syzbot

 sign-in | mailing list | source | docs
🐞 Open [1567]
Subsystems
🐞 Fixed [5936]
🐞 Invalid [14430]
Missing Backports [102]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: global-out-of-bounds Read in __hw_addr_add_ex

Status: auto-obsoleted due to no activity on 2024/10/10 19:31
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+91161fe81857b396c8a0@syzkaller.appspotmail.com
First crash: 204d, last: 141d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] KASAN: global-out-of-bounds Read in __hw_addr_add_ex 0 (1) 2024/06/03 20:10
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: global-out-of-bounds Read in __hw_addr_add_ex (2) net C 113 12d 23d 0/28 upstream: reported C repro on 2024/11/27 21:55
upstream KMSAN: uninit-value in __hw_addr_add_ex net 580 480d 763d 0/28 auto-obsoleted due to no activity on 2023/11/07 04:36

Sample crash report:
==================================================================
BUG: KASAN: global-out-of-bounds in memcmp+0xc0/0xca lib/string.c:676
Read of size 1 at addr ffffffff89309b00 by task syz.0.124/4210

CPU: 0 PID: 4210 Comm: syz.0.124 Not tainted 6.10.0-rc6-syzkaller-gc562ba719df5 #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000f6fc>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85df2034>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85e4d502>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff85e4d502>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:114
[<ffffffff85dfc3a4>] print_address_description mm/kasan/report.c:377 [inline]
[<ffffffff85dfc3a4>] print_report+0x288/0x596 mm/kasan/report.c:488
[<ffffffff8091ece8>] kasan_report+0xec/0x118 mm/kasan/report.c:601
[<ffffffff80920b32>] __asan_report_load1_noabort+0x12/0x1a mm/kasan/report_generic.c:378
[<ffffffff85dc8ef2>] memcmp+0xc0/0xca lib/string.c:676
[<ffffffff84be6a9a>] __hw_addr_add_ex+0xee/0x676 net/core/dev_addr_lists.c:88
[<ffffffff84be9a9a>] __dev_mc_add net/core/dev_addr_lists.c:867 [inline]
[<ffffffff84be9a9a>] dev_mc_add+0xac/0x108 net/core/dev_addr_lists.c:885
[<ffffffff84d7bf36>] mrp_init_applicant+0xe8/0x56e net/802/mrp.c:873
[<ffffffff85950a8a>] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57
[<ffffffff85946d62>] register_vlan_dev+0x1b4/0x922 net/8021q/vlan.c:170
[<ffffffff85947a1e>] register_vlan_device net/8021q/vlan.c:277 [inline]
[<ffffffff85947a1e>] vlan_ioctl_handler+0x54e/0x956 net/8021q/vlan.c:621
[<ffffffff84b1939e>] sock_ioctl+0x1f6/0x61a net/socket.c:1305
[<ffffffff80a0eee8>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff80a0eee8>] __do_sys_ioctl fs/ioctl.c:907 [inline]
[<ffffffff80a0eee8>] __se_sys_ioctl fs/ioctl.c:893 [inline]
[<ffffffff80a0eee8>] __riscv_sys_ioctl+0x186/0x1d6 fs/ioctl.c:893
[<ffffffff8000e204>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85e4f7bc>] do_trap_ecall_u+0x14c/0x214 arch/riscv/kernel/traps.c:330
[<ffffffff85e7296c>] ret_from_exception+0x0/0x64 arch/riscv/kernel/entry.S:112

The buggy address belongs to the variable:
 vlan_mrp_app+0x60/0x3e80

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89509
flags: 0xffe000000002000(reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000002000 ff1c000000254248 ff1c000000254248 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff89309a00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89309a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89309b00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
                   ^
 ffffffff89309b80: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
 ffffffff89309c00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (193):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/01 19:30 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 1e9c4cf3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/28 16:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 46eb10b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/28 15:54 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 46eb10b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/28 15:33 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 46eb10b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/28 09:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 46eb10b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/28 06:50 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 46eb10b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/28 05:42 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 46eb10b7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/22 05:16 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 b88348e9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/22 04:49 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 b88348e9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/22 03:06 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 b88348e9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/21 13:04 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 b88348e9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/21 12:17 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 b88348e9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/21 04:31 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 b88348e9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/14 15:30 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/14 13:04 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/13 15:38 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/13 14:52 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/13 11:20 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/13 08:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/13 04:12 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/13 02:58 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/12 18:35 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/12 18:15 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/12 16:54 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 eaeb5c15 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/08 04:58 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 bc4ebbb5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/08 02:07 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 bc4ebbb5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/08 01:54 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 bc4ebbb5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/08 00:45 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 bc4ebbb5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/07 15:27 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes c562ba719df5 bc4ebbb5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/07/01 07:09 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/30 20:23 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/30 19:59 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/30 13:32 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/30 11:14 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/30 03:50 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/29 20:39 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/29 17:49 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/29 14:15 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes cc2c169e34b4 757f06b1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/24 11:05 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 83a7eefedc9b edc5149a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/24 04:38 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 83a7eefedc9b edc5149a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/24 04:37 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 83a7eefedc9b edc5149a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/23 07:52 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 83a7eefedc9b edc5149a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/23 07:52 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 83a7eefedc9b edc5149a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/23 07:41 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 83a7eefedc9b edc5149a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/06/02 14:38 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 7932b172ac7e 3113787f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/05/30 20:01 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 1613e604df0c 34889ee3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
* Struck through repros no longer work on HEAD.