Re: [syzbot] [net?] KASAN: slab-use-after-free Read in advance_sched

From: Hillf Danton
Date: Fri Feb 23 2024 - 18:02:37 EST

Next message: Zev Weiss: "Re: [PATCH 2/2] ARM: dts: aspeed: x4tf: Add dts for asus x4tf project"
Previous message: Carl Vanderlip: "Re: [PATCH 05/13] accel/habanalabs: fix glbl error cause handling"
In reply to: syzbot: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in advance_sched"
Next in thread: syzbot: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in advance_sched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 23 Feb 2024 01:29:17 -0800
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 9abbc24128bc Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10a70158180000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci

--- x/net/sched/sch_taprio.c
+++ y/net/sched/sch_taprio.c
@@ -1984,6 +1984,7 @@ static int taprio_change(struct Qdisc *s
/* Protects against advance_sched() */
spin_lock_irqsave(&q->current_entry_lock, flags);

+ admin = rtnl_dereference(q->admin_sched);
taprio_start_sched(sch, start, new_admin);

rcu_assign_pointer(q->admin_sched, new_admin);
--

Next message: Zev Weiss: "Re: [PATCH 2/2] ARM: dts: aspeed: x4tf: Add dts for asus x4tf project"
Previous message: Carl Vanderlip: "Re: [PATCH 05/13] accel/habanalabs: fix glbl error cause handling"
In reply to: syzbot: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in advance_sched"
Next in thread: syzbot: "Re: [syzbot] [net?] KASAN: slab-use-after-free Read in advance_sched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]