Received: by 2002:a05:7412:8d09:b0:fa:4c10:6cad with SMTP id bj9csp385980rdb; Tue, 16 Jan 2024 03:34:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IEHXItc1ItLiS58oXOnEmp0AieB881o/On1F93NUPcJL9zG/+MPbrki8+q8f5oxbxrwRxBL X-Received: by 2002:a05:6870:88a9:b0:204:5aa9:b1b8 with SMTP id m41-20020a05687088a900b002045aa9b1b8mr9274274oam.88.1705404899299; Tue, 16 Jan 2024 03:34:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705404899; cv=none; d=google.com; s=arc-20160816; b=wRIBk6exFVNbxtiauJ3pt03oIMvdAw61P/xfZXf3UkIYgH0Bd6lmiFSjyyVfpjMXbK KgYdAFSMlUR4FfwWYZWV/9VmuTbMWOmO9F2/kWv9fZWzePN6eeXdIkmiyf0nUysmN5ou r1jzdF4Cyy+qA7GMpsaWUD6MgCNWUmIYPKEnxVRtd/eIqzeNDDiqR+Er5WN+dpeBJcwU qhEpUEJfMMF5WuT/DCNR8yLmeo0p0+0eo9jo11WXfP+Ft72/YwPCvIdywYbDAXeQzBFu f8SnDww/1WJTmC2ytX5VVUiKW7VhPv8MT+qW01uwdvgosHm0wKqTsEFGsAKGGi8UVTxS yYoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=NuyXaomLnhEd02fhQngHzkFUehcz2QVflU78uDkOi30=; fh=KJHWuA4LG/t/4KTo7CJCYZIv21Hbsq4LuP7qeWniKX4=; b=fjzvXfDgPQy5bZU4FHgD/XxM+UlXyZ3atEfLxxLmT7Ej39SfqM327/H8mGgvNc2OOQ ULZXhb2qb/t9rPIiOElr0x+xky4aAlBi8uKN73lmPd4X7UamU5/dh4eRwOZv9NhcYBhX FchIZAZqQWwYI8oHV2iVUoTBHOSae6OGRB49tpxqBIKh5OxklVUeOk7aKQViZnn1ziox xm25EdDt1HNcvkZ6/+dbExNbM1P82gCxBbadY21Ob80XSkSrXK3+wuJVv5BXFo6e9HTA 2PlbKg9Wmzf/r3iY3M8j8ay6rRQarFVe4hAmZNeyT1FcMWaBZ2fWw+WOJaeKynde37Vy pAQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-27320-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-27320-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id t8-20020a63dd08000000b005ce9d563445si10493092pgg.594.2024.01.16.03.34.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Jan 2024 03:34:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-27320-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-27320-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-27320-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 29E1F2834D7 for ; Tue, 16 Jan 2024 11:34:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 662BF1B808; Tue, 16 Jan 2024 11:34:53 +0000 (UTC) Received: from mail115-76.sinamail.sina.com.cn (mail115-76.sinamail.sina.com.cn [218.30.115.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B5801B7F3 for ; Tue, 16 Jan 2024 11:34:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([113.118.65.196]) by sina.com (10.75.12.45) with ESMTP id 65A669CA00007314; Tue, 16 Jan 2024 19:34:37 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com Authentication-Results: sina.com; spf=none smtp.mailfrom=hdanton@sina.com; dkim=none header.i=none; dmarc=none action=none header.from=hdanton@sina.com X-SMAIL-MID: 35475331457846 X-SMAIL-UIID: 70886D29B86C41BA9E7105BCE90A56F4-20240116-193437-1 From: Hillf Danton To: syzbot Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [net?] KASAN: slab-out-of-bounds Read in dsa_user_prechangeupper Date: Tue, 16 Jan 2024 19:34:26 +0800 Message-Id: <20240116113426.909-1-hdanton@sina.com> In-Reply-To: <00000000000002faa2060f02e766@google.com> References: <00000000000002faa2060f02e766@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Mon, 15 Jan 2024 13:43:20 -0800 > syzbot found the following issue on: > > HEAD commit: 3e7aeb78ab01 Merge tag 'net-next-6.8' of git://git.kernel... > git tree: upstream > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12995b33e80000 #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master --- x/net/dsa/user.c +++ y/net/dsa/user.c @@ -2865,11 +2865,13 @@ static int dsa_user_changeupper(struct n static int dsa_user_prechangeupper(struct net_device *dev, struct netdev_notifier_changeupper_info *info) { - struct dsa_port *dp = dsa_user_to_port(dev); + struct dsa_port *dp; if (!dsa_user_dev_check(dev)) return NOTIFY_DONE; + dp = dsa_user_to_port(dev); + if (netif_is_bridge_master(info->upper_dev) && !info->linking) dsa_port_pre_bridge_leave(dp, info->upper_dev); else if (netif_is_lag_master(info->upper_dev) && !info->linking) --