[syzbot] UBSAN: shift-out-of-bounds in tcf_pedit_init
13 views
Skip to first unread message
syzbot
May 12, 2022, 5:18:29 PM5/12/22
to da...@davemloft.net, edum...@google.com, j...@mojatatu.com, ji...@resnulli.us, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, xiyou.w...@gmail.com
Hello,
syzbot found the following issue on:
HEAD commit: 810c2f0a3f86 mlxsw: Avoid warning during ip6gre device rem..
git tree: net
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1448a599f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=331feb185f8828e0
dashboard link: https://syzkaller.appspot.com/bug?extid=8ed8fc4c57e9dcf23ca6
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=104e9749f00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15f913b9f00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8ed8fc...@syzkaller.appspotmail.com
netlink: 28 bytes leftover after parsing attributes in process `syz-executor151'.
netlink: 28 bytes leftover after parsing attributes in process `syz-executor151'.
================================================================================
UBSAN: shift-out-of-bounds in net/sched/act_pedit.c:238:43
shift exponent 1400735974 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 3606 Comm: syz-executor151 Not tainted 5.18.0-rc5-syzkaller-00165-g810c2f0a3f86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
tcf_pedit_init.cold+0x1a/0x1f net/sched/act_pedit.c:238
tcf_action_init_1+0x414/0x690 net/sched/act_api.c:1367
tcf_action_init+0x530/0x8d0 net/sched/act_api.c:1432
tcf_action_add+0xf9/0x480 net/sched/act_api.c:1956
tc_ctl_action+0x346/0x470 net/sched/act_api.c:2015
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5993
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x6e2/0x800 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2496
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fe36e9e1b59
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffef796fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe36e9e1b59
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00007fe36e9a5d00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe36e9a5d90
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
================================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 810c2f0a3f86 mlxsw: Avoid warning during ip6gre device rem..
git tree: net
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1448a599f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=331feb185f8828e0
dashboard link: https://syzkaller.appspot.com/bug?extid=8ed8fc4c57e9dcf23ca6
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=104e9749f00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15f913b9f00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8ed8fc...@syzkaller.appspotmail.com
netlink: 28 bytes leftover after parsing attributes in process `syz-executor151'.
netlink: 28 bytes leftover after parsing attributes in process `syz-executor151'.
================================================================================
UBSAN: shift-out-of-bounds in net/sched/act_pedit.c:238:43
shift exponent 1400735974 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 3606 Comm: syz-executor151 Not tainted 5.18.0-rc5-syzkaller-00165-g810c2f0a3f86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
tcf_pedit_init.cold+0x1a/0x1f net/sched/act_pedit.c:238
tcf_action_init_1+0x414/0x690 net/sched/act_api.c:1367
tcf_action_init+0x530/0x8d0 net/sched/act_api.c:1432
tcf_action_add+0xf9/0x480 net/sched/act_api.c:1956
tc_ctl_action+0x346/0x470 net/sched/act_api.c:2015
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5993
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x6e2/0x800 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2496
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fe36e9e1b59
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffef796fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe36e9e1b59
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00007fe36e9a5d00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe36e9a5d90
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
================================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Eric Dumazet
May 12, 2022, 5:20:04 PM5/12/22
to syzbot, David Miller, Jamal Hadi Salim, Jiri Pirko, Jakub Kicinski, LKML, netdev, Paolo Abeni, syzkaller-bugs, Cong Wang
commit 8b796475fd7882663a870456466a4fb315cc1bd6
Author: Paolo Abeni <pab...@redhat.com>
Date: Tue May 10 16:57:34 2022 +0200
net/sched: act_pedit: really ensure the skb is writable
Jakub Kicinski
May 12, 2022, 6:51:42 PM5/12/22
to Eric Dumazet, syzbot, David Miller, Jamal Hadi Salim, Jiri Pirko, LKML, netdev, Paolo Abeni, syzkaller-bugs, Cong Wang
On Thu, 12 May 2022 14:19:51 -0700 Eric Dumazet wrote:
> On Thu, May 12, 2022 at 2:18 PM syzbot
> On Thu, May 12, 2022 at 2:18 PM syzbot
> > This report is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzk...@googlegroups.com.
> >
> > syzbot will keep track of this issue. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> > syzbot can test patches for this issue, for details see:
> > https://goo.gl/tpsmEJ#testing-patches
>
> As mentioned earlier, this came with
>
> commit 8b796475fd7882663a870456466a4fb315cc1bd6
> Author: Paolo Abeni <pab...@redhat.com>
> Date: Tue May 10 16:57:34 2022 +0200
>
> net/sched: act_pedit: really ensure the skb is writable
Came in as in new stack trace for an old/existing bug, right?
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzk...@googlegroups.com.
> >
> > syzbot will keep track of this issue. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> > syzbot can test patches for this issue, for details see:
> > https://goo.gl/tpsmEJ#testing-patches
>
> As mentioned earlier, this came with
>
> commit 8b796475fd7882663a870456466a4fb315cc1bd6
> Author: Paolo Abeni <pab...@redhat.com>
> Date: Tue May 10 16:57:34 2022 +0200
>
> net/sched: act_pedit: really ensure the skb is writable
Nothing checks the shift so it'd have already tripped UBSAN
later on in tcf_pedit_act(), anyway.
Eric Dumazet
May 12, 2022, 7:53:32 PM5/12/22
to Jakub Kicinski, syzbot, David Miller, Jamal Hadi Salim, Jiri Pirko, LKML, netdev, Paolo Abeni, syzkaller-bugs, Cong Wang
Or maybe syzbot got its way into this path only recently.
syzbot
May 12, 2022, 9:13:09 PM5/12/22
to da...@davemloft.net, edum...@google.com, gelian...@suse.com, j...@mojatatu.com, ji...@resnulli.us, ku...@kernel.org, linux-...@vger.kernel.org, mathew.j....@linux.intel.com, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, xiyou.w...@gmail.com
syzbot has bisected this issue to:
Date: Tue May 10 14:57:34 2022 +0000
net/sched: act_pedit: really ensure the skb is writable
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=158d3969f00000
start commit: 810c2f0a3f86 mlxsw: Avoid warning during ip6gre device rem..
git tree: net
final oops: https://syzkaller.appspot.com/x/report.txt?x=178d3969f00000
console output: https://syzkaller.appspot.com/x/log.txt?x=138d3969f00000
Fixes: 8b796475fd78 ("net/sched: act_pedit: really ensure the skb is writable")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Date: Tue May 10 14:57:34 2022 +0000
net/sched: act_pedit: really ensure the skb is writable
start commit: 810c2f0a3f86 mlxsw: Avoid warning during ip6gre device rem..
git tree: net
final oops: https://syzkaller.appspot.com/x/report.txt?x=178d3969f00000
console output: https://syzkaller.appspot.com/x/log.txt?x=138d3969f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=331feb185f8828e0
dashboard link: https://syzkaller.appspot.com/bug?extid=8ed8fc4c57e9dcf23ca6
dashboard link: https://syzkaller.appspot.com/bug?extid=8ed8fc4c57e9dcf23ca6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=104e9749f00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15f913b9f00000
Reported-by: syzbot+8ed8fc...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15f913b9f00000
Fixes: 8b796475fd78 ("net/sched: act_pedit: really ensure the skb is writable")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Paolo Abeni
May 13, 2022, 4:14:08 AM5/13/22
to syzbot, syzkall...@googlegroups.com
---
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 0eaaf1f45de1..e444840ff45a 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -232,6 +232,10 @@ static int tcf_pedit_init(struct net *net, struct nlattr *nla,
for (i = 0; i < p->tcfp_nkeys; ++i) {
u32 cur = p->tcfp_keys[i].off;
+ /* sanitize the shift value for any later use */
+ p->tcfp_keys[i].shift = max_t(size_t, BITS_PER_TYPE(int) - 1,
+ p->tcfp_keys[i].shift);
+
/* The AT option can read a single byte, we can bound the actual
* value with uchar max.
*/
syzbot
May 13, 2022, 4:24:09 AM5/13/22
to pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: shift-out-of-bounds in tcf_pedit_init
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
================================================================================
UBSAN: shift-out-of-bounds in net/sched/act_pedit.c:242:43
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3a5108d168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f3a4ff9bf60 RCX: 00007f3a4fe890e9
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcf4e0fa5f R14: 00007f3a5108d300 R15: 0000000000022000
</TASK>
================================================================================
Tested on:
commit: f3f19f93 Merge tag 'net-5.18-rc7' of git://git.kernel...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1765fd76f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=79caa0035f59d385
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: shift-out-of-bounds in tcf_pedit_init
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
================================================================================
UBSAN: shift-out-of-bounds in net/sched/act_pedit.c:242:43
shift exponent 1400735974 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 4085 Comm: syz-executor.0 Not tainted 5.18.0-rc6-syzkaller-00085-gf3f19f939c11-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
tcf_pedit_init.cold+0x1a/0x1f net/sched/act_pedit.c:242
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
tcf_action_init_1+0x414/0x690 net/sched/act_api.c:1367
tcf_action_init+0x530/0x8d0 net/sched/act_api.c:1432
tcf_action_add+0xf9/0x480 net/sched/act_api.c:1956
tc_ctl_action+0x346/0x470 net/sched/act_api.c:2015
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5993
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x6e2/0x800 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2496
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f3a4fe890e9
tcf_action_init+0x530/0x8d0 net/sched/act_api.c:1432
tcf_action_add+0xf9/0x480 net/sched/act_api.c:1956
tc_ctl_action+0x346/0x470 net/sched/act_api.c:2015
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5993
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x6e2/0x800 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2496
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3a5108d168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f3a4ff9bf60 RCX: 00007f3a4fe890e9
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00007f3a4fee308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcf4e0fa5f R14: 00007f3a5108d300 R15: 0000000000022000
</TASK>
================================================================================
Tested on:
commit: f3f19f93 Merge tag 'net-5.18-rc7' of git://git.kernel...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=1765fd76f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=79caa0035f59d385
dashboard link: https://syzkaller.appspot.com/bug?extid=8ed8fc4c57e9dcf23ca6
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=129714c9f00000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Paolo Abeni
May 13, 2022, 4:52:01 AM5/13/22
to syzbot, syzkall...@googlegroups.com
On Thu, 2022-05-12 at 14:18 -0700, syzbot wrote:
---
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 0eaaf1f45de1..211c757bfc3c 100644
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -232,6 +232,10 @@ static int tcf_pedit_init(struct net *net, struct nlattr *nla,
for (i = 0; i < p->tcfp_nkeys; ++i) {
u32 cur = p->tcfp_keys[i].off;
+ /* sanitize the shift value for any later use */
+ p->tcfp_keys[i].shift = min_t(size_t, BITS_PER_TYPE(int) - 1,
+++ b/net/sched/act_pedit.c
@@ -232,6 +232,10 @@ static int tcf_pedit_init(struct net *net, struct nlattr *nla,
for (i = 0; i < p->tcfp_nkeys; ++i) {
u32 cur = p->tcfp_keys[i].off;
+ /* sanitize the shift value for any later use */
syzbot
May 13, 2022, 5:08:11 AM5/13/22
to pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+8ed8fc...@syzkaller.appspotmail.com
Tested on:
commit: f3f19f93 Merge tag 'net-5.18-rc7' of git://git.kernel...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=79caa0035f59d385
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+8ed8fc...@syzkaller.appspotmail.com
Tested on:
commit: f3f19f93 Merge tag 'net-5.18-rc7' of git://git.kernel...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master
dashboard link: https://syzkaller.appspot.com/bug?extid=8ed8fc4c57e9dcf23ca6
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=15f08769f00000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
Paolo Abeni
May 13, 2022, 5:36:13 AM5/13/22
to Eric Dumazet, Jakub Kicinski, syzbot, David Miller, Jamal Hadi Salim, Jiri Pirko, LKML, netdev, syzkaller-bugs, Cong Wang
syzbot was unable to catch it before such commit because is much harder
to achive complete coverage of the data path, I think.
I've sent a patch, thanks for the report.
Paolo
Reply all
Reply to author
Forward
0 new messages