------------[ cut here ]------------
Illegal XDP return value 4294967274, expect packet loss!
WARNING: CPU: 0 PID: 6106 at net/core/filter.c:5537 bpf_warn_invalid_xdp_action net/core/filter.c:5537 [inline]
WARNING: CPU: 0 PID: 6106 at net/core/filter.c:5537 bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5533
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 6106 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x5a kernel/panic.c:541
report_bug+0x262/0x2b0 lib/bug.c:183
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:5537 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5533
Code: e0 4a 4d 89 41 83 fc 04 48 c7 c6 20 4b 4d 89 48 0f 46 ee e8 53 5c e3 fa 44 89 e2 48 c7 c7 60 4b 4d 89 48 89 ee e8 26 94 73 01 <0f> 0b 5b 5d 41 5c e9 36 5c e3 fa 66 0f 1f 44 00 00 41 54 55 89 fd
RSP: 0018:ffff8880ba007cb8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff814dff01 RDI: ffffed1017400f89
RBP: ffffffff894d4ae0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 00000000ffffffea
R13: ffff8880ba007dc0 R14: ffff88809bfbf200 R15: dffffc0000000000
veth_xdp_rcv_skb drivers/net/veth.c:550 [inline]
veth_xdp_rcv drivers/net/veth.c:601 [inline]
veth_poll+0x1498/0x3490 drivers/net/veth.c:621
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
__do_softirq+0x265/0x980 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
__dev_queue_xmit+0x1628/0x2e00 net/core/dev.c:3865
__bpf_tx_skb net/core/filter.c:2015 [inline]
__bpf_redirect_common net/core/filter.c:2054 [inline]
__bpf_redirect+0x746/0xbc0 net/core/filter.c:2061
____bpf_clone_redirect net/core/filter.c:2094 [inline]
bpf_clone_redirect+0x2c0/0x430 net/core/filter.c:2066
___bpf_prog_run+0x1bfa/0x4e80 kernel/bpf/core.c:1184
Kernel Offset: disabled
================================
WARNING: inconsistent lock state
4.19.211-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-R} usage.
syz-executor.1/6106 [HC0[0]:SC1[1]:HE0:SE0] takes:
00000000d2b150ff ((fb_notifier_list).rwsem){+++?}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline]
00000000d2b150ff ((fb_notifier_list).rwsem){+++?}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline]
00000000d2b150ff ((fb_notifier_list).rwsem){+++?}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline]
00000000d2b150ff ((fb_notifier_list).rwsem){+++?}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325
{SOFTIRQ-ON-W} state was registered at:
down_write+0x34/0x90 kernel/locking/rwsem.c:70
blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226
fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432
fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932
do_one_initcall+0xf1/0x740 init/main.c:884
do_initcall_level init/main.c:952 [inline]
do_initcalls init/main.c:960 [inline]
do_basic_setup init/main.c:978 [inline]
kernel_init_freeable+0x9c5/0xab7 init/main.c:1145
kernel_init+0xd/0x1ba init/main.c:1062
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
irq event stamp: 2895
hardirqs last enabled at (2894): [] console_unlock+0xdf5/0x1110 kernel/printk/printk.c:2489
hardirqs last disabled at (2895): [] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (2856): [] rcu_read_unlock_bh include/linux/rcupdate.h:717 [inline]
softirqs last enabled at (2856): [] __dev_queue_xmit+0x15f5/0x2e00 net/core/dev.c:3865
softirqs last disabled at (2857): [] do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock((fb_notifier_list).rwsem);
lock((fb_notifier_list).rwsem);
*** DEADLOCK ***
2 locks held by syz-executor.1/6106:
#0: 000000000e6c8177 (rcu_read_lock){....}, at: bpf_test_run+0x1dd/0x440 net/bpf/test_run.c:42
#1: 000000000e6c8177 (rcu_read_lock){....}, at: skb_orphan include/linux/skbuff.h:2608 [inline]
#1: 000000000e6c8177 (rcu_read_lock){....}, at: veth_xdp_rcv_skb drivers/net/veth.c:465 [inline]
#1: 000000000e6c8177 (rcu_read_lock){....}, at: veth_xdp_rcv drivers/net/veth.c:601 [inline]
#1: 000000000e6c8177 (rcu_read_lock){....}, at: veth_poll+0x766/0x3490 drivers/net/veth.c:621
stack backtrace:
CPU: 0 PID: 6106 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2545
valid_state kernel/locking/lockdep.c:2558 [inline]
mark_lock_irq kernel/locking/lockdep.c:2752 [inline]
mark_lock+0xc70/0x1160 kernel/locking/lockdep.c:3132
mark_irqflags kernel/locking/lockdep.c:3002 [inline]
__lock_acquire+0x10ed/0x3ff0 kernel/locking/lockdep.c:3373
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
down_read+0x36/0x80 kernel/locking/rwsem.c:24
__blocking_notifier_call_chain kernel/notifier.c:316 [inline]
__blocking_notifier_call_chain kernel/notifier.c:304 [inline]
blocking_notifier_call_chain kernel/notifier.c:328 [inline]
blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325
fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074
fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221
do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294
panic+0x313/0x50e kernel/panic.c:239
__warn.cold+0x20/0x5a kernel/panic.c:541
report_bug+0x262/0x2b0 lib/bug.c:183
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:bpf_warn_invalid_xdp_action net/core/filter.c:5537 [inline]
RIP: 0010:bpf_warn_invalid_xdp_action+0x6f/0x80 net/core/filter.c:5533
Code: e0 4a 4d 89 41 83 fc 04 48 c7 c6 20 4b 4d 89 48 0f 46 ee e8 53 5c e3 fa 44 89 e2 48 c7 c7 60 4b 4d 89 48 89 ee e8 26 94 73 01 <0f> 0b 5b 5d 41 5c e9 36 5c e3 fa 66 0f 1f 44 00 00 41 54 55 89 fd
RSP: 0018:ffff8880ba007cb8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff814dff01 RDI: ffffed1017400f89
RBP: ffffffff894d4ae0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 00000000ffffffea
R13: ffff8880ba007dc0 R14: ffff88809bfbf200 R15: dffffc0000000000
veth_xdp_rcv_skb drivers/net/veth.c:550 [inline]
veth_xdp_rcv drivers/net/veth.c:601 [inline]
veth_poll+0x1498/0x3490 drivers/net/veth.c:621
napi_poll net/core/dev.c:6280 [inline]
net_rx_action+0x4ac/0xfb0 net/core/dev.c:6346
__do_softirq+0x265/0x980 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x160/0x1c0 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x20e/0x270 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
__dev_queue_xmit+0x1628/0x2e00 net/core/dev.c:3865
__bpf_tx_skb net/core/filter.c:2015 [inline]
__bpf_redirect_common net/core/filter.c:2054 [inline]
__bpf_redirect+0x746/0xbc0 net/core/filter.c:2061
____bpf_clone_redirect net/core/filter.c:2094 [inline]
bpf_clone_redirect+0x2c0/0x430 net/core/filter.c:2066
___bpf_prog_run+0x1bfa/0x4e80 kernel/bpf/core.c:1184
Rebooting in 86400 seconds..