lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 20 Dec 2020 08:54:12 -0800
From:   syzbot <syzbot+8f90d005ab2d22342b6d@...kaller.appspotmail.com>
To:     Jason@...c4.com, davem@...emloft.net, kuba@...nel.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com, wireguard@...ts.zx2c4.com
Subject: UBSAN: object-size-mismatch in wg_xmit

Hello,

syzbot found the following issue on:

HEAD commit:    5e60366d Merge tag 'fallthrough-fixes-clang-5.11-rc1' of g..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12b12c13500000
kernel config:  https://syzkaller.appspot.com/x/.config?x=267a60b188ded8ed
dashboard link: https://syzkaller.appspot.com/bug?extid=8f90d005ab2d22342b6d
compiler:       clang version 11.0.0 (https://github.com/llvm/llvm-project.git ca2dcbd030eadbf0aa9b660efe864ff08af6e18b)

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8f90d005ab2d22342b6d@...kaller.appspotmail.com

================================================================================
UBSAN: object-size-mismatch in ./include/linux/skbuff.h:2021:28
member access within address 0000000085889cc2 with insufficient space
for an object of type 'struct sk_buff'
CPU: 1 PID: 2998 Comm: kworker/1:2 Not tainted 5.10.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x137/0x1be lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:148 [inline]
 handle_object_size_mismatch lib/ubsan.c:297 [inline]
 ubsan_type_mismatch_common+0x1e2/0x390 lib/ubsan.c:310
 __ubsan_handle_type_mismatch_v1+0x41/0x50 lib/ubsan.c:339
 __skb_queue_before include/linux/skbuff.h:2021 [inline]
 __skb_queue_tail include/linux/skbuff.h:2054 [inline]
 wg_xmit+0x45d/0xdf0 drivers/net/wireguard/device.c:182
 __netdev_start_xmit include/linux/netdevice.h:4775 [inline]
 netdev_start_xmit+0x7b/0x140 include/linux/netdevice.h:4789
 xmit_one net/core/dev.c:3556 [inline]
 dev_hard_start_xmit+0x182/0x2e0 net/core/dev.c:3572
 __dev_queue_xmit+0x1229/0x1e60 net/core/dev.c:4133
 neigh_output include/net/neighbour.h:510 [inline]
 ip6_finish_output2+0xe8d/0x11e0 net/ipv6/ip6_output.c:117
 dst_output include/net/dst.h:441 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ndisc_send_skb+0x85b/0xc70 net/ipv6/ndisc.c:508
 addrconf_dad_completed+0x5ef/0x990 net/ipv6/addrconf.c:4192
 addrconf_dad_work+0xb92/0x1480 net/ipv6/addrconf.c:3959
 process_one_work+0x471/0x830 kernel/workqueue.c:2275
 worker_thread+0x757/0xb10 kernel/workqueue.c:2421
 kthread+0x39a/0x3c0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
================================================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

Powered by blists - more mailing lists