syzbot


KASAN: user-memory-access Write in __build_skb_around

Status: closed as invalid on 2022/01/10 10:36
Subsystems: net
[Documentation on labels]
First crash: 838d, last: 837d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Write in __build_skb_around bpf net C error 2536 472d 486d 22/26 fixed on 2023/02/24 13:50
upstream BUG: unable to handle kernel NULL pointer dereference in __build_skb_around bpf net C done 29 374d 379d 22/26 fixed on 2023/06/08 14:41

Sample crash report:
==================================================================
BUG: KASAN: user-memory-access in memset include/linux/fortify-string.h:209 [inline]
BUG: KASAN: user-memory-access in __build_skb_around+0x1ff/0x2f0 net/core/skbuff.c:210
Write of size 32 at addr 00000000fffffed0 by task kworker/0:10/5171

CPU: 0 PID: 5171 Comm: kworker/0:10 Not tainted 5.16.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: mld mld_ifc_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 __kasan_report mm/kasan/report.c:437 [inline]
 kasan_report.cold+0x66/0xdf mm/kasan/report.c:450
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
 memset+0x20/0x40 mm/kasan/shadow.c:44
 memset include/linux/fortify-string.h:209 [inline]
 __build_skb_around+0x1ff/0x2f0 net/core/skbuff.c:210
 __alloc_skb+0x127/0x340 net/core/skbuff.c:443
 alloc_skb include/linux/skbuff.h:1129 [inline]
 alloc_skb_with_frags+0x93/0x620 net/core/skbuff.c:5930
 sock_alloc_send_pskb+0x793/0x920 net/core/sock.c:2581
 mld_newpack+0x1df/0x770 net/ipv6/mcast.c:1754
 add_grhead+0x265/0x330 net/ipv6/mcast.c:1857
 add_grec+0x1053/0x14e0 net/ipv6/mcast.c:1995
 mld_send_cr net/ipv6/mcast.c:2121 [inline]
 mld_ifc_work+0x452/0xdc0 net/ipv6/mcast.c:2659
 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/12/12 11:10 net-next-old 77ab714f0070 49ca1f59 .config console log report info ci-upstream-net-kasan-gce KASAN: user-memory-access Write in __build_skb_around
2021/12/11 20:06 net-next-old be3158290db8 49ca1f59 .config console log report info ci-upstream-net-kasan-gce KASAN: user-memory-access Write in __build_skb_around
* Struck through repros no longer work on HEAD.