Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1041176imm; Fri, 8 Jun 2018 09:04:31 -0700 (PDT) X-Google-Smtp-Source: ADUXVKK9G3TMD1YN2kh/9b2Rb9A3Vs2vb4Vx03Oo3wM5RYddcTRPvsntIzfr7h6FN1CgAzvB8ZxG X-Received: by 2002:a65:6645:: with SMTP id z5-v6mr5896540pgv.43.1528473871819; Fri, 08 Jun 2018 09:04:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528473871; cv=none; d=google.com; s=arc-20160816; b=AqjIae0b5fIoiNjjbeX/xCN79Eyf0nNKjr0UR9qWV4ecavRKqA0sOcc65FwnKQd7O8 9MTlvHRU1IiemYmdE7GREJP/aukMiOUitVsG5lmBz2xQLjLuWHRrq+Qxbx6IRNpGSQcc otEhK1GEgGUnoenLxE2eGHMtZx3cBQwC3d4LtOiC9yMNn912APSjjRcPbDoGKrCGnegd lUgH3m63bT8rCaD3aSnUPF1GqkapjvJTctAX5WL8qb+OzctXAhIX428XcV9z+fHB66Qb 1Y9WqgaXUH9SAtBFo242HWCyA9VsE1n87tTlAtGrrGWeDi9tqt4gG8QrkhFtRL0pgkyh TH7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=HbxImwP63/em8teen6Tqa/C8pMEx1y1l/pOX9RiA6BY=; b=xbZsN3pp6o6fZCj1bL8w4CJe1OcQh6NkHqpMwtEoVISqSukk+C1A8FAZhtUYlzoHlE pR0ITAlWX0Dclpf33Ato6A9atfG2Uvs5fJlXRmjwhW+HUJL5HYyglterinQFQZgKhBhH QKPWHSaM99Qvn4/EWgnex6XNyA6ObrmpfnrRVNUubeD7jnIX2KlJul2cI4adHS7CgLNE CejoNgQlEmy94IrZFAOXvidTFNwxDd1oTHkv02tjlWx4qyl5iz7rMG9jmhXo+IibxEmH 9inFxlbnGJs3A6HScpCsL5kNckF8gueYvLugtvQm/S252OWeh7RPn4LaXunTt8lZB4IS ByEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pXLyAEAs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w65-v6si27428720pfw.201.2018.06.08.09.04.15; Fri, 08 Jun 2018 09:04:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pXLyAEAs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752910AbeFHQDP (ORCPT + 99 others); Fri, 8 Jun 2018 12:03:15 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:52623 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752846AbeFHQDN (ORCPT ); Fri, 8 Jun 2018 12:03:13 -0400 Received: by mail-it0-f67.google.com with SMTP id m194-v6so2975147itg.2; Fri, 08 Jun 2018 09:03:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=HbxImwP63/em8teen6Tqa/C8pMEx1y1l/pOX9RiA6BY=; b=pXLyAEAsIhxftZ2wrmdHZZXhyoRgqPU84iiqq9rVGW72cVIhLS/DZbupH675zFxxUd I3FY6s+yokODyghExo3hadNv8aNp/q+lKO5hUDSI2FtyKIPCdJZReYRYTr3ymym2LWEE DZ8pbBS6X0B889c/UgVNafqJkDR8ih1lgoPiXePD4yilOa6sS7zwkktJ76rspHknnqie JmfnPY2jKp+Anl7SD+PaCF0Bbsi0D5AE0eHr/OorccO5Sm5K7gJiLXqbeIRqKZ5Pbvdm 6WWVlQxLNfPgNOfdPOWQwoMKjvCpFZTy+PIEInLbLHnPxaJ+Bqeaxu1r/Gcz4TyNSnpb AX7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=HbxImwP63/em8teen6Tqa/C8pMEx1y1l/pOX9RiA6BY=; b=rHoYgya29ArEnuFTdxytAElBid/cAhL8ou7fMKVOQQRs/7hw0o+j5ohKttLdN6SobJ NfNaFXNWeNDdxRB8X9lVPHoUj6Sf0KCjXQyuKm0SyvYEllMli8jbqohLeLFjCTwoqwPL 8g2gL19nmmZRFFP9BHbkKMXOOYPZBGcgEybBIJ74VTpKmfcXLEap9Df23b8RFx3Bj5TC Fnu3LjGimY8TQQ9XNeySKZTsEWsz21r3Uot4a/2j+jwCps8g7WySSTPn0BEepd2otl7B a7wWs5A+FcIGdqKWkBfI1wjGuh2kVcfer/ZbOMFsH4oc9j0rIfyb8sgJEJvQYNsBJ7Wl 5XAw== X-Gm-Message-State: APt69E32lfm6Rvc5fw8P/aYZxFsEvEDeX5B8od1ygXmDRczgE9o864Lm c2XyPxNbevc9tmh8dC0F2Yw= X-Received: by 2002:a24:1d4:: with SMTP id 203-v6mr2148469itk.97.1528473793042; Fri, 08 Jun 2018 09:03:13 -0700 (PDT) Received: from [192.168.86.235] ([184.63.162.180]) by smtp.gmail.com with ESMTPSA id l24-v6sm9006683iog.59.2018.06.08.09.03.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Jun 2018 09:03:12 -0700 (PDT) Subject: Re: KASAN: use-after-free Write in bpf_tcp_close To: Dmitry Vyukov , Daniel Borkmann Cc: syzbot , Alexei Starovoitov , LKML , netdev , syzkaller-bugs References: <000000000000cb4149056d3587f5@google.com> From: John Fastabend Message-ID: Date: Fri, 8 Jun 2018 09:03:00 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/07/2018 09:58 AM, Dmitry Vyukov wrote: > On Mon, May 28, 2018 at 12:15 AM, Daniel Borkmann wrote: >> [ +John ] >> >> On 05/27/2018 10:06 PM, syzbot wrote: >>> Hello, >>> >>> syzbot found the following crash on: >>> >>> HEAD commit: ff4fb475cea8 Merge branch 'btf-uapi-cleanups' >>> git tree: bpf-next >>> console output: https://syzkaller.appspot.com/x/log.txt?x=12b3d577800000 >>> kernel config: https://syzkaller.appspot.com/x/.config?x=b632d8e2c2ab2c1 >>> dashboard link: https://syzkaller.appspot.com/bug?extid=31025a5f3f7650081204 >>> compiler: gcc (GCC) 8.0.1 20180413 (experimental) >>> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=109a2f37800000 >>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=171a727b800000 >>> >>> IMPORTANT: if you fix the bug, please add the following tag to the commit: >>> Reported-by: syzbot+31025a5f3f7650081204@syzkaller.appspotmail.com >> >> Should be fixed by: https://patchwork.ozlabs.org/patch/920695/ > > #syz fix: bpf: sockhash fix race with bpf_tcp_close and map delete > Same here 'bpf: sockhash fix race with bpf_tcp_close and map delete" was dropped and a new fix will be posted shortly. Thanks! John