R11: 10759723 R12:
R13: 88011a7e4780 R14: 0027 R15:
FS: 7fc738404700() GS:88011af0() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7fc737fdfb10 CR3: 000118087000 CR4: 06e0
Stack:
0200 880111747bd8 810ee611 880119f1f220
880119f1f4f8 880119f1f4f0 88011a7e4780 880119f1f232
880119f1f220 880111747d58 82bca542
Call Trace:
[] irda_connect+0x562/0x1190
[] SYSC_connect+0x202/0x2a0
[] SyS_connect+0x9/0x10
[] do_syscall_64+0x19c/0x410
[] entry_SYSCALL64_slow_path+0x25/0x25
Code: 41 89 ca 48 89 e5 41 57 41 56 41 55 41 54 41 89 d7 53 48 89 fb 48 83
c7 48 48 89 fa 41 89 f6 48 c1 ea 03 48 83 ec 20 4c 8b 65 10 <0f> b6 04 02 84 c0
74 08 84 c0 0f 8e 4c 04 00 00 80 7b 48 00 74
RIP [] irttp_connect_request+0x36/0x710
RSP
---[ end trace 4cda2588bc055b30 ]---
The problem is that irda_open_tsap() can fail and leave self->tsap = NULL,
and then irttp_connect_request() almost immediately dereferences it.
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum
---
net/irda/af_irda.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 923abd6..8d2f7c9 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1024,8 +1024,11 @@ static int irda_connect(struct socket *sock, struct
sockaddr *uaddr,
}
/* Check if we have opened a local TSAP */
- if (!self->tsap)
- irda_open_tsap(self, LSAP_ANY, addr->sir_name);
+ if (!self->tsap) {
+ err = irda_open_tsap(self, LSAP_ANY, addr->sir_name);
+ if (err)
+ goto out;
+ }
/* Move to connecting socket, start sending Connect Requests */
sock->state = SS_CONNECTING;
--
1.9.1