syzbot

 sign-in | mailing list | source | docs
🐞 Open [995] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in bpf_skb_load_helper_32

Status: fixed on 2023/02/24 13:50
Subsystems: bpf
[Documentation on labels]
Fix commit: 0326195f523a bpf: Make sure mac_header was set before using it
First crash: 660d, last: 629d
Cause bisection: introduced by (bisect log) :
commit f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f
Author: Eric Dumazet <edumazet@google.com>
Date: Mon Jun 20 09:30:17 2022 +0000

  net: warn if mac header was not set

Crash: WARNING in bpf_skb_load_helper_32 (log)
Repro: C syz .config
  

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3607 at include/linux/skbuff.h:2785 skb_mac_header include/linux/skbuff.h:2785 [inline]
WARNING: CPU: 1 PID: 3607 at include/linux/skbuff.h:2785 bpf_internal_load_pointer_neg_helper+0x1b1/0x1c0 kernel/bpf/core.c:74
Modules linked in:
CPU: 1 PID: 3607 Comm: syz-executor167 Not tainted 5.19.0-rc4-syzkaller-00865-g4874fb9484be #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
RIP: 0010:skb_mac_header include/linux/skbuff.h:2785 [inline]
RIP: 0010:bpf_internal_load_pointer_neg_helper+0x1b1/0x1c0 kernel/bpf/core.c:74
Code: ff ff 45 31 f6 e9 5a ff ff ff e8 aa 27 40 00 e9 3b ff ff ff e8 90 27 40 00 e9 df fe ff ff e8 86 27 40 00 eb 9e e8 2f 2c f3 ff <0f> 0b eb b1 e8 96 27 40 00 e9 79 fe ff ff 90 41 57 41 56 41 55 41
RSP: 0018:ffffc90002f8f668 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffffffffeff00c RCX: 0000000000000000
RDX: ffff888022748000 RSI: ffffffff81873f21 RDI: 0000000000000003
RBP: ffff888073066000 R08: 0000000000000003 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000001 R12: 0000000000000004
R13: ffff88807d4ed800 R14: 000000000000ffff R15: dffffc0000000000
FS:  0000555555f0f300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcb12173e0 CR3: 0000000077210000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ____bpf_skb_load_helper_32 net/core/filter.c:276 [inline]
 bpf_skb_load_helper_32+0x191/0x220 net/core/filter.c:264
 </TASK>
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 3607 Comm: syz-executor167 Not tainted 5.19.0-rc4-syzkaller-00865-g4874fb9484be #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 panic+0x2d7/0x636 kernel/panic.c:274
 __warn.cold+0x1e2/0x2c5 kernel/panic.c:623
 report_bug+0x1bc/0x210 lib/bug.c:198
 handle_bug+0x3c/0x60 arch/x86/kernel/traps.c:316
 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:336
 asm_exc_invalid_op+0x1b/0x20 arch/x86/include/asm/idtentry.h:568
RIP: 0010:skb_mac_header include/linux/skbuff.h:2785 [inline]
RIP: 0010:bpf_internal_load_pointer_neg_helper+0x1b1/0x1c0 kernel/bpf/core.c:74
Code: ff ff 45 31 f6 e9 5a ff ff ff e8 aa 27 40 00 e9 3b ff ff ff e8 90 27 40 00 e9 df fe ff ff e8 86 27 40 00 eb 9e e8 2f 2c f3 ff <0f> 0b eb b1 e8 96 27 40 00 e9 79 fe ff ff 90 41 57 41 56 41 55 41
RSP: 0018:ffffc90002f8f668 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffffffffeff00c RCX: 0000000000000000
RDX: ffff888022748000 RSI: ffffffff81873f21 RDI: 0000000000000003
RBP: ffff888073066000 R08: 0000000000000003 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000001 R12: 0000000000000004
R13: ffff88807d4ed800 R14: 000000000000ffff R15: dffffc0000000000
 ____bpf_skb_load_helper_32 net/core/filter.c:276 [inline]
 bpf_skb_load_helper_32+0x191/0x220 net/core/filter.c:264
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/07/07 07:09 net-next-old 4874fb9484be bff65f44 .config strace log report syz C ci-upstream-net-kasan-gce WARNING in bpf_skb_load_helper_32
2022/07/07 07:19 linux-next cb71b93c2dc3 bff65f44 .config strace log report syz C ci-upstream-linux-next-kasan-gce-root WARNING in bpf_skb_load_helper_32
2022/07/07 07:06 net-next-old 4874fb9484be bff65f44 .config console log report info ci-upstream-net-kasan-gce WARNING in bpf_skb_load_helper_32
2022/07/07 06:55 net-next-old 4874fb9484be bff65f44 .config console log report info ci-upstream-net-kasan-gce WARNING in bpf_skb_load_helper_32
2022/08/07 09:39 linux-next cb71b93c2dc3 88e3a122 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING in bpf_skb_load_helper_32
2022/07/29 21:54 linux-next cb71b93c2dc3 fef302b1 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING in bpf_skb_load_helper_32
2022/07/19 11:06 linux-next cb71b93c2dc3 ff988920 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING in bpf_skb_load_helper_32
2022/07/07 07:19 linux-next cb71b93c2dc3 bff65f44 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING in bpf_skb_load_helper_32
2022/07/07 07:05 linux-next cb71b93c2dc3 bff65f44 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING in bpf_skb_load_helper_32
* Struck through repros no longer work on HEAD.