[syzbot] BUG: missing reserved tailroom

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+0e91362d99386dc5de99@syzkaller.appspotmail.com>
To: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org,
	daniel@iogearbox.net, davem@davemloft.net, hawk@kernel.org,
	john.fastabend@gmail.com, kafai@fb.com, kpsingh@kernel.org,
	kuba@kernel.org, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, songliubraving@fb.com,
	syzkaller-bugs@googlegroups.com, toke@redhat.com, yhs@fb.com
Subject: [syzbot] BUG: missing reserved tailroom
Date: Thu, 10 Mar 2022 10:37:20 -0800	[thread overview]
Message-ID: <00000000000019c51e05d9e18158@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    de55c9a1967c Merge branch 'Add support for transmitting pa..
git tree:       bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14ce88ad700000
kernel config:  https://syzkaller.appspot.com/x/.config?x=2fa13781bcea50fc
dashboard link: https://syzkaller.appspot.com/bug?extid=0e91362d99386dc5de99
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11f36345700000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14c8ca65700000

The issue was bisected to:

commit b530e9e1063ed2b817eae7eec6ed2daa8be11608
Author: Toke Høiland-Jørgensen <toke@redhat.com>
Date:   Wed Mar 9 10:53:42 2022 +0000

    bpf: Add "live packet" mode for XDP in BPF_PROG_RUN

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=17696e55700000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=14e96e55700000
console output: https://syzkaller.appspot.com/x/log.txt?x=10e96e55700000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0e91362d99386dc5de99@syzkaller.appspotmail.com
Fixes: b530e9e1063e ("bpf: Add "live packet" mode for XDP in BPF_PROG_RUN")

------------[ cut here ]------------
XDP_WARN: xdp_update_frame_from_buff(line:274): Driver BUG: missing reserved tailroom
WARNING: CPU: 0 PID: 3590 at net/core/xdp.c:599 xdp_warn+0x28/0x30 net/core/xdp.c:599
Modules linked in:
CPU: 0 PID: 3590 Comm: syz-executor167 Not tainted 5.17.0-rc6-syzkaller-01958-gde55c9a1967c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:xdp_warn+0x28/0x30 net/core/xdp.c:599
Code: 40 00 41 55 49 89 fd 41 54 41 89 d4 55 48 89 f5 e8 2d 08 3a fa 4c 89 e9 44 89 e2 48 89 ee 48 c7 c7 80 ea b0 8a e8 ef c7 cd 01 <0f> 0b 5d 41 5c 41 5d c3 55 53 48 89 fb e8 06 08 3a fa 48 8d 7b ec
RSP: 0018:ffffc9000370f6f8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff888018d8a198 RCX: 0000000000000000
RDX: ffff88802272d700 RSI: ffffffff815fe2c8 RDI: fffff520006e1ed1
RBP: ffffffff8ab54aa0 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff815f895e R11: 0000000000000000 R12: 0000000000000112
R13: ffffffff8ab54780 R14: ffff888018d8a000 R15: ffff888018d8ae98
FS:  000055555694a300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 000000007255a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 xdp_update_frame_from_buff include/net/xdp.h:274 [inline]
 xdp_update_frame_from_buff include/net/xdp.h:260 [inline]
 xdp_test_run_init_page+0x3f1/0x500 net/bpf/test_run.c:143
 page_pool_set_pp_info net/core/page_pool.c:268 [inline]
 __page_pool_alloc_pages_slow+0x269/0x1050 net/core/page_pool.c:339
 page_pool_alloc_pages+0xb6/0x100 net/core/page_pool.c:372
 page_pool_dev_alloc_pages include/net/page_pool.h:197 [inline]
 xdp_test_run_batch net/bpf/test_run.c:280 [inline]
 bpf_test_run_xdp_live+0x53a/0x18c0 net/bpf/test_run.c:363
 bpf_prog_test_run_xdp+0x8f6/0x1440 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:3363 [inline]
 __sys_bpf+0x1858/0x59a0 kernel/bpf/syscall.c:4665
 __do_sys_bpf kernel/bpf/syscall.c:4751 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4749 [inline]
 __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4749
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fc3679a71f9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdd3b6d268 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc3679a71f9
RDX: 0000000000000048 RSI: 0000000020000000 RDI: 000000000000000a
RBP: 00007fc36796b1e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc36796b270
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

next             reply	other threads:[~2022-03-10 18:37 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-10 18:37 syzbot [this message]
2022-03-10 21:06 ` [syzbot] BUG: missing reserved tailroom Martin KaFai Lau
2022-03-10 21:57   ` Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=00000000000019c51e05d9e18158@google.com \
    --to=syzbot+0e91362d99386dc5de99@syzkaller.appspotmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=hawk@kernel.org \
    --cc=john.fastabend@gmail.com \
    --cc=kafai@fb.com \
    --cc=kpsingh@kernel.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=songliubraving@fb.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=toke@redhat.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.