Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3622128rwb;
        Sun, 25 Sep 2022 09:34:31 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7yOfjDzYBXoJU5JI8uQwBvrK17ABc+4yZTVy39ttS3qyDA6b+Qyac3+smpDHmYqT7Diaz4
X-Received: by 2002:a17:907:6e1e:b0:782:161b:3403 with SMTP id sd30-20020a1709076e1e00b00782161b3403mr15362077ejc.519.1664123670833;
        Sun, 25 Sep 2022 09:34:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1664123670; cv=none;
        d=google.com; s=arc-20160816;
        b=xTWvXVbIN8gVZVlg5P6yB3TizW1H5wU4KWB8/AxGPInNZJnUFcli7R749sstMRo0h6
         WoHv2+/waivk+/FRvSslOmHgb+etUVm8irAtx9Rsv/ntM+oCDQw9DRhwD6vvT2cY3xyJ
         I2Ngm+VuT1qNxbLabc7iGiOl4hWQMUGzPRCaJ8MJ7tmfJvwMamauM80flypDTPmuOnAa
         uNWHNZLq+kPOcdrneudE57+suQ+xASb3GP6Gq5zzgCWU/+3YbQvgBMQELb8gEO4PlWJf
         pe79BfPa1/2k2HlecURYid5jWSLOaTcj04t+3+32y+rf65qDPYQ4a8EPfLryT531DEOk
         x8FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=1+BfOKXcpoEaGQk95c12dhY+fN+OE2AYcMztraFwAsk=;
        b=JcbTusGDSY6T5OuWB8q/ZPzyZ/hZxs0Fx/jY2Y816NNpSjOQxKF+l6lir7wtByfgco
         XvtkYJ1CiJX7vE8XHLqMcT9yOosFaC0VXtrW74Uj0V82HbS8tIM2pSNyiH6KJsYx8y43
         HAgy3iW+RiuW8BEwn8X/lSecwyb87arae6NKquFRQuITZsw64wEQOZjYKb+SM0HDd/5f
         vAO6QKW21ifLC6ezLxGuIWVeBoDQBAwok/KlzNkAXy1PqpXqiQMkrWMokd2UxX2RydrJ
         zXib0FeBPontN9I2zZhf7qOJmuJaRR6YN7/b0ZBK5weVDbSqR3fjCJvuwc/riiunPWpN
         r69w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=wN5BooiQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id dc4-20020a170906c7c400b0076daf135b26si11354640ejb.791.2022.09.25.09.34.05;
        Sun, 25 Sep 2022 09:34:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=wN5BooiQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232671AbiIYQPC (ORCPT <rfc822;android.linux@gmail.com>
        + 99 others); Sun, 25 Sep 2022 12:15:02 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34872 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231390AbiIYQO5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 25 Sep 2022 12:14:57 -0400
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1B0313DCD
        for <linux-kernel@vger.kernel.org>; Sun, 25 Sep 2022 09:14:56 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id cm7-20020a056830650700b006587fe87d1aso3085411otb.10
        for <linux-kernel@vger.kernel.org>; Sun, 25 Sep 2022 09:14:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=mojatatu-com.20210112.gappssmtp.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date;
        bh=1+BfOKXcpoEaGQk95c12dhY+fN+OE2AYcMztraFwAsk=;
        b=wN5BooiQD42vU5abO3Jq07KAmsf1rSR14pJwwXBN1+rqeVXkc39LSPV1IoDASB+HG9
         0ScbzPo/v1IaxSlEdursT1K0f2gmE6WHmaakYwTm3K6iK2SG8bWzFSaYTVIAtJZrGuGZ
         xlCPh8ugqU7AdWT52/JTgWfbKjc1Tefn/a4rHdyz7lWpE0yF6XEnNyL3l82CeyDqZH5J
         dvUg8IHGVmKF4p+XS2JK3Bw0ZjuceM8e1MKBkavleTzKwLeCiNKz1Z9CbsTnhkVFm8tR
         5Xh/STAwQ4P7K5ZEUTWtL4tDlzVZaf/7BOSXSM5srPtDGxKg6jKmUsH3Mr5d53inXDXW
         xpjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date;
        bh=1+BfOKXcpoEaGQk95c12dhY+fN+OE2AYcMztraFwAsk=;
        b=Glr8pNm36CssuSsRbVVoNgn63yEXlH7I3WnRk9WmRCkJ96Juqr6d9+1BLY6AhFNkyd
         V4UAwjSAufUYfvZN4Wr1/yiGH0slyfl800NEnbpite3Xf4NEg1wrfLZsFH1gpBdI17xz
         NACvwl3HFONLEcE2UO2N1tACR17u0zv4iV+sVDVZHkophWIqANcfeT7MFPygGWm+gXRT
         PqfyQ6V9e14uIr3im4RcBXXjS98p8Aw/CzyhASoEWOOP0mO0/FS+EYv8BTxG8tArJYgt
         8188XTRsC7xibFR9bafPAIOqeEd/+YuRhuZkgk9LE68RMJf6xYub5YP43oTPpDju3Gfc
         XtPQ==
X-Gm-Message-State: ACrzQf054O60Pdlzces+r66Yx1NBd325OxiLSl16zJ0CEvOOAhyOmxDl
        alpCs0xvzlwEmTKBCVK6UOyHuNe4zGJGGKhFKi30Yg==
X-Received: by 2002:a9d:2a7:0:b0:65a:c6a3:1d0e with SMTP id
 36-20020a9d02a7000000b0065ac6a31d0emr8377812otl.223.1664122496283; Sun, 25
 Sep 2022 09:14:56 -0700 (PDT)
MIME-Version: 1.0
References: <000000000000a96c0b05e97f0444@google.com> <CAM0EoMnJ=STtk5BnZ9oJtnkXY2Q+Px2cKa4gowFRGpp40UNKww@mail.gmail.com>
In-Reply-To: <CAM0EoMnJ=STtk5BnZ9oJtnkXY2Q+Px2cKa4gowFRGpp40UNKww@mail.gmail.com>
From:   Jamal Hadi Salim <jhs@mojatatu.com>
Date:   Sun, 25 Sep 2022 12:14:44 -0400
Message-ID: <CAM0EoMm9uBQQepMb5bda1vR-Okw-tPp2nnf6TvfA0FzPu_D_2A@mail.gmail.com>
Subject: Re: [syzbot] WARNING in u32_change
To:     syzbot <syzbot+a2c4601efc75848ba321@syzkaller.appspotmail.com>
Cc:     davem@davemloft.net, edumazet@google.com, jiri@resnulli.us,
        kuba@kernel.org, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, pabeni@redhat.com,
        syzkaller-bugs@googlegroups.com, xiyou.wangcong@gmail.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,RCVD_IN_DNSWL_NONE,SORTED_RECIPS,SPF_HELO_NONE,SPF_NONE
        autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Sep 25, 2022 at 11:38 AM Jamal Hadi Salim <jhs@mojatatu.com> wrote:
>
> Is there a way to tell the boat "looking into it?"


I guess I have to swim across to it to get the message;->

I couldnt see the warning message  but it is obvious by inspection that
the memcpy is broken. We should add more test coverage.
This should fix it. Will send a formal patch later:

diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 4d27300c2..591cbbf27 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -1019,7 +1019,7 @@ static int u32_change(struct net *net, struct
sk_buff *in_skb,
        }

        s = nla_data(tb[TCA_U32_SEL]);
-       sel_size = struct_size(s, keys, s->nkeys);
+       sel_size = struct_size(s, keys, s->nkeys) + sizeof(n->sel);
        if (nla_len(tb[TCA_U32_SEL]) < sel_size) {
                err = -EINVAL;
                goto erridr;