Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3622128rwb; Sun, 25 Sep 2022 09:34:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7yOfjDzYBXoJU5JI8uQwBvrK17ABc+4yZTVy39ttS3qyDA6b+Qyac3+smpDHmYqT7Diaz4 X-Received: by 2002:a17:907:6e1e:b0:782:161b:3403 with SMTP id sd30-20020a1709076e1e00b00782161b3403mr15362077ejc.519.1664123670833; Sun, 25 Sep 2022 09:34:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664123670; cv=none; d=google.com; s=arc-20160816; b=xTWvXVbIN8gVZVlg5P6yB3TizW1H5wU4KWB8/AxGPInNZJnUFcli7R749sstMRo0h6 WoHv2+/waivk+/FRvSslOmHgb+etUVm8irAtx9Rsv/ntM+oCDQw9DRhwD6vvT2cY3xyJ I2Ngm+VuT1qNxbLabc7iGiOl4hWQMUGzPRCaJ8MJ7tmfJvwMamauM80flypDTPmuOnAa uNWHNZLq+kPOcdrneudE57+suQ+xASb3GP6Gq5zzgCWU/+3YbQvgBMQELb8gEO4PlWJf pe79BfPa1/2k2HlecURYid5jWSLOaTcj04t+3+32y+rf65qDPYQ4a8EPfLryT531DEOk x8FA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=1+BfOKXcpoEaGQk95c12dhY+fN+OE2AYcMztraFwAsk=; b=JcbTusGDSY6T5OuWB8q/ZPzyZ/hZxs0Fx/jY2Y816NNpSjOQxKF+l6lir7wtByfgco XvtkYJ1CiJX7vE8XHLqMcT9yOosFaC0VXtrW74Uj0V82HbS8tIM2pSNyiH6KJsYx8y43 HAgy3iW+RiuW8BEwn8X/lSecwyb87arae6NKquFRQuITZsw64wEQOZjYKb+SM0HDd/5f vAO6QKW21ifLC6ezLxGuIWVeBoDQBAwok/KlzNkAXy1PqpXqiQMkrWMokd2UxX2RydrJ zXib0FeBPontN9I2zZhf7qOJmuJaRR6YN7/b0ZBK5weVDbSqR3fjCJvuwc/riiunPWpN r69w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=wN5BooiQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dc4-20020a170906c7c400b0076daf135b26si11354640ejb.791.2022.09.25.09.34.05; Sun, 25 Sep 2022 09:34:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=wN5BooiQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232671AbiIYQPC (ORCPT + 99 others); Sun, 25 Sep 2022 12:15:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231390AbiIYQO5 (ORCPT ); Sun, 25 Sep 2022 12:14:57 -0400 Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1B0313DCD for ; Sun, 25 Sep 2022 09:14:56 -0700 (PDT) Received: by mail-ot1-x32f.google.com with SMTP id cm7-20020a056830650700b006587fe87d1aso3085411otb.10 for ; Sun, 25 Sep 2022 09:14:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=1+BfOKXcpoEaGQk95c12dhY+fN+OE2AYcMztraFwAsk=; b=wN5BooiQD42vU5abO3Jq07KAmsf1rSR14pJwwXBN1+rqeVXkc39LSPV1IoDASB+HG9 0ScbzPo/v1IaxSlEdursT1K0f2gmE6WHmaakYwTm3K6iK2SG8bWzFSaYTVIAtJZrGuGZ xlCPh8ugqU7AdWT52/JTgWfbKjc1Tefn/a4rHdyz7lWpE0yF6XEnNyL3l82CeyDqZH5J dvUg8IHGVmKF4p+XS2JK3Bw0ZjuceM8e1MKBkavleTzKwLeCiNKz1Z9CbsTnhkVFm8tR 5Xh/STAwQ4P7K5ZEUTWtL4tDlzVZaf/7BOSXSM5srPtDGxKg6jKmUsH3Mr5d53inXDXW xpjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=1+BfOKXcpoEaGQk95c12dhY+fN+OE2AYcMztraFwAsk=; b=Glr8pNm36CssuSsRbVVoNgn63yEXlH7I3WnRk9WmRCkJ96Juqr6d9+1BLY6AhFNkyd V4UAwjSAufUYfvZN4Wr1/yiGH0slyfl800NEnbpite3Xf4NEg1wrfLZsFH1gpBdI17xz NACvwl3HFONLEcE2UO2N1tACR17u0zv4iV+sVDVZHkophWIqANcfeT7MFPygGWm+gXRT PqfyQ6V9e14uIr3im4RcBXXjS98p8Aw/CzyhASoEWOOP0mO0/FS+EYv8BTxG8tArJYgt 8188XTRsC7xibFR9bafPAIOqeEd/+YuRhuZkgk9LE68RMJf6xYub5YP43oTPpDju3Gfc XtPQ== X-Gm-Message-State: ACrzQf054O60Pdlzces+r66Yx1NBd325OxiLSl16zJ0CEvOOAhyOmxDl alpCs0xvzlwEmTKBCVK6UOyHuNe4zGJGGKhFKi30Yg== X-Received: by 2002:a9d:2a7:0:b0:65a:c6a3:1d0e with SMTP id 36-20020a9d02a7000000b0065ac6a31d0emr8377812otl.223.1664122496283; Sun, 25 Sep 2022 09:14:56 -0700 (PDT) MIME-Version: 1.0 References: <000000000000a96c0b05e97f0444@google.com> In-Reply-To: From: Jamal Hadi Salim Date: Sun, 25 Sep 2022 12:14:44 -0400 Message-ID: Subject: Re: [syzbot] WARNING in u32_change To: syzbot Cc: davem@davemloft.net, edumazet@google.com, jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com, xiyou.wangcong@gmail.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SORTED_RECIPS,SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Sep 25, 2022 at 11:38 AM Jamal Hadi Salim wrote: > > Is there a way to tell the boat "looking into it?" I guess I have to swim across to it to get the message;-> I couldnt see the warning message but it is obvious by inspection that the memcpy is broken. We should add more test coverage. This should fix it. Will send a formal patch later: diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c index 4d27300c2..591cbbf27 100644 --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c @@ -1019,7 +1019,7 @@ static int u32_change(struct net *net, struct sk_buff *in_skb, } s = nla_data(tb[TCA_U32_SEL]); - sel_size = struct_size(s, keys, s->nkeys); + sel_size = struct_size(s, keys, s->nkeys) + sizeof(n->sel); if (nla_len(tb[TCA_U32_SEL]) < sel_size) { err = -EINVAL; goto erridr;