Re: [syzbot] [net?] KASAN: slab-out-of-bounds Read in dsa_user_changeupper
From: Vladimir Oltean
Date: Tue Jan 09 2024 - 14:33:30 EST
On Tue, Jan 09, 2024 at 10:17:34AM -0800, syzbot wrote:
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in dsa_user_to_port net/dsa/user.h:58 [inline]
> BUG: KASAN: slab-out-of-bounds in dsa_user_changeupper+0x61a/0x6e0 net/dsa/user.c:2809
> Read of size 8 at addr ffff888015ebecf0 by task syz-executor278/5066
>
> CPU: 1 PID: 5066 Comm: syz-executor278 Not tainted 6.7.0-rc6-syzkaller-01740-g9fb3dc1e9af2 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:88 [inline]
> dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
> print_address_description mm/kasan/report.c:364 [inline]
> print_report+0xc4/0x620 mm/kasan/report.c:475
> kasan_report+0xda/0x110 mm/kasan/report.c:588
> dsa_user_to_port net/dsa/user.h:58 [inline]
> dsa_user_changeupper+0x61a/0x6e0 net/dsa/user.c:2809
> dsa_user_netdevice_event+0xd04/0x3480 net/dsa/user.c:3345
> notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
> call_netdevice_notifiers_info+0xbe/0x130 net/core/dev.c:1967
> __netdev_upper_dev_link+0x439/0x850 net/core/dev.c:7760
> netdev_upper_dev_link+0x92/0xc0 net/core/dev.c:7801
> register_vlan_dev+0x396/0x940 net/8021q/vlan.c:183
> register_vlan_device net/8021q/vlan.c:277 [inline]
> vlan_ioctl_handler+0x8dd/0xa70 net/8021q/vlan.c:621
> sock_ioctl+0x4bd/0x6b0 net/socket.c:1303
#syz test