Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp1202079pxb; Wed, 16 Feb 2022 13:26:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJx81AHbIIW1mzMqzGIpFjyGpeErA7qupwQmOPEA1vnRGlPXT8jTsMQcsUwn+OMStWr62Vr7 X-Received: by 2002:a17:906:b348:b0:6cf:5b66:2f80 with SMTP id cd8-20020a170906b34800b006cf5b662f80mr3782784ejb.638.1645046774097; Wed, 16 Feb 2022 13:26:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645046774; cv=none; d=google.com; s=arc-20160816; b=pshVPM3Y9OJwPfMR46KzuVYNIn+MwPoXKqwhBRJ6H/sZvL+oZ/EA3P9BG8a9iTcU0a QenkXwHLFTh6j5Xuj7UR8whW/beQrbmeoWZWFQBZD70CkFrvVdZ5/DSS63BzXxJkyNfP 0oCgFVK5XKmTQTSAf4FqKbgE352tMRqbq7IbLtmJTBrtOa4EA1656JuOjZTmyC7EjjeR 9XTx535KeF4LN/Y3hwC8yC6vKYXfuIrNNxKOwigwHHR1/JgF7ts3fi/167dfKnBV2ndm A1Vvo27lGe16dOjicPSGvFnnI+SE4dSb+t0lHjRV75hHwroJh4fdB+LJiLMBucXKOR2I COrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=/aV4/D18L5SAdVilBLZLXptWOUGBpEW06ECFx+E5Cto=; b=CY8CejBqXiqgwCEn9BOcBQNERzEXT6ICMAjXj+nJOOgHHkLL5aHxSOtpjXNAkf6kwD bxyk+5NjxlWmCqLHyQVMd628iEUKRS6lWS3lK/KKAlTaGog1ICTvNmKu0j18L/e6QJG/ rEcQAwFOpvCQCP2R9loX2FU/1TnvO91Sqspox1Fk6BUHzXYKvb9gTeIPJBCVi72l12XT +lbfQyraS58nVNkPO7jQZcPHgQCBwmxnGeBsxQ5Ae2f8BYDEzcg8KwaBChf81UKP/bRi yU56jbgUnjxDBIRGR5wtILlo6vRDyUFYK2QQNVOogbPHUtKqs22axM3vTxF+7e+HXvVY EuVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rbZyAd4+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sa38si714489ejc.990.2022.02.16.13.25.49; Wed, 16 Feb 2022 13:26:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rbZyAd4+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236422AbiBPQ1w (ORCPT + 99 others); Wed, 16 Feb 2022 11:27:52 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:52344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235564AbiBPQ1v (ORCPT ); Wed, 16 Feb 2022 11:27:51 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DFB0F390F; Wed, 16 Feb 2022 08:27:39 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id ABD0D61B45; Wed, 16 Feb 2022 16:27:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A395C340F5; Wed, 16 Feb 2022 16:27:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1645028858; bh=pEh4L2k9OlwykfyE6yHq4tYTDVuGpXE+S5QkPvGsxIs=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=rbZyAd4+1IEETsA4jI6CFCdcT8cTsrnfIpBJNmmfUe4lOqhPmHwxQRQvmbDtNclax MUG6ajiG3mW1V5Jy89g/fq4G3kuFK02Xxe6VzDXqLUDThSvQCppALbIbYwnDXOjl4X FB0USW5gWc9mKCy+UXU/fvJqsHjtobcMWv73kclp8T3gDsPS+hdlaKb83EmGpFgBRk QNDUfI0O9InKp34jd9amFfR/JLp7RLL+0GiQXG7Cvxx+7DEz1HvYPM2UseW5Buw64L UROwzAjKNWHhwSgF6qSF/pNBrs0MqEqHVnSegshYdr9F7AC5RR73p3Qf8uJnBOQSuM NyyVM77QOo+YA== Received: by mail-yb1-f172.google.com with SMTP id bt13so7255310ybb.2; Wed, 16 Feb 2022 08:27:38 -0800 (PST) X-Gm-Message-State: AOAM530Ct4Vr81ZwU25UcbO+ZzrmP5LtL03A4RKqP3ZxPyuxhp3OcEhB TJqsEk3/r/kilGPGriTw+cNudwXjrAAo91tkfWQ= X-Received: by 2002:a25:bb8c:0:b0:623:b475:d5f7 with SMTP id y12-20020a25bb8c000000b00623b475d5f7mr2893894ybg.654.1645028857166; Wed, 16 Feb 2022 08:27:37 -0800 (PST) MIME-Version: 1.0 References: <00000000000073b3e805d7fed17e@google.com> <462fa505-25a8-fd3f-cc36-5860c6539664@iogearbox.net> In-Reply-To: From: Song Liu Date: Wed, 16 Feb 2022 08:27:26 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [syzbot] KASAN: vmalloc-out-of-bounds Read in bpf_jit_free To: Aleksandr Nogikh Cc: Daniel Borkmann , syzbot , Andrii Nakryiko , Alexei Starovoitov , bpf , "David S . Miller" , Jesper Dangaard Brouer , John Fastabend , Martin KaFai Lau , KP Singh , Jakub Kicinski , open list , Networking , Song Liu , syzkaller-bugs@googlegroups.com, Yonghong Song Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Aleksandr, Thanks for your kind reply! On Wed, Feb 16, 2022 at 1:38 AM Aleksandr Nogikh wrote: > > Hi Song, > > Is syzkaller not doing something you expect it to do with this config? I fixed sshkey in the config, and added a suppression for hsr_node_get_first. However, I haven't got a repro overnight. > > On Wed, Feb 16, 2022 at 2:38 AM Song Liu wrote: > > > > On Mon, Feb 14, 2022 at 10:41 PM Song Liu wrote: > > > > > > On Mon, Feb 14, 2022 at 3:52 PM Daniel Borkmann wrote: > > > > > > > > Song, ptal. > > > > > > > > On 2/14/22 7:45 PM, syzbot wrote: > > > > > Hello, > > > > > > > > > > syzbot found the following issue on: > > > > > > > > > > HEAD commit: e5313968c41b Merge branch 'Split bpf_sk_lookup remote_port.. > > > > > git tree: bpf-next > > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=10baced8700000 > > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=c40b67275bfe2a58 > > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f > > > > How do I run the exact same syzkaller? I am doing something like > > > > ./bin/syz-manager -config qemu.cfg > > > > with the cfg file like: > > > > { > > "target": "linux/amd64", > > "http": ":56741", > > "workdir": "workdir", > > "kernel_obj": "linux", > > "image": "./pkg/mgrconfig/testdata/stretch.img", > > This image location looks suspicious - we store some dummy data for > tests in that folder. > Instances now run on buildroot-based images, generated with > https://github.com/google/syzkaller/blob/master/tools/create-buildroot-image.sh Thanks for the information. I will give it a try. > > > "syzkaller": ".", > > "disable_syscalls": ["keyctl", "add_key", "request_key"], > > For our bpf instances, instead of disable_syscalls we use enable_syscalls: > > "enable_syscalls": [ > "bpf", "mkdir", "mount$bpf", "unlink", "close", > "perf_event_open*", "ioctl$PERF*", "getpid", "gettid", > "socketpair", "sendmsg", "recvmsg", "setsockopt$sock_attach_bpf", > "socket$kcm", "ioctl$sock_kcm*", "syz_clone", > "mkdirat$cgroup*", "openat$cgroup*", "write$cgroup*", > "openat$tun", "write$tun", "ioctl$TUN*", "ioctl$SIOCSIFHWADDR", > "openat$ppp", "syz_open_procfs$namespace" > ] I will try with the same list. Thanks! Song > > > "suppressions": ["some known bug"], > > "procs": 8, > > We usually run with "procs": 6, but it's not that important. > > > "type": "qemu", > > "vm": { > > "count": 16, > > "cpu": 2, > > "mem": 2048, > > "kernel": "linux/arch/x86/boot/bzImage" > > } > > } > > Otherwise I don't see any really significant differences. > > -- > Best Regards > Aleksandr > > > > > Is this correct? I am using stretch.img from syzkaller site, and the > > .config from > > the link above. > > > > Thanks, > > Song > >