WARNING in bpf_warn_invalid_xdp_action
17 views
Skip to first unread message
syzbot
Apr 10, 2020, 5:45:12 PM4/10/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: dda0e292 Linux 4.19.114
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11098c7de00000
kernel config: https://syzkaller.appspot.com/x/.config?x=f32ac7e5b2d5c341
dashboard link: https://syzkaller.appspot.com/bug?extid=db623516b5a108ea6784
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+db6235...@syzkaller.appspotmail.com
------------[ cut here ]------------
Illegal XDP return value 1805142099, expect packet loss!
WARNING: CPU: 1 PID: 18 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
WARNING: CPU: 1 PID: 18 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.114-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x46 kernel/panic.c:541
report_bug+0x262/0x2a0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1037
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
Code: 20 a6 0a 88 41 83 fc 04 48 c7 c6 60 a6 0a 88 48 0f 46 ee e8 b3 30 c2 fb 44 89 e2 48 c7 c7 a0 a6 0a 88 48 89 ee e8 2c 45 97 fb <0f> 0b 5b 5d 41 5c e9 96 30 c2 fb 66 0f 1f 44 00 00 41 57 41 56 49
RSP: 0018:ffff8880a9f17b20 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff8152d3a1 RDI: ffffed10153e2f56
RBP: ffffffff880aa620 R08: ffff8880a9efe4c0 R09: ffffed1015ce5079
R10: ffffed1015ce5078 R11: ffff8880ae7283c7 R12: 000000006b984853
R13: ffff88809233b440 R14: ffff8880a9f17c30 R15: dffffc0000000000
veth_xdp_rcv_skb drivers/net/veth.c:551 [inline]
veth_xdp_rcv drivers/net/veth.c:602 [inline]
veth_poll+0x1259/0x3500 drivers/net/veth.c:622
napi_poll net/core/dev.c:6264 [inline]
net_rx_action+0x4ab/0xfc0 net/core/dev.c:6330
__do_softirq+0x26c/0x93c kernel/softirq.c:292
run_ksoftirqd kernel/softirq.c:653 [inline]
run_ksoftirqd+0x89/0x100 kernel/softirq.c:645
smpboot_thread_fn+0x653/0x9d0 kernel/smpboot.c:164
kthread+0x34a/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: dda0e292 Linux 4.19.114
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11098c7de00000
kernel config: https://syzkaller.appspot.com/x/.config?x=f32ac7e5b2d5c341
dashboard link: https://syzkaller.appspot.com/bug?extid=db623516b5a108ea6784
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+db6235...@syzkaller.appspotmail.com
------------[ cut here ]------------
Illegal XDP return value 1805142099, expect packet loss!
WARNING: CPU: 1 PID: 18 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
WARNING: CPU: 1 PID: 18 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.114-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x46 kernel/panic.c:541
report_bug+0x262/0x2a0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1037
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
Code: 20 a6 0a 88 41 83 fc 04 48 c7 c6 60 a6 0a 88 48 0f 46 ee e8 b3 30 c2 fb 44 89 e2 48 c7 c7 a0 a6 0a 88 48 89 ee e8 2c 45 97 fb <0f> 0b 5b 5d 41 5c e9 96 30 c2 fb 66 0f 1f 44 00 00 41 57 41 56 49
RSP: 0018:ffff8880a9f17b20 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff8152d3a1 RDI: ffffed10153e2f56
RBP: ffffffff880aa620 R08: ffff8880a9efe4c0 R09: ffffed1015ce5079
R10: ffffed1015ce5078 R11: ffff8880ae7283c7 R12: 000000006b984853
R13: ffff88809233b440 R14: ffff8880a9f17c30 R15: dffffc0000000000
veth_xdp_rcv_skb drivers/net/veth.c:551 [inline]
veth_xdp_rcv drivers/net/veth.c:602 [inline]
veth_poll+0x1259/0x3500 drivers/net/veth.c:622
napi_poll net/core/dev.c:6264 [inline]
net_rx_action+0x4ab/0xfc0 net/core/dev.c:6330
__do_softirq+0x26c/0x93c kernel/softirq.c:292
run_ksoftirqd kernel/softirq.c:653 [inline]
run_ksoftirqd+0x89/0x100 kernel/softirq.c:645
smpboot_thread_fn+0x653/0x9d0 kernel/smpboot.c:164
kthread+0x34a/0x420 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 10, 2020, 6:08:16 PM4/10/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: dda0e292 Linux 4.19.114
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=113c6b5de00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=150a9253e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+db6235...@syzkaller.appspotmail.com
------------[ cut here ]------------
Illegal XDP return value 4113573848, expect packet loss!
WARNING: CPU: 0 PID: 9 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
WARNING: CPU: 0 PID: 9 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
RBP: ffffffff880aa620 R08: ffff8880a9e96240 R09: ffffed1015cc5079
R10: ffffed1015cc5078 R11: ffff8880ae6283c7 R12: 00000000f53027d8
R13: ffff888088d122c0 R14: ffff8880a9ea7c30 R15: dffffc0000000000
HEAD commit: dda0e292 Linux 4.19.114
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=f32ac7e5b2d5c341
dashboard link: https://syzkaller.appspot.com/bug?extid=db623516b5a108ea6784
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d94de7e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=db623516b5a108ea6784
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=150a9253e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+db6235...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
WARNING: CPU: 0 PID: 9 at net/core/filter.c:5535 bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.114-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x46 kernel/panic.c:541
report_bug+0x262/0x2a0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1037
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
Code: 20 a6 0a 88 41 83 fc 04 48 c7 c6 60 a6 0a 88 48 0f 46 ee e8 b3 30 c2 fb 44 89 e2 48 c7 c7 a0 a6 0a 88 48 89 ee e8 2c 45 97 fb <0f> 0b 5b 5d 41 5c e9 96 30 c2 fb 66 0f 1f 44 00 00 41 57 41 56 49
RSP: 0018:ffff8880a9ea7b20 EFLAGS: 00010286
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x46 kernel/panic.c:541
report_bug+0x262/0x2a0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1037
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:5535 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5531
Code: 20 a6 0a 88 41 83 fc 04 48 c7 c6 60 a6 0a 88 48 0f 46 ee e8 b3 30 c2 fb 44 89 e2 48 c7 c7 a0 a6 0a 88 48 89 ee e8 2c 45 97 fb <0f> 0b 5b 5d 41 5c e9 96 30 c2 fb 66 0f 1f 44 00 00 41 57 41 56 49
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff8152d3a1 RDI: ffffed10153d4f56
RBP: ffffffff880aa620 R08: ffff8880a9e96240 R09: ffffed1015cc5079
R10: ffffed1015cc5078 R11: ffff8880ae6283c7 R12: 00000000f53027d8
R13: ffff888088d122c0 R14: ffff8880a9ea7c30 R15: dffffc0000000000
syzbot
Apr 10, 2020, 8:08:12 PM4/10/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16a34743e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=451cad93f2a49dd8a3eb
audit: type=1804 audit(1586563630.708:19): pid=8427 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir313411876/syzkaller.Ssvwtx/19/file0/bus" dev="sda1" ino=15849 res=1
Illegal XDP return value 2765283967, expect packet loss!
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
WARNING: CPU: 1 PID: 0 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x2f/0x30 kernel/panic.c:547
report_bug+0x20a/0x248 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
RSP: 0018:ffff8880aeb07500 EFLAGS: 00010282
RAX: 0000000000000038 RBX: 00000000a4d2e27f RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff86ac07e0 RDI: ffffed1015d60e96
RBP: ffffffff8738d300 R08: 0000000000000038 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000a4d2e27f
R13: 0000000000000000 R14: ffff88808bdfcf46 R15: ffff88808bdfcf04
netif_receive_generic_xdp net/core/dev.c:3959 [inline]
do_xdp_generic.part.0+0x513/0x9e0 net/core/dev.c:4004
do_xdp_generic net/core/dev.c:4042 [inline]
netif_rx_internal+0x330/0x800 net/core/dev.c:4042
dev_forward_skb+0x39/0x50 net/core/dev.c:1870
veth_xmit+0xf1/0x300 drivers/net/veth.c:114
__netdev_start_xmit include/linux/netdevice.h:4039 [inline]
netdev_start_xmit include/linux/netdevice.h:4048 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x186/0x890 net/core/dev.c:3025
__dev_queue_xmit+0x1d91/0x25c0 net/core/dev.c:3525
neigh_resolve_output net/core/neighbour.c:1369 [inline]
neigh_resolve_output+0x50a/0x8b0 net/core/neighbour.c:1349
neigh_output include/net/neighbour.h:500 [inline]
ip6_finish_output2+0x992/0x2150 net/ipv6/ip6_output.c:120
ip6_finish_output+0x4d9/0xaf0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c9/0x650 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
ndisc_send_skb+0xb56/0x11e0 net/ipv6/ndisc.c:483
FAT-fs (loop0): bogus number of reserved sectors
ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677
addrconf_rs_timer+0x289/0x5a0 net/ipv6/addrconf.c:3761
FAT-fs (loop0): Can't find a valid FAT filesystem
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1279
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x52a/0x1390 kernel/time/timer.c:1649
__do_softirq+0x254/0x9bf kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x15b/0x1a0 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1102
apic_timer_interrupt+0x8f/0xa0 arch/x86/entry/entry_64.S:792
</IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
RSP: 0018:ffff8880a989fee0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff0fa2cd4 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880a988abbc
RBP: ffffffff87d16690 R08: 1ffffffff1124101 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffed1015311468
R13: ffff8880a988a340 R14: 0000000000000000 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0x47/0x370 arch/x86/kernel/process.c:566
cpuidle_idle_call kernel/sched/idle.c:156 [inline]
do_idle+0x250/0x3c0 kernel/sched/idle.c:246
cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:351
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
syzbot found the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16a34743e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=451cad93f2a49dd8a3eb
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+451cad...@syzkaller.appspotmail.com
audit: type=1804 audit(1586563630.708:19): pid=8427 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir313411876/syzkaller.Ssvwtx/19/file0/bus" dev="sda1" ino=15849 res=1
Illegal XDP return value 2765283967, expect packet loss!
------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
WARNING: CPU: 1 PID: 0 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x2f/0x30 kernel/panic.c:547
report_bug+0x20a/0x248 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
RSP: 0018:ffff8880aeb07500 EFLAGS: 00010282
RAX: 0000000000000038 RBX: 00000000a4d2e27f RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff86ac07e0 RDI: ffffed1015d60e96
RBP: ffffffff8738d300 R08: 0000000000000038 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000a4d2e27f
R13: 0000000000000000 R14: ffff88808bdfcf46 R15: ffff88808bdfcf04
netif_receive_generic_xdp net/core/dev.c:3959 [inline]
do_xdp_generic.part.0+0x513/0x9e0 net/core/dev.c:4004
do_xdp_generic net/core/dev.c:4042 [inline]
netif_rx_internal+0x330/0x800 net/core/dev.c:4042
dev_forward_skb+0x39/0x50 net/core/dev.c:1870
veth_xmit+0xf1/0x300 drivers/net/veth.c:114
__netdev_start_xmit include/linux/netdevice.h:4039 [inline]
netdev_start_xmit include/linux/netdevice.h:4048 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x186/0x890 net/core/dev.c:3025
__dev_queue_xmit+0x1d91/0x25c0 net/core/dev.c:3525
neigh_resolve_output net/core/neighbour.c:1369 [inline]
neigh_resolve_output+0x50a/0x8b0 net/core/neighbour.c:1349
neigh_output include/net/neighbour.h:500 [inline]
ip6_finish_output2+0x992/0x2150 net/ipv6/ip6_output.c:120
ip6_finish_output+0x4d9/0xaf0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c9/0x650 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
ndisc_send_skb+0xb56/0x11e0 net/ipv6/ndisc.c:483
FAT-fs (loop0): bogus number of reserved sectors
ndisc_send_rs+0x125/0x630 net/ipv6/ndisc.c:677
addrconf_rs_timer+0x289/0x5a0 net/ipv6/addrconf.c:3761
FAT-fs (loop0): Can't find a valid FAT filesystem
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1279
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x52a/0x1390 kernel/time/timer.c:1649
__do_softirq+0x254/0x9bf kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x15b/0x1a0 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1102
apic_timer_interrupt+0x8f/0xa0 arch/x86/entry/entry_64.S:792
</IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
RSP: 0018:ffff8880a989fee0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff0fa2cd4 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880a988abbc
RBP: ffffffff87d16690 R08: 1ffffffff1124101 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffed1015311468
R13: ffff8880a988a340 R14: 0000000000000000 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0x47/0x370 arch/x86/kernel/process.c:566
cpuidle_idle_call kernel/sched/idle.c:156 [inline]
do_idle+0x250/0x3c0 kernel/sched/idle.c:246
cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:351
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
Kernel Offset: disabled
Rebooting in 86400 seconds..
Rebooting in 86400 seconds..
syzbot
Apr 10, 2020, 9:16:14 PM4/10/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16134743e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102133cde00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+451cad...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
Illegal XDP return value 2208975216, expect packet loss!
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6352 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
WARNING: CPU: 1 PID: 6352 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
RAX: 0000000000000038 RBX: 0000000083aa4970 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff86ac07e0 RDI: ffffed1015d60ebe
R13: 0000000000000000 R14: ffff8880a82dc606 R15: ffff8880a82dc5c4
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0x1085/0x2150 net/ipv6/ip6_output.c:120
mld_sendpack+0x86d/0xca0 net/ipv6/mcast.c:1660
mld_send_cr net/ipv6/mcast.c:1956 [inline]
mld_ifc_timer_expire+0x3b0/0x7b0 net/ipv6/mcast.c:2455
</IRQ>
do_softirq.part.0+0x103/0x160 kernel/softirq.c:332
do_softirq kernel/softirq.c:324 [inline]
__local_bh_enable_ip+0x149/0x190 kernel/softirq.c:185
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:725 [inline]
ip_finish_output2+0x7ae/0x14a0 net/ipv4/ip_output.c:231
ip_finish_output+0x556/0xc30 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1c2/0x520 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:462 [inline]
ip_local_out+0x93/0x170 net/ipv4/ip_output.c:124
ip_queue_xmit+0x7b2/0x1b20 net/ipv4/ip_output.c:504
__tcp_transmit_skb+0x1654/0x2dd0 net/ipv4/tcp_output.c:1131
tcp_transmit_skb net/ipv4/tcp_output.c:1147 [inline]
tcp_write_xmit+0x56a/0x4a60 net/ipv4/tcp_output.c:2391
__tcp_push_pending_frames+0x9c/0x240 net/ipv4/tcp_output.c:2572
tcp_push+0x3fd/0x5f0 net/ipv4/tcp.c:715
tcp_sendmsg_locked+0x218c/0x2fd0 net/ipv4/tcp.c:1426
tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1457
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xc5/0x100 net/socket.c:656
sock_write_iter+0x22c/0x370 net/socket.c:925
call_write_iter include/linux/fs.h:1778 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
vfs_write+0x192/0x4e0 fs/read_write.c:544
SYSC_write fs/read_write.c:590 [inline]
SyS_write+0xf2/0x210 fs/read_write.c:582
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7f3a3ad9b970
RSP: 002b:00007ffeb59faf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000034 RCX: 00007f3a3ad9b970
RDX: 0000000000000034 RSI: 00005603a38bf3ec RDI: 0000000000000003
RBP: 00005603a38b1070 R08: 00007ffeb59fb010 R09: 0000000000000100
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffeb59fafef R14: 00005603a1ba5be7 R15: 0000000000000003
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=451cad93f2a49dd8a3eb
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=112fbffbe00000
dashboard link: https://syzkaller.appspot.com/bug?extid=451cad93f2a49dd8a3eb
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102133cde00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+451cad...@syzkaller.appspotmail.com
Illegal XDP return value 2208975216, expect packet loss!
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6352 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
WARNING: CPU: 1 PID: 6352 at net/core/filter.c:3649 bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 6352 Comm: sshd Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x2f/0x30 kernel/panic.c:547
report_bug+0x20a/0x248 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
RSP: 0018:ffff8880aeb07640 EFLAGS: 00010282
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x2f/0x30 kernel/panic.c:547
report_bug+0x20a/0x248 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:3649 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action.cold+0x3c/0x43 net/core/filter.c:3645
RAX: 0000000000000038 RBX: 0000000083aa4970 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff86ac07e0 RDI: ffffed1015d60ebe
RBP: ffffffff8738d300 R08: 0000000000000038 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000083aa4970
R13: 0000000000000000 R14: ffff8880a82dc606 R15: ffff8880a82dc5c4
netif_receive_generic_xdp net/core/dev.c:3959 [inline]
do_xdp_generic.part.0+0x513/0x9e0 net/core/dev.c:4004
do_xdp_generic net/core/dev.c:4042 [inline]
netif_rx_internal+0x330/0x800 net/core/dev.c:4042
dev_forward_skb+0x39/0x50 net/core/dev.c:1870
veth_xmit+0xf1/0x300 drivers/net/veth.c:114
__netdev_start_xmit include/linux/netdevice.h:4039 [inline]
netdev_start_xmit include/linux/netdevice.h:4048 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x186/0x890 net/core/dev.c:3025
__dev_queue_xmit+0x1d91/0x25c0 net/core/dev.c:3525
neigh_hh_output include/net/neighbour.h:490 [inline]
do_xdp_generic.part.0+0x513/0x9e0 net/core/dev.c:4004
do_xdp_generic net/core/dev.c:4042 [inline]
netif_rx_internal+0x330/0x800 net/core/dev.c:4042
dev_forward_skb+0x39/0x50 net/core/dev.c:1870
veth_xmit+0xf1/0x300 drivers/net/veth.c:114
__netdev_start_xmit include/linux/netdevice.h:4039 [inline]
netdev_start_xmit include/linux/netdevice.h:4048 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x186/0x890 net/core/dev.c:3025
__dev_queue_xmit+0x1d91/0x25c0 net/core/dev.c:3525
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0x1085/0x2150 net/ipv6/ip6_output.c:120
ip6_finish_output+0x4d9/0xaf0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c9/0x650 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x1c9/0x650 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
mld_sendpack+0x86d/0xca0 net/ipv6/mcast.c:1660
mld_send_cr net/ipv6/mcast.c:1956 [inline]
mld_ifc_timer_expire+0x3b0/0x7b0 net/ipv6/mcast.c:2455
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1279
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x52a/0x1390 kernel/time/timer.c:1649
__do_softirq+0x254/0x9bf kernel/softirq.c:288
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1015
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x52a/0x1390 kernel/time/timer.c:1649
__do_softirq+0x254/0x9bf kernel/softirq.c:288
</IRQ>
do_softirq.part.0+0x103/0x160 kernel/softirq.c:332
do_softirq kernel/softirq.c:324 [inline]
__local_bh_enable_ip+0x149/0x190 kernel/softirq.c:185
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:725 [inline]
ip_finish_output2+0x7ae/0x14a0 net/ipv4/ip_output.c:231
ip_finish_output+0x556/0xc30 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1c2/0x520 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:462 [inline]
ip_local_out+0x93/0x170 net/ipv4/ip_output.c:124
ip_queue_xmit+0x7b2/0x1b20 net/ipv4/ip_output.c:504
__tcp_transmit_skb+0x1654/0x2dd0 net/ipv4/tcp_output.c:1131
tcp_transmit_skb net/ipv4/tcp_output.c:1147 [inline]
tcp_write_xmit+0x56a/0x4a60 net/ipv4/tcp_output.c:2391
__tcp_push_pending_frames+0x9c/0x240 net/ipv4/tcp_output.c:2572
tcp_push+0x3fd/0x5f0 net/ipv4/tcp.c:715
tcp_sendmsg_locked+0x218c/0x2fd0 net/ipv4/tcp.c:1426
tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1457
inet_sendmsg+0x116/0x4d0 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xc5/0x100 net/socket.c:656
sock_write_iter+0x22c/0x370 net/socket.c:925
call_write_iter include/linux/fs.h:1778 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
vfs_write+0x192/0x4e0 fs/read_write.c:544
SYSC_write fs/read_write.c:590 [inline]
SyS_write+0xf2/0x210 fs/read_write.c:582
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x7f3a3ad9b970
RSP: 002b:00007ffeb59faf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000034 RCX: 00007f3a3ad9b970
RDX: 0000000000000034 RSI: 00005603a38bf3ec RDI: 0000000000000003
RBP: 00005603a38b1070 R08: 00007ffeb59fb010 R09: 0000000000000100
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffeb59fafef R14: 00005603a1ba5be7 R15: 0000000000000003
Reply all
Reply to author
Forward
0 new messages