Hello:
This patch was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@xxxxxxxxxx>:
On Thu, 25 Aug 2022 23:26:47 +0200 you wrote:
> Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which
> is based on a customized syzkaller:
>
> BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0
> Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489
> CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> 1.13.0-1ubuntu1.1 04/01/2014
> Call Trace:
> <TASK>
> dump_stack_lvl+0x9c/0xc9
> print_address_description.constprop.0+0x1f/0x1f0
> ? bpf_int_jit_compile+0x1257/0x13f0
> kasan_report.cold+0xeb/0x197
> ? kvmalloc_node+0x170/0x200
> ? bpf_int_jit_compile+0x1257/0x13f0
> bpf_int_jit_compile+0x1257/0x13f0
> ? arch_prepare_bpf_dispatcher+0xd0/0xd0
> ? rcu_read_lock_sched_held+0x43/0x70
> bpf_prog_select_runtime+0x3e8/0x640
> ? bpf_obj_name_cpy+0x149/0x1b0
> bpf_prog_load+0x102f/0x2220
> ? __bpf_prog_put.constprop.0+0x220/0x220
> ? find_held_lock+0x2c/0x110
> ? __might_fault+0xd6/0x180
> ? lock_downgrade+0x6e0/0x6e0
> ? lock_is_held_type+0xa6/0x120
> ? __might_fault+0x147/0x180
> __sys_bpf+0x137b/0x6070
> ? bpf_perf_link_attach+0x530/0x530
> ? new_sync_read+0x600/0x600
> ? __fget_files+0x255/0x450
> ? lock_downgrade+0x6e0/0x6e0
> ? fput+0x30/0x1a0
> ? ksys_write+0x1a8/0x260
> __x64_sys_bpf+0x7a/0xc0
> ? syscall_enter_from_user_mode+0x21/0x70
> do_syscall_64+0x3b/0x90
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7f917c4e2c2d
>
> [...]
Here is the summary with links:
- [bpf] bpf: Don't use tnum_range on array range checking for poke descriptors
https://git.kernel.org/bpf/bpf/c/a657182a5c51
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
