Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp676955pxb;
        Wed, 16 Feb 2022 01:44:45 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzkcwqX5vKRDbldvptjEIKpx8Yvod+glYWHtnZCw6pRQU3Ail85ksCxETqifO7XMX3HClVh
X-Received: by 2002:a63:f457:0:b0:33f:6dc9:ec1 with SMTP id p23-20020a63f457000000b0033f6dc90ec1mr1603240pgk.518.1645004685662;
        Wed, 16 Feb 2022 01:44:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645004685; cv=none;
        d=google.com; s=arc-20160816;
        b=K9vSAFtHjDMnQZQuqKAqmr3or1QfjRCUnfUxS5Rj9B0xPCcUVf/ycd9P8JSU6xC+Ci
         JW2ybJhKtZ+Nq03IB5Qras1qjDxdLGfBOo1xUS7VBSK5W0yexxzBTWS33yqXEJfIecoN
         zaK7SamAGhf4YeEmFmgPcZGVJQxcOrixcFLUcg5bc3RAULvpKYMGs4/PIJDsiQonmM/q
         Ffj+yvJiVxnWKeP0zms4ossmNK7wUZJsNdQ0Z+C7XXDXaiDtEF4HPeubJC2qgoTWXFdF
         liyHQpIjy8zzNHTinHmBWm539MYYfejSFBeVr8v8H+N4Q4pHb2vI0zX5N2tL5GWZxq3m
         wyig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=TE0/N8NKeog4OR15kthhPLLES8UDNjbzbBXNMjFbSeA=;
        b=rhZjABc4UDHQV9gadvLs7ae2uhY3ykzvUNjY2U6ogijNjX2jCnQp57uoQHG988Vkxq
         VIKGcIH3NImu02jQGEO8VJub8vyu0B6A3r21LUDFkAzzW7BipfX4h0woNEyW9GRZYU+v
         EPVe7WD/1bKq95cDsUedO2hbXn7t3HcojGQH8+O1Cf/apnrokeJ5IN2epBgEwKV7E5Ex
         fpnIvVkFdPNQfgged5s6UstLEZ1+R6bVkrDj3NrtTZAk/v1NyU8j6PoOesyeEAPEORlU
         ivbVJX3MPvUpwyspZLcjIvSxqEXEMJkxmcXHIPoEdd3j5ELAg34S7u4BhxRBoKHybG1q
         6RAg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=k46ucVdP;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id i63si4772768pge.800.2022.02.16.01.44.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Feb 2022 01:44:45 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=k46ucVdP;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 91598E44BC;
	Wed, 16 Feb 2022 01:38:45 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232190AbiBPJit (ORCPT <rfc822;andreykovskii@gmail.com>
        + 99 others); Wed, 16 Feb 2022 04:38:49 -0500
Received: from gmail-smtp-in.l.google.com ([23.128.96.19]:33864 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229660AbiBPJir (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 16 Feb 2022 04:38:47 -0500
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0CB4E3C48
        for <linux-kernel@vger.kernel.org>; Wed, 16 Feb 2022 01:38:35 -0800 (PST)
Received: by mail-io1-xd2f.google.com with SMTP id 24so1561838ioe.7
        for <linux-kernel@vger.kernel.org>; Wed, 16 Feb 2022 01:38:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=TE0/N8NKeog4OR15kthhPLLES8UDNjbzbBXNMjFbSeA=;
        b=k46ucVdPbgxxOSKlRhGU0xaLrcWt4WvHEENMC4xtG30AcZdCSLk57g8b2P9QRNgY+1
         9qZ/Dm8vza5Pxi+PauLqY+bKOoiY8DXBUAtvlxQEcUal/fNceCyUMhXUbWf9jJeno0jX
         54L/JdiaF03gbvq+u1prS2TbSAf2HU3aWaDbE/tATuu5+xawh/d20Sy1XxCZC/HrPtUR
         w7cuG7/th105tvyGMfUkFPGTZH7SIAX9mJXRqBA19ilqY/18gPO/+TnWvjJvYwiyin5q
         jKnOxd4za/Qlu8N+ZIyAictJKRO/gV56ajIq9T5sWXgF4iuOjXwnZfmCC9wMir1wAgwd
         vebQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=TE0/N8NKeog4OR15kthhPLLES8UDNjbzbBXNMjFbSeA=;
        b=W7Kqk9gK/aIoXHIfpFQYzVl2p21jg3s5Y9OiZapzBOiRy/AwNNSxa6014gFS3IG9jg
         J9IWtmU/dxcqp+ApH/qv87IxZpIkIUNv6q7rJw4xIJeBuc6R5mx8rFv1T3my86BkWl6P
         iXGUeBDTdmsfTnFBu3ogm1nhIWs4sUnD/sfWmy5wltvy993P8GjGlxNAtThrIpHUfQZs
         dedIbpGiTKE7kk+mkcygHbGVVmo9s9Z30eAyENtZkwl27+UpktrDA5300faRp+zQuVVq
         RBa8k/pNVwJjnJfMCHF12eBtZm8rosZu7lU9nseoBGrhn9JSYDbOrIbaKVfLONY+PIW1
         R3yA==
X-Gm-Message-State: AOAM531dd30Sw+PJTqFvg7UAJwGXnXSoej3iGvdhdKZ5osweWtqwbDTN
        PTMTwlzQoH9alnnp/RHLUAAH/0sS1K8bBdNACdm6Ug==
X-Received: by 2002:a05:6638:379b:b0:310:bb27:6c28 with SMTP id
 w27-20020a056638379b00b00310bb276c28mr1180097jal.71.1645004315038; Wed, 16
 Feb 2022 01:38:35 -0800 (PST)
MIME-Version: 1.0
References: <00000000000073b3e805d7fed17e@google.com> <462fa505-25a8-fd3f-cc36-5860c6539664@iogearbox.net>
 <CAPhsuW6rPx3JqpPdQVdZN-YtZp1SbuW1j+SVNs48UVEYv68s1A@mail.gmail.com> <CAPhsuW5JhG07TYKKHRbNVtepOLjZ2ekibePyyqCwuzhH0YoP7Q@mail.gmail.com>
In-Reply-To: <CAPhsuW5JhG07TYKKHRbNVtepOLjZ2ekibePyyqCwuzhH0YoP7Q@mail.gmail.com>
From:   Aleksandr Nogikh <nogikh@google.com>
Date:   Wed, 16 Feb 2022 10:38:24 +0100
Message-ID: <CANp29Y64wUeARFUn8Z0fjk7duxaZ3bJM2uGuVug_0ZmhGG_UTA@mail.gmail.com>
Subject: Re: [syzbot] KASAN: vmalloc-out-of-bounds Read in bpf_jit_free
To:     Song Liu <song@kernel.org>
Cc:     Daniel Borkmann <daniel@iogearbox.net>,
        syzbot <syzbot+2f649ec6d2eea1495a8f@syzkaller.appspotmail.com>,
        Andrii Nakryiko <andrii@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>, bpf <bpf@vger.kernel.org>,
        "David S . Miller" <davem@davemloft.net>,
        Jesper Dangaard Brouer <hawk@kernel.org>,
        John Fastabend <john.fastabend@gmail.com>,
        Martin KaFai Lau <kafai@fb.com>,
        KP Singh <kpsingh@kernel.org>,
        Jakub Kicinski <kuba@kernel.org>,
        open list <linux-kernel@vger.kernel.org>,
        Networking <netdev@vger.kernel.org>,
        Song Liu <songliubraving@fb.com>,
        syzkaller-bugs@googlegroups.com, Yonghong Song <yhs@fb.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,
	USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Song,

Is syzkaller not doing something you expect it to do with this config?

On Wed, Feb 16, 2022 at 2:38 AM Song Liu <song@kernel.org> wrote:
>
> On Mon, Feb 14, 2022 at 10:41 PM Song Liu <song@kernel.org> wrote:
> >
> > On Mon, Feb 14, 2022 at 3:52 PM Daniel Borkmann <daniel@iogearbox.net> wrote:
> > >
> > > Song, ptal.
> > >
> > > On 2/14/22 7:45 PM, syzbot wrote:
> > > > Hello,
> > > >
> > > > syzbot found the following issue on:
> > > >
> > > > HEAD commit:    e5313968c41b Merge branch 'Split bpf_sk_lookup remote_port..
> > > > git tree:       bpf-next
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=10baced8700000
> > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=c40b67275bfe2a58
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f
>
> How do I run the exact same syzkaller? I am doing something like
>
> ./bin/syz-manager -config qemu.cfg
>
> with the cfg file like:
>
> {
>         "target": "linux/amd64",
>         "http": ":56741",
>         "workdir": "workdir",
>         "kernel_obj": "linux",
>         "image": "./pkg/mgrconfig/testdata/stretch.img",

This image location looks suspicious - we store some dummy data for
tests in that folder.
Instances now run on buildroot-based images, generated with
https://github.com/google/syzkaller/blob/master/tools/create-buildroot-image.sh

>         "syzkaller": ".",
>         "disable_syscalls": ["keyctl", "add_key", "request_key"],

For our bpf instances, instead of disable_syscalls we use enable_syscalls:

"enable_syscalls": [
"bpf", "mkdir", "mount$bpf", "unlink", "close",
"perf_event_open*", "ioctl$PERF*", "getpid", "gettid",
"socketpair", "sendmsg", "recvmsg", "setsockopt$sock_attach_bpf",
"socket$kcm", "ioctl$sock_kcm*", "syz_clone",
"mkdirat$cgroup*", "openat$cgroup*", "write$cgroup*",
"openat$tun", "write$tun", "ioctl$TUN*", "ioctl$SIOCSIFHWADDR",
"openat$ppp", "syz_open_procfs$namespace"
]

>         "suppressions": ["some known bug"],
>         "procs": 8,

We usually run with "procs": 6, but it's not that important.

>         "type": "qemu",
>         "vm": {
>                 "count": 16,
>                 "cpu": 2,
>                 "mem": 2048,
>                 "kernel": "linux/arch/x86/boot/bzImage"
>         }
> }

Otherwise I don't see any really significant differences.

--
Best Regards
Aleksandr

>
> Is this correct? I am using stretch.img from syzkaller site, and the
> .config from
> the link above.
>
> Thanks,
> Song
>