syzbot

 sign-in | mailing list | source | docs
🐞 Open [1504]
Subsystems
🐞 Fixed [5885]
🐞 Invalid [14306]
Missing Backports [96]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: global-out-of-bounds Read in __hw_addr_add_ex (2)

Status: upstream: reported C repro on 2024/11/27 21:55
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+a29a4fe94b1560756f7d@syzkaller.appspotmail.com
First crash: 52d, last: 4d19h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] KASAN: global-out-of-bounds Read in __hw_addr_add_ex (2) 0 (1) 2024/11/27 21:55
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in __hw_addr_add_ex net 580 463d 746d 0/28 auto-obsoleted due to no activity on 2023/11/07 04:36
upstream KASAN: global-out-of-bounds Read in __hw_addr_add_ex net 193 124d 183d 0/28 auto-obsoleted due to no activity on 2024/10/10 19:31

Sample crash report:
==================================================================
BUG: KASAN: global-out-of-bounds in memcmp+0xc0/0xca lib/string.c:676
Read of size 1 at addr ffffffff895cb520 by task syz-executor156/3200

CPU: 1 UID: 0 PID: 3200 Comm: syz-executor156 Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85f861e4>] print_address_description mm/kasan/report.c:377 [inline]
[<ffffffff85f861e4>] print_report+0x290/0x5a0 mm/kasan/report.c:488
[<ffffffff80970318>] kasan_report+0xec/0x118 mm/kasan/report.c:601
[<ffffffff8097214e>] __asan_report_load1_noabort+0x12/0x1a mm/kasan/report_generic.c:378
[<ffffffff85f525ae>] memcmp+0xc0/0xca lib/string.c:676
[<ffffffff84d3805e>] __hw_addr_add_ex+0xee/0x676 net/core/dev_addr_lists.c:88
[<ffffffff84d3b06a>] __dev_mc_add net/core/dev_addr_lists.c:867 [inline]
[<ffffffff84d3b06a>] dev_mc_add+0xac/0x108 net/core/dev_addr_lists.c:885
[<ffffffff84edd5e2>] mrp_init_applicant+0xe8/0x56e net/802/mrp.c:873
[<ffffffff85ad13e2>] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57
[<ffffffff85ac7490>] register_vlan_dev+0x1b4/0x922 net/8021q/vlan.c:170
[<ffffffff85acfab0>] vlan_newlink+0x3d2/0x5fc net/8021q/vlan_netlink.c:193
[<ffffffff84d83228>] rtnl_newlink_create net/core/rtnetlink.c:3510 [inline]
[<ffffffff84d83228>] __rtnl_newlink+0xfe2/0x1738 net/core/rtnetlink.c:3730
[<ffffffff84d839ea>] rtnl_newlink+0x6c/0xa2 net/core/rtnetlink.c:3743
[<ffffffff84d7259a>] rtnetlink_rcv_msg+0x428/0xdbe net/core/rtnetlink.c:6646
[<ffffffff850b3e8e>] netlink_rcv_skb+0x216/0x3dc net/netlink/af_netlink.c:2550
[<ffffffff84d6454c>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6664
[<ffffffff850b2140>] netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
[<ffffffff850b2140>] netlink_unicast+0x4f0/0x82c net/netlink/af_netlink.c:1357
[<ffffffff850b2ce0>] netlink_sendmsg+0x864/0xdc6 net/netlink/af_netlink.c:1901
[<ffffffff84c5e82a>] sock_sendmsg_nosec net/socket.c:729 [inline]
[<ffffffff84c5e82a>] __sock_sendmsg+0xcc/0x160 net/socket.c:744
[<ffffffff84c5f436>] ____sys_sendmsg+0x5ce/0x79e net/socket.c:2602
[<ffffffff84c66b4c>] ___sys_sendmsg+0x144/0x1e6 net/socket.c:2656
[<ffffffff84c67624>] __sys_sendmsg+0x130/0x1f0 net/socket.c:2685
[<ffffffff84c67754>] __do_sys_sendmsg net/socket.c:2694 [inline]
[<ffffffff84c67754>] __se_sys_sendmsg net/socket.c:2692 [inline]
[<ffffffff84c67754>] __riscv_sys_sendmsg+0x70/0xa2 net/socket.c:2692
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce

The buggy address belongs to the variable:
 vlan_mrp_app+0x60/0x3e80

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x897cb
flags: 0xffe000000002000(reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000002000 ff1c00000025f2c8 ff1c00000025f2c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff895cb400: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
 ffffffff895cb480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff895cb500: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
                               ^
 ffffffff895cb580: 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9
 ffffffff895cb600: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
==================================================================

Crashes (103):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/28 01:58 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 5f153a692bac 65e8686b .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/29 13:21 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/29 07:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/29 07:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/28 11:37 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/25 10:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/25 08:34 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/25 07:14 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/25 05:27 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/25 03:34 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/25 02:25 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 23:24 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 21:53 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 19:19 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 17:23 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 15:54 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 12:54 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 12:53 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/24 03:10 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/23 17:14 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/23 15:08 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/23 13:51 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/23 08:00 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/23 05:57 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/22 19:24 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/22 16:06 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/22 14:16 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/22 04:04 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/22 02:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/21 18:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/21 12:46 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/21 09:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/20 14:31 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/20 09:27 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/20 00:53 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/19 15:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/19 13:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/19 05:49 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/19 04:25 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/18 23:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/18 19:05 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/18 10:47 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/18 03:11 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/17 17:52 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
2024/11/17 09:41 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 57f7c7dc78cd 4dfba277 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-riscv64 KASAN: global-out-of-bounds Read in __hw_addr_add_ex
* Struck through repros no longer work on HEAD.