On Mon, Jun 11, 2018 at 11:42 AM, Daniel Borkmann <[email protected]> wrote: > On 06/10/2018 05:27 PM, syzbot wrote: >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit: a16afaf7928b Merge tag 'for-v4.18' of git://git.kernel.org.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=1338f6bf800000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=314f2150f36c16ca >> dashboard link: https://syzkaller.appspot.com/bug?extid=d2d729bdde65dee3eae6 >> compiler: gcc (GCC) 8.0.1 20180413 (experimental) >> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=1173381f800000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=171f90cf800000 >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit: >> Reported-by: [email protected] > > #syz fix: bpf: reject passing modified ctx to helper functions
On a related note, it seems that it still can unwind past bpf_skb_change_proto. I think the "net.core.bpf_jit_kallsyms = 1" sysctl should have been reached syzbot by the time of crash. Are you sure that's the only thing requires? We are using frame pointer unwinder just in case.
