• Yonghong Song's avatar
    bpf: Fix a btf decl_tag bug when tagging a function · 796d5666
    Yonghong Song authored
    [ Upstream commit d7e7b42f ]
    
    syzbot reported a btf decl_tag bug with stack trace below:
    
      general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
      KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
      CPU: 0 PID: 3592 Comm: syz-executor914 Not tainted 5.16.0-syzkaller-11424-gb7892f7d #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:btf_type_vlen include/linux/btf.h:231 [inline]
      RIP: 0010:btf_decl_tag_resolve+0x83e/0xaa0 kernel/bpf/btf.c:3910
      ...
      Call Trace:
       <TASK>
       btf_resolve+0x251/0x1020 kernel/bpf/btf.c:4198
       btf_check_all_types kernel/bpf/btf.c:4239 [inline]
       btf_parse_type_sec kernel/bpf/btf.c:4280 [inline]
       btf_parse kernel/bpf/btf.c:4513 [inline]
       btf_new_fd+0x19fe/0x2370 kernel/bpf/btf.c:6047
       bpf_btf_load kernel/bpf/syscall.c:4039 [inline]
       __sys_bpf+0x1cbb...
    796d5666
btf.c 176 KB