[v5.15] WARNING in bpf_xdp_adjust_tail
13 views
Skip to first unread message
syzbot
Mar 7, 2023, 3:14:47 PM3/7/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=119267bcc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=b62eebe3254e37ab352a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b62eeb...@syzkaller.appspotmail.com
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
WARNING: CPU: 0 PID: 5572 at net/core/filter.c:3848 bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
Modules linked in:
CPU: 0 PID: 5572 Comm: syz-executor.5 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
lr : ____bpf_xdp_adjust_tail net/core/filter.c:3848 [inline]
lr : bpf_xdp_adjust_tail+0x1a4/0x1b0 net/core/filter.c:3837
sp : ffff80001d6d7470
x29: ffff80001d6d7470 x28: ffff0000ff07fec0 x27: 1ffff00003adaed9
x26: ffff0000ff06feef x25: dfff800000000000 x24: 0000000000020000
x23: ffff0000ff06feef x22: 0000000000000000 x21: ffff80001d6d76c0
x20: ffff80001d6d76c8 x19: ffff800016d3f000 x18: 0000000000000201
x17: ff80800008337080 x16: ffff80001197afb0 x15: ffff800008337080
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000040000
x11: 0000000000006158 x10: ffff80001f889000 x9 : 0f6848182d18e400
x8 : 0f6848182d18e400 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001d6d6bd8 x4 : ffff800014a10780 x3 : ffff80000854d760
x2 : 0000000000000001 x1 : 0000000000000200 x0 : ffffffffffffffea
Call trace:
bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
bpf_prog_4add87e5301a4105+0x3c/0x8ec
bpf_dispatcher_xdp_func+0x30/0x44 net/core/filter.c:10686
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run_xdp include/linux/filter.h:800 [inline]
bpf_prog_run_generic_xdp+0x3e0/0xea8 net/core/dev.c:4729
netif_receive_generic_xdp net/core/dev.c:4815 [inline]
do_xdp_generic+0x348/0x614 net/core/dev.c:4870
tun_get_user+0x1d8c/0x3630 drivers/net/tun.c:1915
tun_chr_write_iter+0xfc/0x20c drivers/net/tun.c:2018
call_write_iter include/linux/fs.h:2101 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 1449
hardirqs last enabled at (1448): [<ffff80000832ccfc>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (1449): [<ffff800011976650>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (1280): [<ffff800008020e1c>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (1280): [<ffff800008020e1c>] __do_softirq+0xcac/0xf48 kernel/softirq.c:587
softirqs last disabled at (1386): [<ffff80000c90df70>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace fd6e415bd752a8cb ]---
Illegal XDP return value 4294967274, expect packet loss!
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=119267bcc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=b62eebe3254e37ab352a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b62eeb...@syzkaller.appspotmail.com
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
WARNING: CPU: 0 PID: 5572 at net/core/filter.c:3848 bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
Modules linked in:
CPU: 0 PID: 5572 Comm: syz-executor.5 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
lr : ____bpf_xdp_adjust_tail net/core/filter.c:3848 [inline]
lr : bpf_xdp_adjust_tail+0x1a4/0x1b0 net/core/filter.c:3837
sp : ffff80001d6d7470
x29: ffff80001d6d7470 x28: ffff0000ff07fec0 x27: 1ffff00003adaed9
x26: ffff0000ff06feef x25: dfff800000000000 x24: 0000000000020000
x23: ffff0000ff06feef x22: 0000000000000000 x21: ffff80001d6d76c0
x20: ffff80001d6d76c8 x19: ffff800016d3f000 x18: 0000000000000201
x17: ff80800008337080 x16: ffff80001197afb0 x15: ffff800008337080
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000040000
x11: 0000000000006158 x10: ffff80001f889000 x9 : 0f6848182d18e400
x8 : 0f6848182d18e400 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001d6d6bd8 x4 : ffff800014a10780 x3 : ffff80000854d760
x2 : 0000000000000001 x1 : 0000000000000200 x0 : ffffffffffffffea
Call trace:
bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
bpf_prog_4add87e5301a4105+0x3c/0x8ec
bpf_dispatcher_xdp_func+0x30/0x44 net/core/filter.c:10686
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run_xdp include/linux/filter.h:800 [inline]
bpf_prog_run_generic_xdp+0x3e0/0xea8 net/core/dev.c:4729
netif_receive_generic_xdp net/core/dev.c:4815 [inline]
do_xdp_generic+0x348/0x614 net/core/dev.c:4870
tun_get_user+0x1d8c/0x3630 drivers/net/tun.c:1915
tun_chr_write_iter+0xfc/0x20c drivers/net/tun.c:2018
call_write_iter include/linux/fs.h:2101 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 1449
hardirqs last enabled at (1448): [<ffff80000832ccfc>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (1449): [<ffff800011976650>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (1280): [<ffff800008020e1c>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (1280): [<ffff800008020e1c>] __do_softirq+0xcac/0xf48 kernel/softirq.c:587
softirqs last disabled at (1386): [<ffff80000c90df70>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace fd6e415bd752a8cb ]---
Illegal XDP return value 4294967274, expect packet loss!
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 7, 2023, 4:59:54 PM3/7/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 42616e0f09fb Linux 6.1.15
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=132f2b98c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=650737f7e9682672
dashboard link: https://syzkaller.appspot.com/bug?extid=af559a703a8da2d14308
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f10713d1fd0f/disk-42616e0f.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/5a1307bb774e/vmlinux-42616e0f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/388238a30fe4/Image-42616e0f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
Modules linked in:
CPU: 0 PID: 20459 Comm: syz-executor.1 Not tainted 6.1.15-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x228/0x230 net/core/filter.c:4051
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
lr : ____bpf_xdp_adjust_tail net/core/filter.c:4069 [inline]
lr : bpf_xdp_adjust_tail+0x224/0x230 net/core/filter.c:4051
sp : ffff80001f7274b0
x29: ffff80001f7274b0 x28: ffff000117eefeef x27: 1ffff00003ee4ee1
x26: dfff800000000000 x25: ffff80001f727718 x24: 0000000000000000
x23: 0000000000020000 x22: ffff000117eefeef x21: ffff80001f727700
x20: ffff80001f727708 x19: ffff800018061000 x18: ffff80001f727720
x17: 0000000000000000 x16: ffff8000122508ac x15: 0000000000000000
x14: 0000000000000002 x13: 0000000000000001 x12: 0000000000040000
x11: 00000000000054b4 x10: ffff80001e549000 x9 : a8403bd7ca930b00
x8 : a8403bd7ca930b00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001f726db8 x4 : ffff800015823840 x3 : ffff8000085890fc
x2 : 0000000000000001 x1 : 0000000100000200 x0 : ffffffffffffffea
Call trace:
bpf_xdp_adjust_tail+0x228/0x230 net/core/filter.c:4051
bpf_prog_4add87e5301a4105+0x50/0x80
bpf_dispatcher_xdp_func+0x30/0x44 net/core/filter.c:11348
__bpf_prog_run include/linux/filter.h:600 [inline]
bpf_prog_run_xdp include/linux/filter.h:775 [inline]
bpf_prog_run_generic_xdp+0x428/0xf44 net/core/dev.c:4759
netif_receive_generic_xdp net/core/dev.c:4845 [inline]
do_xdp_generic+0x348/0x634 net/core/dev.c:4904
tun_get_user+0x2070/0x3ac8 drivers/net/tun.c:1932
tun_chr_write_iter+0xfc/0x204 drivers/net/tun.c:2036
call_write_iter include/linux/fs.h:2205 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x610/0x914 fs/read_write.c:584
ksys_write+0x15c/0x26c fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:646
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 1021
hardirqs last enabled at (1020): [<ffff800008347558>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (1021): [<ffff80001224c56c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (850): [<ffff800008033988>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (958): [<ffff80000cca7568>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
Illegal XDP return value 4294967274 on prog (id 473) dev syz_tun, expect packet loss!
syzbot
Mar 7, 2023, 5:50:55 PM3/7/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=123a51c4c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1371aba2c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b62eeb...@syzkaller.appspotmail.com
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
WARNING: CPU: 0 PID: 4060 at net/core/filter.c:3848 bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
Modules linked in:
CPU: 0 PID: 4060 Comm: syz-executor272 Not tainted 5.15.98-syzkaller #0
x29: ffff80001cb97470 x28: ffff0000d665fec0 x27: 1ffff00003972ed9
x26: ffff0000d664feef x25: dfff800000000000 x24: 0000000000020000
x23: ffff0000d664feef x22: 0000000000000000 x21: ffff80001cb976c0
x20: ffff80001cb976c8 x19: ffff800016d3f000 x18: 0000000000000201
x17: ff80800008337080 x16: 0000000000000000 x15: ffff800008337080
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832eb64 x10: 0000000000000000 x9 : c15b1ff029830300
x8 : c15b1ff029830300 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001cb96bd8 x4 : ffff800014a10780 x3 : ffff8000083371cc
x2 : 0000000000000001 x1 : 0000000100000200 x0 : ffffffffffffffea
hardirqs last enabled at (14326): [<ffff80000832ccfc>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (14327): [<ffff800011976650>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (14156): [<ffff8000085670cc>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (14156): [<ffff8000085670cc>] bpf_link_settle+0x80/0x148 kernel/bpf/syscall.c:2584
softirqs last disabled at (14266): [<ffff80000c90df70>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace be4bada2ac3b57d1 ]---
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=b62eebe3254e37ab352a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10a2df08c80000
dashboard link: https://syzkaller.appspot.com/bug?extid=b62eebe3254e37ab352a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1371aba2c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b62eeb...@syzkaller.appspotmail.com
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
Modules linked in:
CPU: 0 PID: 4060 Comm: syz-executor272 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
lr : ____bpf_xdp_adjust_tail net/core/filter.c:3848 [inline]
lr : bpf_xdp_adjust_tail+0x1a4/0x1b0 net/core/filter.c:3837
sp : ffff80001cb97470
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
lr : ____bpf_xdp_adjust_tail net/core/filter.c:3848 [inline]
lr : bpf_xdp_adjust_tail+0x1a4/0x1b0 net/core/filter.c:3837
x29: ffff80001cb97470 x28: ffff0000d665fec0 x27: 1ffff00003972ed9
x26: ffff0000d664feef x25: dfff800000000000 x24: 0000000000020000
x23: ffff0000d664feef x22: 0000000000000000 x21: ffff80001cb976c0
x20: ffff80001cb976c8 x19: ffff800016d3f000 x18: 0000000000000201
x17: ff80800008337080 x16: 0000000000000000 x15: ffff800008337080
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832eb64 x10: 0000000000000000 x9 : c15b1ff029830300
x8 : c15b1ff029830300 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001cb96bd8 x4 : ffff800014a10780 x3 : ffff8000083371cc
x2 : 0000000000000001 x1 : 0000000100000200 x0 : ffffffffffffffea
Call trace:
bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
bpf_prog_4add87e5301a4105+0x3c/0x100
bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
bpf_dispatcher_xdp_func+0x30/0x44 net/core/filter.c:10686
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run_xdp include/linux/filter.h:800 [inline]
bpf_prog_run_generic_xdp+0x3e0/0xea8 net/core/dev.c:4729
netif_receive_generic_xdp net/core/dev.c:4815 [inline]
do_xdp_generic+0x348/0x614 net/core/dev.c:4870
tun_get_user+0x1d8c/0x3630 drivers/net/tun.c:1915
tun_chr_write_iter+0xfc/0x20c drivers/net/tun.c:2018
call_write_iter include/linux/fs.h:2101 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 14327
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run_xdp include/linux/filter.h:800 [inline]
bpf_prog_run_generic_xdp+0x3e0/0xea8 net/core/dev.c:4729
netif_receive_generic_xdp net/core/dev.c:4815 [inline]
do_xdp_generic+0x348/0x614 net/core/dev.c:4870
tun_get_user+0x1d8c/0x3630 drivers/net/tun.c:1915
tun_chr_write_iter+0xfc/0x20c drivers/net/tun.c:2018
call_write_iter include/linux/fs.h:2101 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
hardirqs last enabled at (14326): [<ffff80000832ccfc>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (14327): [<ffff800011976650>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (14156): [<ffff8000085670cc>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (14156): [<ffff8000085670cc>] bpf_link_settle+0x80/0x148 kernel/bpf/syscall.c:2584
softirqs last disabled at (14266): [<ffff80000c90df70>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace be4bada2ac3b57d1 ]---
syzbot
Mar 7, 2023, 6:35:38 PM3/7/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 42616e0f09fb Linux 6.1.15
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10611b38c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102765bcc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f10713d1fd0f/disk-42616e0f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5a1307bb774e/vmlinux-42616e0f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/388238a30fe4/Image-42616e0f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+af559a...@syzkaller.appspotmail.com
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
WARNING: CPU: 1 PID: 4308 at net/core/filter.c:4069 bpf_xdp_adjust_tail+0x228/0x230 net/core/filter.c:4051
Modules linked in:
CPU: 1 PID: 4308 Comm: syz-executor402 Not tainted 6.1.15-syzkaller #0
x29: ffff80001dc374b0 x28: ffff0000dc7afeef x27: 1ffff00003b86ee1
x26: dfff800000000000 x25: ffff80001dc37718 x24: 0000000000000000
x23: 0000000000020000 x22: ffff0000dc7afeef x21: ffff80001dc37700
x20: ffff80001dc37708 x19: ffff800018061000 x18: ffff80001dc368c0
x11: ff80800008349608 x10: 0000000000000000 x9 : 42f117d643cd1200
x8 : 42f117d643cd1200 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001dc36db8 x4 : ffff800015823840 x3 : ffff8000085890fc
irq event stamp: 15663
hardirqs last enabled at (15662): [<ffff800008347558>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (15663): [<ffff80001224c56c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15490): [<ffff8000085a43cc>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
softirqs last enabled at (15490): [<ffff8000085a43cc>] bpf_link_settle+0x80/0x148 kernel/bpf/syscall.c:2863
softirqs last disabled at (15600): [<ffff80000cca7568>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
HEAD commit: 42616e0f09fb Linux 6.1.15
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=650737f7e9682672
dashboard link: https://syzkaller.appspot.com/bug?extid=af559a703a8da2d14308
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f6c19cc80000
dashboard link: https://syzkaller.appspot.com/bug?extid=af559a703a8da2d14308
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102765bcc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f10713d1fd0f/disk-42616e0f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5a1307bb774e/vmlinux-42616e0f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/388238a30fe4/Image-42616e0f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+af559a...@syzkaller.appspotmail.com
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
Modules linked in:
CPU: 1 PID: 4308 Comm: syz-executor402 Not tainted 6.1.15-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x228/0x230 net/core/filter.c:4051
lr : ____bpf_xdp_adjust_tail net/core/filter.c:4069 [inline]
lr : bpf_xdp_adjust_tail+0x224/0x230 net/core/filter.c:4051
sp : ffff80001dc374b0
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x228/0x230 net/core/filter.c:4051
lr : ____bpf_xdp_adjust_tail net/core/filter.c:4069 [inline]
lr : bpf_xdp_adjust_tail+0x224/0x230 net/core/filter.c:4051
x29: ffff80001dc374b0 x28: ffff0000dc7afeef x27: 1ffff00003b86ee1
x26: dfff800000000000 x25: ffff80001dc37718 x24: 0000000000000000
x23: 0000000000020000 x22: ffff0000dc7afeef x21: ffff80001dc37700
x20: ffff80001dc37708 x19: ffff800018061000 x18: ffff80001dc368c0
x17: 0000000000000000 x16: ffff8000122508ac x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff80800008349608 x10: 0000000000000000 x9 : 42f117d643cd1200
x8 : 42f117d643cd1200 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001dc36db8 x4 : ffff800015823840 x3 : ffff8000085890fc
hardirqs last enabled at (15662): [<ffff800008347558>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (15663): [<ffff80001224c56c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (15490): [<ffff8000085a43cc>] spin_unlock_bh include/linux/spinlock.h:395 [inline]
softirqs last enabled at (15490): [<ffff8000085a43cc>] bpf_link_settle+0x80/0x148 kernel/bpf/syscall.c:2863
softirqs last disabled at (15600): [<ffff80000cca7568>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
Illegal XDP return value 4294967274 on prog (id 1) dev syz_tun, expect packet loss!
syzbot
Oct 8, 2023, 8:04:30 AM10/8/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 20acffcdc2b74fb7dcc4e299f7aca173df89d911
Author: Andrew Kanner <andrew...@gmail.com>
Date: Thu Aug 3 19:03:18 2023 +0000
net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1227a5ee680000
start commit: 1cc3fcf63192 Linux 6.1.18
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=ac04a15f4a80e9d0
dashboard link: https://syzkaller.appspot.com/bug?extid=af559a703a8da2d14308
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11859d42c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=175748e2c80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 20acffcdc2b74fb7dcc4e299f7aca173df89d911
Author: Andrew Kanner <andrew...@gmail.com>
Date: Thu Aug 3 19:03:18 2023 +0000
net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1227a5ee680000
start commit: 1cc3fcf63192 Linux 6.1.18
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=ac04a15f4a80e9d0
dashboard link: https://syzkaller.appspot.com/bug?extid=af559a703a8da2d14308
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11859d42c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=175748e2c80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Oct 12, 2023, 10:59:44 AM10/12/23
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages