On Wed, Oct 23, 2024 at 02:51 PM +02, Jakub Sitnicki wrote:
> On Tue, Oct 22, 2024 at 02:36 AM GMT, Ruan Bonan wrote:
>> I used Syzkaller and found that there is KASAN: null-ptr-deref (general protection fault in
>> sock_map_link_update_prog) in net/core/sock_map.c in v6.12.0-rc2, which also causes a KASAN:
>> slab-use-after-free at the same time. It looks like a concurrency bug in the
>> BPF related subsystems. The
>> reproducer is available, and I have reproduced this bug with it
>> manually. Currently I can only reproduce this
>> bug with root privilege.
>>
>> The detailed reports, config file, and reproducer program are attached in this
>> e-mail. If you need further
>> details, please let me know.
>
> Thanks for the report. I was also able to reproduce the KASAN splat with
> the attached repro locally and will investigate futher.
For the record, Cong fixed this bug in commit 740be3b9a6d7 ("sock_map:
fix a NULL pointer dereference in sock_map_link_update_prog()") [1].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=740be3b9a6d73336f8c7d540842d0831dc7a808b
