From: Paolo Abeni <pabeni@redhat.com>
To: Arnaud Lecomte <contact@arnaud-lcm.com>,
syzbot+827ae2bfb3a3529333e9@syzkaller.appspotmail.com
Cc: agordeev@linux.ibm.com, alibuda@linux.alibaba.com,
davem@davemloft.net, edumazet@google.com,
guwen@linux.alibaba.com, horms@kernel.org, jaka@linux.ibm.com,
kuba@kernel.org, linux-kernel@vger.kernel.org,
linux-rdma@vger.kernel.org, linux-s390@vger.kernel.org,
netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com,
tonylu@linux.alibaba.com, wenjia@linux.ibm.com
Subject: Re: syztest
Date: Mon, 30 Jun 2025 08:51:35 +0200 [thread overview]
Message-ID: <83640113-ae18-4d5a-945a-44eef600d42e@redhat.com> (raw)
In-Reply-To: <20250629132933.33599-1-contact@arnaud-lcm.com>
On 6/29/25 3:29 PM, Arnaud Lecomte wrote:
> #syz test
>
> --- a/net/smc/af_smc.c
> +++ b/net/smc/af_smc.c
> @@ -123,11 +123,14 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk,
> struct request_sock *req_unhash,
> bool *own_req)
> {
> + read_lock_bh(&((struct sock *)sk)->sk_callback_lock);
> struct smc_sock *smc;
> struct sock *child;
> -
> smc = smc_clcsock_user_data(sk);
>
> + if (!smc)
> + goto drop;
> +
> if (READ_ONCE(sk->sk_ack_backlog) + atomic_read(&smc->queued_smc_hs) >
> sk->sk_max_ack_backlog)
> goto drop;
> @@ -148,9 +151,11 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk,
> if (inet_csk(child)->icsk_af_ops == inet_csk(sk)->icsk_af_ops)
> inet_csk(child)->icsk_af_ops = smc->ori_af_ops;
> }
> + read_unlock_bh(&((struct sock *)sk)->sk_callback_lock);
> return child;
>
> drop:
> + read_unlock_bh(&((struct sock *)sk)->sk_callback_lock);
> dst_release(dst);
> tcp_listendrop(sk);
> return NULL;
> @@ -2613,7 +2618,7 @@ int smc_listen(struct socket *sock, int backlog)
> int rc;
>
> smc = smc_sk(sk);
> - lock_sock(sk);
> + lock_sock(sock->sk);
>
> rc = -EINVAL;
> if ((sk->sk_state != SMC_INIT && sk->sk_state != SMC_LISTEN) ||
Please stop cc-ing netdev and other kernel ML with this tests. You
should keep just the syzkaller related MLs and a very restricted list of
individuals (i.e. no maintainers).
Thanks,
Paolo
next prev parent reply other threads:[~2025-06-30 6:51 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-31 20:23 [syzbot] [rdma?] [s390?] [net?] KASAN: null-ptr-deref Read in smc_tcp_syn_recv_sock syzbot
2025-06-29 13:29 ` syztest Arnaud Lecomte
2025-06-29 13:52 ` [syzbot] [smc?] KASAN: null-ptr-deref Read in smc_tcp_syn_recv_sock syzbot
2025-06-30 6:51 ` Paolo Abeni [this message]
2025-06-29 14:47 ` syztest Arnaud Lecomte
2025-06-29 15:07 ` [syzbot] [smc?] KASAN: null-ptr-deref Read in smc_tcp_syn_recv_sock syzbot
2025-06-29 15:10 ` syztest Arnaud Lecomte
2025-06-29 16:00 ` [syzbot] [smc?] KASAN: null-ptr-deref Read in smc_tcp_syn_recv_sock syzbot
2025-11-15 16:31 ` syzbot
-- strict thread matches above, loose matches on Subject: below --
2025-07-29 21:58 [syzbot] [fuse?] [block?] KASAN: slab-use-after-free Read in disk_add_events syzbot
2025-07-30 5:51 ` syztest Arnaud Lecomte
2025-07-30 6:09 ` syztest Yu Kuai
2025-07-30 7:10 ` syztest Arnaud Lecomte
2025-07-28 23:37 [syzbot] [bpf?] KASAN: slab-out-of-bounds Write in __bpf_get_stackid syzbot
2025-07-29 7:22 ` syztest Arnaud Lecomte
2025-07-28 20:55 [syzbot] [bpf?] KASAN: slab-out-of-bounds Write in __bpf_get_stackid syzbot
2025-09-04 10:17 ` syztest Arnaud Lecomte
2025-09-04 14:11 ` syztest Arnaud Lecomte
2025-09-04 14:47 ` syztest Jakub Kicinski
2025-09-04 14:53 ` syztest Lecomte, Arnaud
2025-04-25 0:57 [syzbot] [block?] BUG: unable to handle kernel NULL pointer dereference in guard_bio_eod syzbot
2025-04-27 15:57 ` syztest Arnaud Lecomte
2025-04-27 16:03 ` syztest Arnaud Lecomte
2025-04-24 2:02 [syzbot] [xfs?] KMSAN: uninit-value in xfs_dialloc_ag_inobt syzbot
2025-04-24 8:59 ` syztest Arnaud Lecomte
2025-04-24 8:59 ` syztest syzbot
2025-04-10 6:58 [syzbot] [bcachefs?] kernel BUG in __bch2_str_hash_check_key syzbot
2025-04-28 16:09 ` syztest Arnaud Lecomte
2025-04-28 16:26 ` syztest Kent Overstreet
2024-12-06 20:05 [syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event syzbot
2025-07-26 20:41 ` syztest Arnaud Lecomte
2024-01-22 9:48 [syzbot] [hfs?] KASAN: out-of-bounds Read in hfsplus_bnode_move syzbot
2025-07-27 18:17 ` syztest Arnaud Lecomte
2023-06-17 5:30 [syzbot] [hfs?] kernel BUG in hfsplus_bnode_put syzbot
2025-08-29 6:30 ` syztest Chenzhi Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83640113-ae18-4d5a-945a-44eef600d42e@redhat.com \
--to=pabeni@redhat.com \
--cc=agordeev@linux.ibm.com \
--cc=alibuda@linux.alibaba.com \
--cc=contact@arnaud-lcm.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=guwen@linux.alibaba.com \
--cc=horms@kernel.org \
--cc=jaka@linux.ibm.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzbot+827ae2bfb3a3529333e9@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tonylu@linux.alibaba.com \
--cc=wenjia@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.