Re: [syzbot] [bpf?] [net?] KASAN: slab-use-after-free Read in sk_msg_recvmsg

Next message: Nikunj A. Dadhania: "Re: [PATCH] x86/fred: Fix early boot failures on SEV-ES/SNP guests"
Previous message: Yasunori Goto (Fujitsu): "RE: [PATCH v6 0/9] dax/hmem, cxl: Coordinate Soft Reserved handling with CXL and HMEM"
Next in thread: syzbot: "Re: [syzbot] [bpf?] [net?] KASAN: slab-use-after-free Read in sk_msg_recvmsg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hillf Danton

Date: Mon Feb 16 2026 - 00:17:02 EST

> Date: Sun, 15 Feb 2026 12:21:29 -0800 [thread overview]
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: a040afa3bca4 gve: fix probe failure if clock read fails
> git tree: net
> console output: https://syzkaller.appspot.com/x/log.txt?x=165bf05a580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=e3161cabe5a361ff
> dashboard link: https://syzkaller.appspot.com/bug?extid=9307c991a6d07ce6e6d8
> compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13dd245a580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16ecdb2a580000

#syz test

--- x/net/core/skmsg.c
+++ y/net/core/skmsg.c
@@ -500,7 +500,13 @@ out:
int sk_msg_recvmsg(struct sock *sk, struct sk_psock *psock, struct msghdr *msg,
int len, int flags)
{
- return __sk_msg_recvmsg(sk, psock, msg, len, flags, NULL);
+ static DEFINE_MUTEX(lk);
+ int rc;
+
+ mutex_lock(&lk);
+ rc = __sk_msg_recvmsg(sk, psock, msg, len, flags, NULL);
+ mutex_unlock(&lk);
+ return rc;
}
EXPORT_SYMBOL_GPL(sk_msg_recvmsg);

--