Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp584369lqb; Wed, 17 Apr 2024 05:37:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWx9zgkLfQ+xGzLY7GtlrbAIyDtmTWjWFOqckb2kJlipdoUNxmbnWTKh3/pep4obG0jv2gKwn1cJM5JVeieAp1Qg2hyL/eXqwBJXmroFg== X-Google-Smtp-Source: AGHT+IEE7Yl6g5jkMGVQYH26Oz+Lb+NM53uHWjvDy3cT9vdXQbwz8YNmSgGue9JEYMQ0gh9tawu0 X-Received: by 2002:a17:906:d142:b0:a55:144a:adb8 with SMTP id br2-20020a170906d14200b00a55144aadb8mr3581135ejb.38.1713357475528; Wed, 17 Apr 2024 05:37:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713357475; cv=pass; d=google.com; s=arc-20160816; b=SbLx4GpBLyJCFwEg6gzRQvMRLPfAZyPWQFmrSon5VMkeL8xbc+FTQBbSNPfpgxwYGy UJk60kOs63KREA3RKJp0y2P+6vVTh5+uoWnnL4/NgrAlIxUKnnv0V+KFy4vqWCdMGHWB ZvR3+udUlajjnUGFHKUO+Z+P6KkUIpTCYx8afkA9StIrhqOCqj6FaD4WC4mNo/taGYUK 9q1SvVsEky1mC7U+YlBpuzyQTCBQHcQQ5ztHrWJRwSvDSraBWooZ+aGAADIXgC/zLzd/ q3UGlp9NbEiRRhJ0AHoVQN3yvVL+DkCiOafEgR3V/QAzsIaAtR36ZdqPeWwU7hZFfx9G VGaQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :message-id:date:references:in-reply-to:subject:to:from :dkim-signature; bh=Zt/ULfg6+ykuUbeNftjzx5uHE+zgn85VSYozzhYCTW8=; fh=CZFnAwJBbIksmv1qwVGQC/SYStI/8GISUhH//ca0xJI=; b=ua3naSg+cREp4aI46iQsr8kPdeXHLmjg/d+2eKxKzJ2Z26C2XmW3tXfB8JRJlcfWZn vtGjCwcCoc0e4FRMkIoX6YJhs2jqFFiwyZidT/qTUibjbUYPY1kDsD8MwPD4kHnu30UV vzFV63C14dBXJfEtS8iAAhgPVpjugYsCJNACyvic+7Bw1zyBD2cpuEvIOP1ag5o2bEk7 cdteIrS092JlYKOqFCyBZOOvc8hNvHcO4QCSKKwPGsThJdlNTFwTVUFM53zmIa1cRTme csApdxBZCpiEMUilf0BNAjh6jFlL1wpYZgFa6x4IWyUgGi7tvUgttvlWNeHlU2YPgtO3 WEPQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VWBAQPIc; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-148483-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-148483-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id v13-20020a1709061dcd00b00a52243fe84fsi6200743ejh.620.2024.04.17.05.37.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 05:37:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-148483-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VWBAQPIc; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-148483-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-148483-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 426CF1F22479 for ; Wed, 17 Apr 2024 12:37:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B57BB13D24E; Wed, 17 Apr 2024 12:37:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VWBAQPIc" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D62A744C6B; Wed, 17 Apr 2024 12:37:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713357463; cv=none; b=ekVB7JaLrU4XAIkNej9f/VxylbrVwaa07JP10zBiRrHCq/Ne3CpTFcoewZecqIgBDBbzU7VC0mircIMJZwipLrhAXyvdsUAL/jn7xGyMxcvGSe5PALhYS24RdM2h0CLOzcDO2JMOXtZa9JoC67h4jrK1G+owmRTlp5ZNSmlxDkU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713357463; c=relaxed/simple; bh=8NObq/H4Dilb0Mnzuz0GRC8TDvT8oEl+kBLbpirx3zw=; h=From:To:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=N/Id05rMwByN+frNwPD1PctAqiINKyDVprqiPNKArBKwYK9a88+Ig/l/2l38zkVM23itCoEHVbHTjsW0RZrAEZla9jbeT+PYdvfQhyG623xy54gJI8V4rtBUPpftJHaNUf91IPXxcCFCPkqwIavi1NqQhAvER4JadNUY81rXyic= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VWBAQPIc; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4080CC072AA; Wed, 17 Apr 2024 12:37:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713357463; bh=8NObq/H4Dilb0Mnzuz0GRC8TDvT8oEl+kBLbpirx3zw=; h=From:To:Subject:In-Reply-To:References:Date:From; b=VWBAQPIcG5eH+UcK0zoGVNOJ1fwoN8Y23l/oCXcVl/1rHZzXxd0gg2RBCVGV+HeSE 8vSNK8noQlpR1r8qacFDJt7mRkJcgG2Ri0Pczr9MlrBQi8XchBgATSr5VvmmktQjdl SaMCm9YaexbHT+73XbAM3+lGzftRqoGZgykJmZl4Xuq7iQGQcBo3ZXUya3vL9WxQWz F49sHhxLZ4thb99SLkaAawgdYTjFFy1hW+FF+SGTReLpEYDIo8mIcNhJaEkRm8KBgs IFnSwIDCMK0XmMWYIhaKHePdXmWbwL7RpymdxbkTA7CR4PQQZXzEBpDOffEQYzYsdc ph0tmdLM/5VPA== Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 4211D123389F; Tue, 16 Apr 2024 22:55:00 +0200 (CEST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= To: syzbot , andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, davem@davemloft.net, eadavis@qq.com, eddyz87@gmail.com, haoluo@google.com, hawk@kernel.org, john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org, kuba@kernel.org, linux-kernel@vger.kernel.org, martin.lau@linux.dev, netdev@vger.kernel.org, sdf@google.com, song@kernel.org, syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev Subject: Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue In-Reply-To: <0000000000003a924406159cf8ee@google.com> References: <0000000000003a924406159cf8ee@google.com> X-Clacks-Overhead: GNU Terry Pratchett Date: Tue, 16 Apr 2024 22:55:00 +0200 Message-ID: <87il0huixn.fsf@toke.dk> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain syzbot writes: > Hello, > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > general protection fault in dev_map_enqueue Alright, trying a different thing (not a correct patch, just testing a theory): #syz test https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git 443574b03387 diff --git a/net/core/filter.c b/net/core/filter.c index 786d792ac816..c2fd4f67766f 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -4301,8 +4301,9 @@ void bpf_clear_redirect_map(struct bpf_map *map) * cmpxchg() to make sure it hasn't been changed in * the meantime by remote CPU. */ - if (unlikely(READ_ONCE(ri->map) == map)) - cmpxchg(&ri->map, map, NULL); + if (unlikely(READ_ONCE(ri->map) == map) && + cmpxchg(&ri->map, map, NULL) == map) + WRITE_ONCE(ri->map_type, BPF_MAP_TYPE_UNSPEC); } }