syzbot

 sign-in | mailing list | source | docs
🐞 Open [1546]
Subsystems
🐞 Fixed [6205]
🐞 Invalid [15604]
Missing Backports [182]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: global-out-of-bounds Read in __hw_addr_add_ex (2)

Status: upstream: reported C repro on 2024/11/27 21:55
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+a29a4fe94b1560756f7d@syzkaller.appspotmail.com
First crash: 193d, last: 25d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] KASAN: global-out-of-bounds Read in __hw_addr_add_ex (2) 0 (1) 2024/11/27 21:55
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __hw_addr_add_ex net 580 604d 888d 0/28 auto-obsoleted due to no activity on 2023/11/07 04:36
upstream KASAN: global-out-of-bounds Read in __hw_addr_add_ex net 193 266d 325d 0/28 auto-obsoleted due to no activity on 2024/10/10 19:31
Last patch testing requests (3)
Created Duration User Patch Repo Result
2025/04/13 18:46 37m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes error
2025/04/13 18:46 1h57m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes error
2024/12/22 20:21 44m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes report log

Sample crash report:
==================================================================
BUG: KASAN: global-out-of-bounds in memcmp+0xc0/0xca lib/string.c:687
Read of size 1 at addr ffffffff89804b80 by task syz-executor359/3197

CPU: 1 UID: 0 PID: 3197 Comm: syz-executor359 Not tainted 6.14.0-rc1-syzkaller-g2014c95afece #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80072526>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:132
[<ffffffff80003206>] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:138
[<ffffffff8005e0c4>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff8005e0c4>] dump_stack_lvl+0x12e/0x1a6 lib/dump_stack.c:120
[<ffffffff8000d4ec>] print_address_description mm/kasan/report.c:378 [inline]
[<ffffffff8000d4ec>] print_report+0x28e/0x5aa mm/kasan/report.c:489
[<ffffffff80a2372a>] kasan_report+0xf0/0x214 mm/kasan/report.c:602
[<ffffffff80a25518>] __asan_report_load1_noabort+0x12/0x1a mm/kasan/report_generic.c:378
[<ffffffff86185948>] memcmp+0xc0/0xca lib/string.c:687
[<ffffffff84f21c1e>] __hw_addr_add_ex+0xee/0x676 net/core/dev_addr_lists.c:88
[<ffffffff84f23e64>] __dev_mc_add net/core/dev_addr_lists.c:868 [inline]
[<ffffffff84f23e64>] dev_mc_add+0xac/0x108 net/core/dev_addr_lists.c:886
[<ffffffff850c97b8>] mrp_init_applicant+0xe8/0x56e net/802/mrp.c:873
[<ffffffff85ce9f0e>] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57
[<ffffffff85cdffbe>] register_vlan_dev+0x1b4/0x922 net/8021q/vlan.c:170
[<ffffffff85ce85d6>] vlan_newlink+0x3ca/0x5fa net/8021q/vlan_netlink.c:191
[<ffffffff84f5977a>] rtnl_newlink_create net/core/rtnetlink.c:3795 [inline]
[<ffffffff84f5977a>] __rtnl_newlink net/core/rtnetlink.c:3906 [inline]
[<ffffffff84f5977a>] rtnl_newlink+0xbb4/0x1acc net/core/rtnetlink.c:4021
[<ffffffff84f5c4aa>] rtnetlink_rcv_msg+0x9e2/0xdbe net/core/rtnetlink.c:6911
[<ffffffff852a21dc>] netlink_rcv_skb+0x216/0x3dc net/netlink/af_netlink.c:2543
[<ffffffff84f4a1f0>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6938
[<ffffffff852a0490>] netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
[<ffffffff852a0490>] netlink_unicast+0x4f0/0x82c net/netlink/af_netlink.c:1348
[<ffffffff852a1030>] netlink_sendmsg+0x864/0xdc6 net/netlink/af_netlink.c:1892
[<ffffffff84e3f9e2>] sock_sendmsg_nosec net/socket.c:713 [inline]
[<ffffffff84e3f9e2>] __sock_sendmsg+0xcc/0x160 net/socket.c:728
[<ffffffff84e405ee>] ____sys_sendmsg+0x5ce/0x79e net/socket.c:2568
[<ffffffff84e49160>] ___sys_sendmsg+0x144/0x1e6 net/socket.c:2622
[<ffffffff84e49f16>] __sys_sendmsg+0x188/0x22a net/socket.c:2654
[<ffffffff84e4a028>] __do_sys_sendmsg net/socket.c:2659 [inline]
[<ffffffff84e4a028>] __se_sys_sendmsg net/socket.c:2657 [inline]
[<ffffffff84e4a028>] __riscv_sys_sendmsg+0x70/0xa2 net/socket.c:2657
[<ffffffff80070b2c>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff861aecda>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff861d41ea>] handle_exception+0x146/0x152 arch/riscv/kernel/entry.S:197

The buggy address belongs to the variable:
 vlan_mrp_app+0x60/0x3e80

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89a04
flags: 0xffe000000002000(reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000002000 ff1c000000268108 ff1c000000268108 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff89804a80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89804b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89804b80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
                   ^
 ffffffff89804c00: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
 ffffffff89804c80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (461):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/10 10:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 2014c95afece ef44b750 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/10/28 01:58 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 5f153a692bac 65e8686b .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/30 18:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d d3999433 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/30 14:35 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d d3999433 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/30 12:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d d3999433 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/25 19:25 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 875573af .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/25 15:21 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 875573af .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/25 13:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 875573af .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/25 10:52 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 875573af .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/25 01:17 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 875573af .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/25 00:08 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 875573af .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/24 19:36 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 875573af .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/23 22:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 4e8d3850 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/22 23:00 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d c6512ef7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/22 23:00 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d c6512ef7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/22 21:01 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d c6512ef7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/22 13:30 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d c6512ef7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/21 14:28 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 62330552 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/21 07:08 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 62330552 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/20 20:51 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 62330552 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/20 19:17 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 62330552 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/16 18:53 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/16 16:02 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/16 11:47 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/16 09:11 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/15 21:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/15 20:40 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/15 16:58 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/15 15:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/15 10:01 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/15 08:28 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/14 17:21 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d e2826670 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/11 15:23 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/11 11:12 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/11 05:47 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/11 01:37 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/10 18:12 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/10 16:24 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/10 06:44 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/10 01:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/09 13:57 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 163f510d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/08 19:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 7e3bd60d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/08 19:47 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 7e3bd60d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2025/03/08 16:11 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 245aece3750d 7e3bd60d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/25 02:25 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
* Struck through repros no longer work on HEAD.