Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp164466rdh; Mon, 18 Dec 2023 15:17:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IG9dP7EnKpTPybMhfqPs6uDFwitIMiQD/0qsYEVlLCM6wJz/z/hUQh1uDxoe4x5pmzmRSuo X-Received: by 2002:a05:620a:1478:b0:77e:fba3:939e with SMTP id j24-20020a05620a147800b0077efba3939emr19552721qkl.128.1702941439654; Mon, 18 Dec 2023 15:17:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702941439; cv=none; d=google.com; s=arc-20160816; b=HEwyJpwGMEhXenv+L+Qnq2inc3NU8KksibYXhqAqxVmf16D+lwYrdevhoCWQ5l2hUc K4t5C4As1lrv+7yMu8Xr0hqYD0i/iStT6//4PY+RGPiNEUvVl8htIx2O7E4AEF6xXVMr eerzUfasdmDxFMM936WWEb9p47V8Ck1LXI94Qiuq/QR2BEsSB8nb1CWMCZf0P1GmtxJQ GVmGJnm3TjtQ2W/WZmxNxhnzPdrPo8iXGLyr4p6pgA/fOeRUgY/UrucGnFfKOJIUWaw+ OIDiS619tzmpVldga90KMvmLPwh7KBOg5Mssh9V9w7/XcHqcLP4asFz2ycgWDvEXY4Yh InGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=J4EpGHhpp54/W8cBrZrNxj5aKwaIdw0Nb2h3kjJ6oho=; fh=EZOnrMYcAbEByZzcngnAjUvHKXfbxdBX/hnLVZ+QS8A=; b=QJe6xUVU7TJF/9xcKtNQJ3rJaDPr4Hp5zjw2ji6POTabANCpWFtFTuQbw9+Mvc/yMH Jdbwf6XtdO6WO6gCiupjl4HtZnoYwOawNtbGHiFDEDVj9KAXNfMXOFIvF6Lrir8AVh8+ IADfyvecKOSJ+0oAoIbwv3I3nLXvzyqb4dRAGHfoZoxsXjmGCvSk+gvI8Re2Fg4dQyg3 Lq5votMRhythKFgcgmXoR8Tt49oecPfcBi20l41jMt4F6aYBDfCCGfqMXOhe/PTTcFM3 KaPR+hfbE+tPMt4lk8afRJLofvBmiom8lWzUYCGq1U5eJvAj3XnoV1CrKGuIjdd+PdtR eKzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=D2cOYxYI; spf=pass (google.com: domain of linux-kernel+bounces-4473-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4473-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id dz14-20020a05620a2b8e00b00779d0a62e5fsi26968317qkb.660.2023.12.18.15.17.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Dec 2023 15:17:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-4473-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=D2cOYxYI; spf=pass (google.com: domain of linux-kernel+bounces-4473-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4473-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 4F1C31C21A4C for ; Mon, 18 Dec 2023 23:17:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 74BAF760BB; Mon, 18 Dec 2023 23:17:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="D2cOYxYI" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 986454C3B2; Mon, 18 Dec 2023 23:17:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 20E4EC433C7; Mon, 18 Dec 2023 23:17:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702941427; bh=9NPpjjGdr4FE4YAQV7We+AqNV5E8KFdD9TC+YKaSMKI=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=D2cOYxYI0Uml5DbWzJUXd9jVYt/t2IKdKso8LEzlLzZMiuLlLbf44z9Nh2TTZpCHv bvLaDGnfAsBuExWqTFTTXQ20QaP+SakFMmIOSZ1IkYo6ahCBWIKIOkt5Pya0ywtk3C 6MdOw2Vp9RlKGHR47pdTLlCdAMl18AEMRR9b72Qv+sd5a8dQeMKi4eS7uPHnhNfJ0O N5iRoZ2goQPyWIdPJLX346liF4Ykf9mhHe4nrTTpNttz7wVktYvIRJy9Ow1dVWyOXW v4PIgRnzoebcyokOHEber5wV40H5saplrV4/jY3I3jpPGS4qcw1CAW5DkXgw6F+p63 7MTUqm2RLjvIQ== Date: Mon, 18 Dec 2023 15:17:05 -0800 From: Jakub Kicinski To: syzbot Cc: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, davem@davemloft.net, edumazet@google.com, haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org, keescook@chromium.org, kpsingh@kernel.org, linux-kernel@vger.kernel.org, martin.lau@linux.dev, netdev@vger.kernel.org, pabeni@redhat.com, sdf@google.com, song@kernel.org, syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev Subject: Re: [syzbot] [bpf?] [net?] KASAN: slab-use-after-free Read in nla_find Message-ID: <20231218151705.7861913d@kernel.org> In-Reply-To: <000000000000cdad2b060cc9c542@google.com> References: <000000000000cdad2b060cc9c542@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 18 Dec 2023 06:43:26 -0800 syzbot wrote: > __dump_stack lib/dump_stack.c:88 [inline] > dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 > print_address_description mm/kasan/report.c:364 [inline] > print_report+0xc4/0x620 mm/kasan/report.c:475 > kasan_report+0xda/0x110 mm/kasan/report.c:588 > nla_ok include/net/netlink.h:1230 [inline] > nla_find+0x120/0x130 lib/nlattr.c:746 > nla_find_nested include/net/netlink.h:1260 [inline] > ____bpf_skb_get_nlattr_nest net/core/filter.c:209 [inline] This needs nla_ok() instead of playing with nla_len directly. Will send a fix soon..