KASAN: null-ptr-deref Write in xdp_umem_unaccount

Title	Replies (including bot)	Last reply
KASAN: null-ptr-deref Write in xdp_umem_unaccount_pages	1 (2)	2018/06/08 09:50
[PATCH bpf] bpf, xdp: fix crash in xdp_umem_unaccount_pages	2 (2)	2018/06/07 22:35

RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 RBP: 00000000006cb018 R08: 0000000000000018 R09: 00007fffc4750032 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000005 R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 ================================================================== BUG: KASAN: null-ptr-deref in atomic64_sub include/asm-generic/atomic-instrumented.h:144 [inline] BUG: KASAN: null-ptr-deref in atomic_long_sub include/asm-generic/atomic-long.h:199 [inline] BUG: KASAN: null-ptr-deref in xdp_umem_unaccount_pages.isra.4+0x3d/0x80 net/xdp/xdp_umem.c:135 Write of size 8 at addr 0000000000000060 by task syz-executor246/4527 CPU: 1 PID: 4527 Comm: syz-executor246 Not tainted 4.17.0+ #89 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report.cold.7+0x6d/0x2fe mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 atomic64_sub include/asm-generic/atomic-instrumented.h:144 [inline] atomic_long_sub include/asm-generic/atomic-long.h:199 [inline] xdp_umem_unaccount_pages.isra.4+0x3d/0x80 net/xdp/xdp_umem.c:135 xdp_umem_reg net/xdp/xdp_umem.c:334 [inline] xdp_umem_create+0xd6c/0x10f0 net/xdp/xdp_umem.c:349 xsk_setsockopt+0x443/0x550 net/xdp/xsk.c:531 __sys_setsockopt+0x1bd/0x390 net/socket.c:1935 __do_sys_setsockopt net/socket.c:1946 [inline] __se_sys_setsockopt net/socket.c:1943 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1943 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x440549 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fffc475d008 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440549 RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 RBP: 00000000006cb018 R08: 0000000000000018 R09: 00007fffc4750032 R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000005 R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 ==================================================================

Crashes (25):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/06/07 18:05	upstream	1c8c5a9d38f6	645e75f8	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/06/11 07:31	upstream	1aaccb5fa0ea	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/11 07:03	upstream	1aaccb5fa0ea	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/11 00:19	upstream	3ca24ce9ff76	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 21:51	upstream	3ca24ce9ff76	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 20:55	upstream	3ca24ce9ff76	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 19:02	upstream	3ca24ce9ff76	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 17:27	upstream	3ca24ce9ff76	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 05:18	upstream	a16afaf7928b	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 04:44	upstream	a16afaf7928b	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 04:32	upstream	a16afaf7928b	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/10 04:24	upstream	a16afaf7928b	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/09 23:56	upstream	a16afaf7928b	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/09 20:53	upstream	7d3bf613e99a	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/09 18:46	upstream	7d3bf613e99a	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/09 17:10	upstream	7d3bf613e99a	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/09 03:38	upstream	410feb75de24	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/08 23:50	upstream	410feb75de24	866118af	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/08 18:48	upstream	68abbe729567	83f945db	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/08 13:59	upstream	68abbe729567	f7b27b7a	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/08 08:16	upstream	68abbe729567	f7b27b7a	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/07 23:38	upstream	1c8c5a9d38f6	645e75f8	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/07 19:44	upstream	1c8c5a9d38f6	645e75f8	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/07 14:54	upstream	1c8c5a9d38f6	645e75f8	.config	console log	report			ci-upstream-kasan-gce-root
2018/06/07 14:32	upstream	1c8c5a9d38f6	645e75f8	.config	console log	report			ci-upstream-kasan-gce-root

Crashes (25):

Assets (help?)

2018/06/07 18:05

upstream