Re: [syzbot] [hams?] KASAN: slab-use-after-free Read in rose_get_neigh

From: Kohei Enju
Date: Tue Jun 24 2025 - 08:44:33 EST

Next message: Benno Lossin: "Re: [PATCH v4 3/6] rust: irq: add support for non-threaded IRQs and handlers"
Previous message: Jonathan Corbet: "Re: [PATCH next] Documentation: KVM: fix reference for kvm_ppc_resize_hpt and various typos"
Next in thread: syzbot: "Re: [syzbot] [hams?] KASAN: slab-use-after-free Read in rose_get_neigh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#syz test

diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index 2dd6bd3a3011..a85969e2369f 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -480,6 +480,7 @@ void rose_rt_device_down(struct net_device *dev)
struct rose_neigh *s, *rose_neigh;
struct rose_node *t, *rose_node;
int i;
+ unsigned char old_count;

spin_lock_bh(&rose_node_list_lock);
spin_lock_bh(&rose_neigh_list_lock);
@@ -497,7 +498,8 @@ void rose_rt_device_down(struct net_device *dev)
t = rose_node;
rose_node = rose_node->next;

- for (i = 0; i < t->count; i++) {
+ old_count = t->count;
+ for (i = 0; i < old_count; i++) {
if (t->neighbour[i] != s)
continue;

Next message: Benno Lossin: "Re: [PATCH v4 3/6] rust: irq: add support for non-threaded IRQs and handlers"
Previous message: Jonathan Corbet: "Re: [PATCH next] Documentation: KVM: fix reference for kvm_ppc_resize_hpt and various typos"
Next in thread: syzbot: "Re: [syzbot] [hams?] KASAN: slab-use-after-free Read in rose_get_neigh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]