From: Paolo Abeni <pabeni@redhat.com>
To: Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>
Cc: syzbot <syzbot+8ed8fc4c57e9dcf23ca6@syzkaller.appspotmail.com>,
David Miller <davem@davemloft.net>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Jiri Pirko <jiri@resnulli.us>,
LKML <linux-kernel@vger.kernel.org>,
netdev <netdev@vger.kernel.org>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Cong Wang <xiyou.wangcong@gmail.com>
Subject: Re: [syzbot] UBSAN: shift-out-of-bounds in tcf_pedit_init
Date: Fri, 13 May 2022 11:36:05 +0200 [thread overview]
Message-ID: <751e78f0aedffd19b0314c365fd5ecf0e73a52c1.camel@redhat.com> (raw)
In-Reply-To: <CANn89i+xqQafpRrF7=G0FqJNZkQUBCt_sKsSbhG64bq0iCnztQ@mail.gmail.com>
On Thu, 2022-05-12 at 16:53 -0700, Eric Dumazet wrote:
> On Thu, May 12, 2022 at 3:51 PM Jakub Kicinski <kuba@kernel.org> wrote:
> >
> > On Thu, 12 May 2022 14:19:51 -0700 Eric Dumazet wrote:
> > > On Thu, May 12, 2022 at 2:18 PM syzbot
> > > > This report is generated by a bot. It may contain errors.
> > > > See https://goo.gl/tpsmEJ for more information about syzbot.
> > > > syzbot engineers can be reached at syzkaller@googlegroups.com.
> > > >
> > > > syzbot will keep track of this issue. See:
> > > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> > > > syzbot can test patches for this issue, for details see:
> > > > https://goo.gl/tpsmEJ#testing-patches
> > >
> > > As mentioned earlier, this came with
> > >
> > > commit 8b796475fd7882663a870456466a4fb315cc1bd6
> > > Author: Paolo Abeni <pabeni@redhat.com>
> > > Date: Tue May 10 16:57:34 2022 +0200
> > >
> > > net/sched: act_pedit: really ensure the skb is writable
> >
> > Came in as in new stack trace for an old/existing bug, right?
> > Nothing checks the shift so it'd have already tripped UBSAN
> > later on in tcf_pedit_act(), anyway.
>
> Maybe a prior syzbot was reported, and nobody cared.
>
> Or maybe syzbot got its way into this path only recently.
I'm reasonably sure the issue predates the bisected commit. Possibly
syzbot was unable to catch it before such commit because is much harder
to achive complete coverage of the data path, I think.
I've sent a patch, thanks for the report.
Paolo
next prev parent reply other threads:[~2022-05-13 9:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-12 21:18 [syzbot] UBSAN: shift-out-of-bounds in tcf_pedit_init syzbot
2022-05-12 21:19 ` Eric Dumazet
2022-05-12 22:51 ` Jakub Kicinski
2022-05-12 23:53 ` Eric Dumazet
2022-05-13 9:36 ` Paolo Abeni [this message]
2022-05-13 1:13 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=751e78f0aedffd19b0314c365fd5ecf0e73a52c1.camel@redhat.com \
--to=pabeni@redhat.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzbot+8ed8fc4c57e9dcf23ca6@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).