syzbot
unread,Jul 29, 2023, 8:48:52 PM7/29/23Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to and...@kernel.org, a...@kernel.org, b...@vger.kernel.org, dan...@iogearbox.net, hao...@google.com, john.fa...@gmail.com, jo...@kernel.org, kps...@kernel.org, linux-...@vger.kernel.org, marti...@linux.dev, net...@vger.kernel.org, s...@google.com, so...@kernel.org, syzkall...@googlegroups.com, y...@fb.com
Hello,
syzbot found the following issue on:
HEAD commit: ec87f05402f5 octeontx2-af: Install TC filter rules in hard..
git tree: net-next
console output:
https://syzkaller.appspot.com/x/log.txt?x=12a76df1a80000
kernel config:
https://syzkaller.appspot.com/x/.config?x=8acaeb93ad7c6aaa
dashboard link:
https://syzkaller.appspot.com/bug?extid=0c06ba0f831fe07a8f27
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/0fc53904fc08/disk-ec87f054.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/aee64718ea5c/vmlinux-ec87f054.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/d3b6d3f4cfbc/bzImage-ec87f054.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+0c06ba...@syzkaller.appspotmail.com
================================================================================
UBSAN: array-index-out-of-bounds in ./include/linux/bpf_mprog.h:292:24
index 4294967295 is out of range for type 'bpf_mprog_fp [64]'
CPU: 1 PID: 13232 Comm: syz-executor.1 Not tainted 6.5.0-rc2-syzkaller-00573-gec87f05402f5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x111/0x150 lib/ubsan.c:348
bpf_mprog_read include/linux/bpf_mprog.h:292 [inline]
bpf_mprog_fetch kernel/bpf/mprog.c:307 [inline]
bpf_mprog_detach+0xcd7/0xd50 kernel/bpf/mprog.c:381
tcx_prog_detach+0x258/0x950 kernel/bpf/tcx.c:78
bpf_prog_detach kernel/bpf/syscall.c:3877 [inline]
__sys_bpf+0x36ee/0x4ec0 kernel/bpf/syscall.c:5357
__do_sys_bpf kernel/bpf/syscall.c:5449 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5447 [inline]
__x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5447
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f443e27cb29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f443cdfe0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f443e39bf80 RCX: 00007f443e27cb29
RDX: 0000000000000020 RSI: 0000000020000340 RDI: 0000000000000009
RBP: 00007f443e2c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f443e39bf80 R15: 00007ffdb0833788
</TASK>
================================================================================
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup