[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240109193304.7pc27uzwm5dtudk6@skbuf>
Date: Tue, 9 Jan 2024 21:33:04 +0200
From: Vladimir Oltean <olteanv@...il.com>
To: syzbot <syzbot+d81bcd883824180500c8@...kaller.appspotmail.com>
Cc: andrew@...n.ch, davem@...emloft.net, dsahern@...nel.org,
edumazet@...gle.com, f.fainelli@...il.com, kuba@...nel.org,
linux-kernel@...r.kernel.org, lixiaoyan@...gle.com,
netdev@...r.kernel.org, pabeni@...hat.com,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] KASAN: slab-out-of-bounds Read in
dsa_user_changeupper
On Tue, Jan 09, 2024 at 10:17:34AM -0800, syzbot wrote:
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in dsa_user_to_port net/dsa/user.h:58 [inline]
> BUG: KASAN: slab-out-of-bounds in dsa_user_changeupper+0x61a/0x6e0 net/dsa/user.c:2809
> Read of size 8 at addr ffff888015ebecf0 by task syz-executor278/5066
>
> CPU: 1 PID: 5066 Comm: syz-executor278 Not tainted 6.7.0-rc6-syzkaller-01740-g9fb3dc1e9af2 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:88 [inline]
> dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
> print_address_description mm/kasan/report.c:364 [inline]
> print_report+0xc4/0x620 mm/kasan/report.c:475
> kasan_report+0xda/0x110 mm/kasan/report.c:588
> dsa_user_to_port net/dsa/user.h:58 [inline]
> dsa_user_changeupper+0x61a/0x6e0 net/dsa/user.c:2809
> dsa_user_netdevice_event+0xd04/0x3480 net/dsa/user.c:3345
> notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
> call_netdevice_notifiers_info+0xbe/0x130 net/core/dev.c:1967
> __netdev_upper_dev_link+0x439/0x850 net/core/dev.c:7760
> netdev_upper_dev_link+0x92/0xc0 net/core/dev.c:7801
> register_vlan_dev+0x396/0x940 net/8021q/vlan.c:183
> register_vlan_device net/8021q/vlan.c:277 [inline]
> vlan_ioctl_handler+0x8dd/0xa70 net/8021q/vlan.c:621
> sock_ioctl+0x4bd/0x6b0 net/socket.c:1303
#syz test
View attachment "0001-net-dsa-fix-bad-dsa_user_to_port-calls-on-non-DSA-ne.patch" of type "text/x-diff" (3197 bytes)
Powered by blists - more mailing lists