Received: by 10.223.176.5 with SMTP id f5csp729291wra; Tue, 30 Jan 2018 18:37:47 -0800 (PST) X-Google-Smtp-Source: AH8x227v1DvPZ+0/M+3b+V8nisz/cLQlL+NgZ+7r0Np+rdyhld0fIrHKMTS8NhCYbHcsyBlbwJJa X-Received: by 2002:a17:902:4003:: with SMTP id b3-v6mr25902508pld.154.1517366267596; Tue, 30 Jan 2018 18:37:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517366267; cv=none; d=google.com; s=arc-20160816; b=PQEaimg4YdUD5H6w0vEJcAlryda8WjNMZ0YcLmyg28YUsfXD4adSLA6F7Zht05+7e5 Y4DGDERv/TadxqEcZ0/mMJholXWf4ZJT8OGyigG258cLVq3NE/JFTJZhTwB85083+1zn 50AGuTn4Q+jzbC13JEzuEAqiSqFf3V3DVmYEnbIx/Bke8EdEwjaa+MfyqEU67e5LpZ/B 9VBWIRD5z2Zn053xCSL0I/HgnKpMQUKAlqKRBsOIi/JAUDOaSZC5S5fcM50IRxRwduld 3zrmy0dr8Cwy8f5Lk1saWZz4NtyzRCqWdubCwXtt7hiYNPouymB9htuxp2ApDxyw2IGv ALaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=is3nxZz47kAnfTMFAKweWKWYmph30KR/XnKOZJtI4+Y=; b=eH+2nT17HhHGyelxPEV7dvhydtXtHfEMuXVwsmNZ0YcFZadIKVdVhdaUIKDJRLAhwU lQVK8/avg7zOkjmbcBT5AB/QjudLGB6KSZl/34O/pWDM/m0sypV8K8gptFFzvi6H8GkN /YZcZ5MxwJlt9EMf71pNQAOzsJaD2jd1g2UDcrdzcDjIKs1rZHK42JHVjcRJT/60fB0V tzKMi7ANoM527oB3/he7Au96hSNU3oRa8+4jQbjYsWmj3KixQ/40oKzpfrKsVcuoz84b o7cPz8EU6s2B6zfoh6Rycdf5VeEzZP3kSokXaGbLbuUp9LObZ5mBEZn5Ixp8GUX5LYNM /vgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XXMYX/8p; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d15si4651794pfb.30.2018.01.30.18.37.32; Tue, 30 Jan 2018 18:37:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XXMYX/8p; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752545AbeAaBlm (ORCPT + 99 others); Tue, 30 Jan 2018 20:41:42 -0500 Received: from mail-io0-f175.google.com ([209.85.223.175]:37307 "EHLO mail-io0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752486AbeAaBlk (ORCPT ); Tue, 30 Jan 2018 20:41:40 -0500 Received: by mail-io0-f175.google.com with SMTP id f89so13626170ioj.4; Tue, 30 Jan 2018 17:41:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=is3nxZz47kAnfTMFAKweWKWYmph30KR/XnKOZJtI4+Y=; b=XXMYX/8pl2f7ICNleyKnYgiR5cP0uzyj0EDV0anr9r+g8bFuLQl1eTTBNz0UTjxhQn ZlX/2d7yyfr5bi49NNuASj5iUGNPO5tb8y0TroDhJN+fi/MVf/5lRG4WhJWL86+Yk9eZ iSx4ui1UzozFCoB6ZBXEg6o3NfjXp5CfmjdPGfnzOuoV0NZghDRqDFWS8G0MTV847+6L 2FbeATofm3TkgAGgVM2P0+khol5nZ2mPQ35LduOK/oU4I5MXFJR1huVXI5dCXfFryI5L QH7Tw40h4sNPZRo7/1zHBEcG0zVtg64WDJy/kSAim7p3h8eWd22bX5qEvoX2L5p8xhFa Cfqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=is3nxZz47kAnfTMFAKweWKWYmph30KR/XnKOZJtI4+Y=; b=LidSKuxDZXjnNFI3muKlT6ByTLDLpPjKhdRpmgACFK4NuYx0hijuOWd3L60VACy4CT lC2W+gqXOxIHWXXrLk4rHusGYORFV/iP7cxrBP8MYqy4lz3hL+QMKfTy4b5tIPrRWcNA Va7qYnrRPgl7SjYPXnMv/w+n1AgMcCf8Cjw8SWOR82SImMeeJBtuPtjr4VJpIXQjBnBt G4zpKAPLX2Y71SO5wjFpl5E2do08K5nx7O7UkIxgyhCQ+Vzkqj6hQdvplyYlFq/vXvCd amMVwqvLxZDJlzd7HlRvEw6SWVvEW2/cUh17MDNX0hS7xyWKGAbHxCNLw4zM0T7lKsHp VpkQ== X-Gm-Message-State: AKwxytdrW2zhXI6rixP1THqZljhXUXTPrXOBRxOeuuxdoTW2wzbhBCcW 2121EQp+0C5BHrWQwGjqT0I= X-Received: by 10.107.93.13 with SMTP id r13mr148864iob.32.1517362899867; Tue, 30 Jan 2018 17:41:39 -0800 (PST) Received: from gmail.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id g1sm6775959itg.10.2018.01.30.17.41.38 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 30 Jan 2018 17:41:39 -0800 (PST) Date: Tue, 30 Jan 2018 17:41:36 -0800 From: Eric Biggers To: Daniel Borkmann Cc: Dmitry Vyukov , syzbot , Alexei Starovoitov , LKML , netdev , syzkaller-bugs@googlegroups.com Subject: Re: BUG: unable to handle kernel paging request in check_memory_region Message-ID: <20180131014136.ulrq64mhcwd7fhqw@gmail.com> References: <001a113feecc4fa53a05629c32a5@google.com> <8bf5e24e-1bce-81dc-4e92-80ce20c5d152@iogearbox.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8bf5e24e-1bce-81dc-4e92-80ce20c5d152@iogearbox.net> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jan 14, 2018 at 01:22:13AM +0100, Daniel Borkmann wrote: > On 01/13/2018 08:29 AM, Dmitry Vyukov wrote: > > On Fri, Jan 12, 2018 at 11:58 PM, syzbot > > wrote: > >> Hello, > >> > >> syzkaller hit the following crash on > >> c92a9a461dff6140c539c61e457aa97df29517d6 > >> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master > >> compiler: gcc (GCC) 7.1.1 20170620 > >> .config is attached > >> Raw console output is attached. > >> C reproducer is attached > >> syzkaller reproducer is attached. See https://goo.gl/kgGztJ > >> for information about syzkaller reproducers > >> > >> > >> IMPORTANT: if you fix the bug, please add the following tag to the commit: > >> Reported-by: syzbot+32b24f3e7c9000c48490@syzkaller.appspotmail.com > >> It will help syzbot understand when the bug is fixed. See footer for > >> details. > >> If you forward the report, please keep this part and the footer. > > > > > > Daniel, is it the same bug that was fixed by "bpf, array: fix overflow > > in max_entries and undefined behavior in index_mask"? > > And also here, fixed by: > > https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=bbeb6e4323dad9b5e0ee9f60c223dd532e2403b1 > Thanks Daniel, this crash is no longer occurring and I verified that commit bbeb6e4323da fixed it, so let's allow syzbot to close this report too: #syz fix: bpf, array: fix overflow in max_entries and undefined behavior in index_mask - Eric