Hello,
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=119267bcc80000
kernel config:
https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link:
https://syzkaller.appspot.com/bug?extid=b62eebe3254e37ab352a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+b62eeb...@syzkaller.appspotmail.com
------------[ cut here ]------------
Too BIG xdp->frame_sz = 131072
WARNING: CPU: 0 PID: 5572 at net/core/filter.c:3848 bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
Modules linked in:
CPU: 0 PID: 5572 Comm: syz-executor.5 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
lr : ____bpf_xdp_adjust_tail net/core/filter.c:3848 [inline]
lr : bpf_xdp_adjust_tail+0x1a4/0x1b0 net/core/filter.c:3837
sp : ffff80001d6d7470
x29: ffff80001d6d7470 x28: ffff0000ff07fec0 x27: 1ffff00003adaed9
x26: ffff0000ff06feef x25: dfff800000000000 x24: 0000000000020000
x23: ffff0000ff06feef x22: 0000000000000000 x21: ffff80001d6d76c0
x20: ffff80001d6d76c8 x19: ffff800016d3f000 x18: 0000000000000201
x17: ff80800008337080 x16: ffff80001197afb0 x15: ffff800008337080
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000040000
x11: 0000000000006158 x10: ffff80001f889000 x9 : 0f6848182d18e400
x8 : 0f6848182d18e400 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001d6d6bd8 x4 : ffff800014a10780 x3 : ffff80000854d760
x2 : 0000000000000001 x1 : 0000000000000200 x0 : ffffffffffffffea
Call trace:
bpf_xdp_adjust_tail+0x1a8/0x1b0 net/core/filter.c:3837
bpf_prog_4add87e5301a4105+0x3c/0x8ec
bpf_dispatcher_xdp_func+0x30/0x44 net/core/filter.c:10686
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run_xdp include/linux/filter.h:800 [inline]
bpf_prog_run_generic_xdp+0x3e0/0xea8 net/core/dev.c:4729
netif_receive_generic_xdp net/core/dev.c:4815 [inline]
do_xdp_generic+0x348/0x614 net/core/dev.c:4870
tun_get_user+0x1d8c/0x3630 drivers/net/tun.c:1915
tun_chr_write_iter+0xfc/0x20c drivers/net/tun.c:2018
call_write_iter include/linux/fs.h:2101 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 1449
hardirqs last enabled at (1448): [<ffff80000832ccfc>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (1449): [<ffff800011976650>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (1280): [<ffff800008020e1c>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (1280): [<ffff800008020e1c>] __do_softirq+0xcac/0xf48 kernel/softirq.c:587
softirqs last disabled at (1386): [<ffff80000c90df70>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace fd6e415bd752a8cb ]---
Illegal XDP return value 4294967274, expect packet loss!
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.