syzbot <syzbot+af9492708df9797198d6@xxxxxxxxxxxxxxxxxxxxxxxxx> writes: > Hello, > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > general protection fault in dev_map_enqueue Alright, trying a different thing (not a correct patch, just testing a theory): #syz test https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git 443574b03387 diff --git a/net/core/filter.c b/net/core/filter.c index 786d792ac816..c2fd4f67766f 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -4301,8 +4301,9 @@ void bpf_clear_redirect_map(struct bpf_map *map) * cmpxchg() to make sure it hasn't been changed in * the meantime by remote CPU. */ - if (unlikely(READ_ONCE(ri->map) == map)) - cmpxchg(&ri->map, map, NULL); + if (unlikely(READ_ONCE(ri->map) == map) && + cmpxchg(&ri->map, map, NULL) == map) + WRITE_ONCE(ri->map_type, BPF_MAP_TYPE_UNSPEC); } }
