Re: raw_tp+cookie is buggy. Was: [syzbot] [bpf?] [trace?] KASAN: slab-use-after-free Read in bpf_trace_run1

On Mon, Mar 25, 2024 at 10:27 AM Andrii Nakryiko wrote: > > On Sun, Mar 24, 2024 at 5:07 PM Alexei Starovoitov > wrote: > > > > Hi Andrii, > > > > syzbot found UAF in raw_tp cookie series in bpf-next. > > Reverting the whole merge > > 2e244a72cd48 ("Merge branch

Re: raw_tp+cookie is buggy. Was: [syzbot] [bpf?] [trace?] KASAN: slab-use-after-free Read in bpf_trace_run1

On Sun, Mar 24, 2024 at 5:07 PM Alexei Starovoitov wrote: > > Hi Andrii, > > syzbot found UAF in raw_tp cookie series in bpf-next. > Reverting the whole merge > 2e244a72cd48 ("Merge branch 'bpf-raw-tracepoint-support-for-bpf-cookie'") > > fixes the issue. > > Pls take a look. > See C reproducer

raw_tp+cookie is buggy. Was: [syzbot] [bpf?] [trace?] KASAN: slab-use-after-free Read in bpf_trace_run1

Hi Andrii, syzbot found UAF in raw_tp cookie series in bpf-next. Reverting the whole merge 2e244a72cd48 ("Merge branch 'bpf-raw-tracepoint-support-for-bpf-cookie'") fixes the issue. Pls take a look. See C reproducer below. It splats consistently with CONFIG_KASAN=y Thanks. On Sun, Mar 24,

[syzbot] [bpf?] [trace?] KASAN: slab-use-after-free Read in bpf_trace_run1

Hello, syzbot found the following issue on: HEAD commit:520fad2e3206 selftests/bpf: scale benchmark counting by us.. git tree: bpf-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=105af94618 kernel config: https://syzkaller.appspot.com/x/.config?x=6fb1be60a193d440