Re: [syzbot] [net?] [s390?] KASAN: slab-use-after-free Read in netdev_walk_all_lower_dev
From: Hillf Danton
Date: Fri Dec 06 2024 - 21:58:34 EST
On Fri, 06 Dec 2024 07:59:25 -0800
> syzbot found the following issue on:
>
> HEAD commit: 896d8946da97 Merge tag 'net-6.13-rc2' of git://git.kernel...
> git tree: net
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10de5330580000
#syz test
--- x/net/smc/smc_core.c
+++ y/net/smc/smc_core.c
@@ -1893,10 +1893,22 @@ int smc_vlan_by_tcpsk(struct socket *clc
ini->vlan_id = vlan_dev_vlan_id(ndev);
goto out_rel;
}
+ rcu_read_lock();
+ if (ndev->reg_state == NETREG_UNREGISTERING || ndev->reg_state == NETREG_UNREGISTERED) {
+ rcu_read_unlock();
+ rc = -ENODEV;
+ goto out_rel;
+ }
+ rcu_read_unlock();
priv.data = (void *)&ini->vlan_id;
rtnl_lock();
- netdev_walk_all_lower_dev(ndev, smc_vlan_by_tcpsk_walk, &priv);
+ rcu_read_lock();
+ if (ndev->reg_state == NETREG_UNREGISTERING || ndev->reg_state == NETREG_UNREGISTERED)
+ rc = -ENODEV;
+ else
+ netdev_walk_all_lower_dev(ndev, smc_vlan_by_tcpsk_walk, &priv);
+ rcu_read_unlock();
rtnl_unlock();
out_rel:
--