From mboxrd@z Thu Jan 1 00:00:00 1970 From: syzbot Subject: Re: general protection fault in bpf_tcp_close Date: Fri, 06 Jul 2018 03:02:02 -0700 Message-ID: <00000000000060bff7057051c10c@google.com> References: <00000000000098e65b056d184a11@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes To: ast@kernel.org, daniel@iogearbox.net, dvyukov@google.com, john.fastabend@gmail.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com Return-path: In-Reply-To: <00000000000098e65b056d184a11@google.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org syzbot has found a reproducer for the following crash on: HEAD commit: 6fcf9b1d4d6c r8169: fix runtime suspend git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=1600b10c400000 kernel config: https://syzkaller.appspot.com/x/.config?x=d264f2b04177ca7c dashboard link: https://syzkaller.appspot.com/bug?extid=0ce137753c78f7b6acc1 compiler: gcc (GCC) 8.0.1 20180413 (experimental) syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=15ba0a1c400000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=100c8170400000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0ce137753c78f7b6acc1@syzkaller.appspotmail.com IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN CPU: 1 PID: 4705 Comm: syz-executor133 Not tainted 4.18.0-rc3+ #47 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bpf_tcp_close+0x215/0x1050 kernel/bpf/sockmap.c:327 Code: ------------[ cut here ]------------ Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object 'TCPv6' (offset 704, size 64)! WARNING: CPU: 1 PID: 4705 at mm/usercopy.c:81 usercopy_warn+0xf5/0x120 mm/usercopy.c:76 Kernel panic - not syncing: panic_on_warn set ... Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..