From: Song Liu <songliubraving@fb.com>
To: Aleksandr Nogikh <nogikh@google.com>
Cc: Song Liu <song@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
syzbot <syzbot+2f649ec6d2eea1495a8f@syzkaller.appspotmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Alexei Starovoitov <ast@kernel.org>, bpf <bpf@vger.kernel.org>,
"David S . Miller" <davem@davemloft.net>,
"Jesper Dangaard Brouer" <hawk@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
Martin Lau <kafai@fb.com>, KP Singh <kpsingh@kernel.org>,
Jakub Kicinski <kuba@kernel.org>,
open list <linux-kernel@vger.kernel.org>,
Networking <netdev@vger.kernel.org>,
"syzkaller-bugs@googlegroups.com"
<syzkaller-bugs@googlegroups.com>, Yonghong Song <yhs@fb.com>
Subject: Re: [syzbot] KASAN: vmalloc-out-of-bounds Read in bpf_jit_free
Date: Thu, 17 Feb 2022 20:05:11 +0000 [thread overview]
Message-ID: <2AB2B7C8-5F07-4D41-8CC3-04BE7C74DCCC@fb.com> (raw)
In-Reply-To: <CANp29Y4YC_rSKAgkYTaPV1gcN4q4WeGMvs61P2wnMQEv=kiu8A@mail.gmail.com>
Hi Aleksandr,
> On Feb 17, 2022, at 10:32 AM, Aleksandr Nogikh <nogikh@google.com> wrote:
>
> Hi Song,
>
> On Wed, Feb 16, 2022 at 5:27 PM Song Liu <song@kernel.org> wrote:
>>
>> Hi Aleksandr,
>>
>> Thanks for your kind reply!
>>
>> On Wed, Feb 16, 2022 at 1:38 AM Aleksandr Nogikh <nogikh@google.com> wrote:
>>>
>>> Hi Song,
>>>
>>> Is syzkaller not doing something you expect it to do with this config?
>>
>> I fixed sshkey in the config, and added a suppression for hsr_node_get_first.
>> However, I haven't got a repro overnight.
>
> Oh, that's unfortunately not a very reliable thing. The bug has so far
> happened only once on syzbot, so it must be pretty rare. Maybe you'll
> have more luck with your local setup :)
>
> You can try to run syz-repro on the log file that is available on the
> syzbot dashboard:
> https://github.com/google/syzkaller/blob/master/tools/syz-repro/repro.go
> Syzbot has already done it and apparently failed to succeed, but this
> is also somewhat probabilistic, especially when the bug is due to some
> rare race condition. So trying it several times might help.
>
> Also you might want to hack your local syzkaller copy a bit:
> https://github.com/google/syzkaller/blob/master/syz-manager/manager.go#L804
> Here you can drop the limit on the maximum number of repro attempts
> and make needLocalRepro only return true if crash.Title matches the
> title of this particular bug. With this change your local syzkaller
> instance won't waste time reproducing other bugs.
>
> There's also a way to focus syzkaller on some specific kernel
> functions/source files:
> https://github.com/google/syzkaller/blob/master/pkg/mgrconfig/config.go#L125
Thanks for these tips!
After fixing some other things. I was able to reproduce one of the three
failures modes overnight and some related issues from fault injection.
These errors gave me clue to fix the bug (or at least one of the bugs).
I have a suggestions on the bug dashboard, like:
https://syzkaller.appspot.com/bug?id=86fa0212fb895a0d41fd1f1eecbeaee67191a4c9
It isn't obvious to me which image was used in the test. Maybe we can add
a link to the image or instructions to build the image? In this case, I
think the bug only triggers on some images, so testing with the exact image
is important.
Thanks again,
Song
next prev parent reply other threads:[~2022-02-17 20:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-14 18:45 [syzbot] KASAN: vmalloc-out-of-bounds Read in bpf_jit_free syzbot
2022-02-14 23:52 ` Daniel Borkmann
2022-02-15 6:41 ` Song Liu
2022-02-16 1:37 ` Song Liu
2022-02-16 9:38 ` Aleksandr Nogikh
2022-02-16 16:27 ` Song Liu
2022-02-17 18:32 ` Aleksandr Nogikh
2022-02-17 20:05 ` Song Liu [this message]
2022-02-18 20:12 ` Aleksandr Nogikh
2022-07-03 7:57 ` syzbot
2022-07-04 9:04 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2AB2B7C8-5F07-4D41-8CC3-04BE7C74DCCC@fb.com \
--to=songliubraving@fb.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=hawk@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nogikh@google.com \
--cc=song@kernel.org \
--cc=syzbot+2f649ec6d2eea1495a8f@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox