1. Patchew
  2. linux
  3. View series

#syz test

Arnaud Lecomte posted 1 patch 2 days, 4 hours ago
#syz test
Posted by Arnaud Lecomte 2 days, 4 hours ago 
#syz test

diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
index 2365541c81dd..b8ff4ccae2d6 100644
--- a/kernel/bpf/stackmap.c
+++ b/kernel/bpf/stackmap.c
@@ -465,7 +465,6 @@ static long __bpf_get_stack(struct pt_regs *regs, struct task_struct *task,

        if (trace_in) {
                trace = trace_in;
-               trace->nr = min_t(u32, trace->nr, max_depth);
        } else if (kernel && task) {
                trace = get_callchain_entry_for_task(task, max_depth);
        } else {
@@ -479,7 +478,8 @@ static long __bpf_get_stack(struct pt_regs *regs, struct task_struct *task,
                goto err_fault;
        }

-       trace_nr = trace->nr - skip;
+       trace_nr = min(trace->nr, max_depth);
+       trace_nr = trace_nr - skip;
        copy_len = trace_nr * elem_size;

        ips = trace->ip + skip;
--
2.43.0
Re: [syzbot] [bpf?] KASAN: stack-out-of-bounds Write in __bpf_get_stack
Posted by syzbot 2 days, 1 hour ago 
Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+d1b7fa1092def3628bd7@syzkaller.appspotmail.com
Tested-by: syzbot+d1b7fa1092def3628bd7@syzkaller.appspotmail.com

Tested on:

commit:         a069190b bpf: Replace __opt annotation with __nullable..
git tree:       bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1551528a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=9c5e9eccee9bc2fe
dashboard link: https://syzkaller.appspot.com/bug?extid=d1b7fa1092def3628bd7
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=111f6e22580000

Note: testing is done by a robot and is best-effort only.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.