From: syzbot <syzbot+deb196d6d40f19e8551a@syzkaller.appspotmail.com>
To: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org,
daniel@iogearbox.net, davem@davemloft.net, eddyz87@gmail.com,
edumazet@google.com, haoluo@google.com,
john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org,
kuba@kernel.org, linux-kernel@vger.kernel.org,
martin.lau@linux.dev, netdev@vger.kernel.org, pabeni@redhat.com,
sdf@google.com, song@kernel.org,
syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev
Subject: [syzbot] [net?] [bpf?] WARNING in skb_ensure_writable (2)
Date: Sat, 17 Aug 2024 12:01:32 -0700 [thread overview]
Message-ID: <0000000000004432b7061fe5b45e@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 8867bbd4a056 mm: arm64: Fix the out-of-bounds issue in con..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=143cc2f5980000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc88a9f65787e86
dashboard link: https://syzkaller.appspot.com/bug?extid=deb196d6d40f19e8551a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5ef30d34e749/disk-8867bbd4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a21c2389ebfb/vmlinux-8867bbd4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9720b12c3f99/Image-8867bbd4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+deb196d6d40f19e8551a@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 13062 at include/linux/skbuff.h:2738 pskb_may_pull_reason include/linux/skbuff.h:2738 [inline]
WARNING: CPU: 0 PID: 13062 at include/linux/skbuff.h:2738 pskb_may_pull include/linux/skbuff.h:2754 [inline]
WARNING: CPU: 0 PID: 13062 at include/linux/skbuff.h:2738 skb_ensure_writable+0x26c/0x3a8 net/core/skbuff.c:6100
Modules linked in:
CPU: 0 PID: 13062 Comm: syz.2.2595 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : pskb_may_pull_reason include/linux/skbuff.h:2738 [inline]
pc : pskb_may_pull include/linux/skbuff.h:2754 [inline]
pc : skb_ensure_writable+0x26c/0x3a8 net/core/skbuff.c:6100
lr : pskb_may_pull_reason include/linux/skbuff.h:2738 [inline]
lr : pskb_may_pull include/linux/skbuff.h:2754 [inline]
lr : skb_ensure_writable+0x26c/0x3a8 net/core/skbuff.c:6100
sp : ffff800098f076c0
x29: ffff800098f076c0 x28: 0000000001000000 x27: ffff800098f07768
x26: 0000000000000000 x25: ffff800098f07770 x24: 1ffff000136a9e06
x23: 1ffff000131e0f1c x22: dfff800000000000 x21: dfff800000000000
x20: 00000000ffffffff x19: ffff0000c61a8280 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008055a9d4 x15: 0000000000000003
x14: ffff80008f3c0558 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000040000 x10: 00000000000004d0 x9 : ffff80009f01f000
x8 : 00000000000004d1 x7 : ffff80008044e140 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0000d24fdac0 x1 : 00000000ffffffff x0 : 0000000000000000
Call trace:
pskb_may_pull_reason include/linux/skbuff.h:2738 [inline]
pskb_may_pull include/linux/skbuff.h:2754 [inline]
skb_ensure_writable+0x26c/0x3a8 net/core/skbuff.c:6100
__bpf_try_make_writable net/core/filter.c:1668 [inline]
bpf_try_make_writable net/core/filter.c:1674 [inline]
____bpf_skb_pull_data net/core/filter.c:1865 [inline]
bpf_skb_pull_data+0x80/0x210 net/core/filter.c:1854
bpf_prog_d22c10afa9a4a832+0x50/0xb8
bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
__bpf_prog_run include/linux/filter.h:691 [inline]
bpf_prog_run include/linux/filter.h:698 [inline]
bpf_test_run+0x374/0x890 net/bpf/test_run.c:425
bpf_prog_test_run_skb+0x8d4/0x1090 net/bpf/test_run.c:1066
bpf_prog_test_run+0x2dc/0x364 kernel/bpf/syscall.c:4291
__sys_bpf+0x314/0x5f0 kernel/bpf/syscall.c:5705
__do_sys_bpf kernel/bpf/syscall.c:5794 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5792 [inline]
__arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5792
__invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 291
hardirqs last enabled at (289): [<ffff80008044e060>] seqcount_lockdep_reader_access+0x80/0x104 include/linux/seqlock.h:74
hardirqs last disabled at (291): [<ffff80008b1fe010>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:470
softirqs last enabled at (276): [<ffff800080030830>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (290): [<ffff800089727270>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
reply other threads:[~2024-08-17 19:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000004432b7061fe5b45e@google.com \
--to=syzbot+deb196d6d40f19e8551a@syzkaller.appspotmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.