netdev - Re: [syzbot] [net?] KASAN: slab-out-of-bounds Read in dsa_user

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20240109193304.7pc27uzwm5dtudk6@skbuf>
Date: Tue, 9 Jan 2024 21:33:04 +0200
From: Vladimir Oltean <olteanv@...il.com>
To: syzbot <syzbot+d81bcd883824180500c8@...kaller.appspotmail.com>
Cc: andrew@...n.ch, davem@...emloft.net, dsahern@...nel.org,
	edumazet@...gle.com, f.fainelli@...il.com, kuba@...nel.org,
	linux-kernel@...r.kernel.org, lixiaoyan@...gle.com,
	netdev@...r.kernel.org, pabeni@...hat.com,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] KASAN: slab-out-of-bounds Read in
 dsa_user_changeupper

On Tue, Jan 09, 2024 at 10:17:34AM -0800, syzbot wrote:
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in dsa_user_to_port net/dsa/user.h:58 [inline]
> BUG: KASAN: slab-out-of-bounds in dsa_user_changeupper+0x61a/0x6e0 net/dsa/user.c:2809
> Read of size 8 at addr ffff888015ebecf0 by task syz-executor278/5066
> 
> CPU: 1 PID: 5066 Comm: syz-executor278 Not tainted 6.7.0-rc6-syzkaller-01740-g9fb3dc1e9af2 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
>  print_address_description mm/kasan/report.c:364 [inline]
>  print_report+0xc4/0x620 mm/kasan/report.c:475
>  kasan_report+0xda/0x110 mm/kasan/report.c:588
>  dsa_user_to_port net/dsa/user.h:58 [inline]
>  dsa_user_changeupper+0x61a/0x6e0 net/dsa/user.c:2809
>  dsa_user_netdevice_event+0xd04/0x3480 net/dsa/user.c:3345
>  notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
>  call_netdevice_notifiers_info+0xbe/0x130 net/core/dev.c:1967
>  __netdev_upper_dev_link+0x439/0x850 net/core/dev.c:7760
>  netdev_upper_dev_link+0x92/0xc0 net/core/dev.c:7801
>  register_vlan_dev+0x396/0x940 net/8021q/vlan.c:183
>  register_vlan_device net/8021q/vlan.c:277 [inline]
>  vlan_ioctl_handler+0x8dd/0xa70 net/8021q/vlan.c:621
>  sock_ioctl+0x4bd/0x6b0 net/socket.c:1303

#syz test

View attachment "0001-net-dsa-fix-bad-dsa_user_to_port-calls-on-non-DSA-ne.patch" of type "text/x-diff" (3197 bytes)