| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68efec17.050a0220.91a22.02ca.GAE@google.com>
Date: Wed, 15 Oct 2025 11:46:47 -0700
From: syzbot ci <syzbot+ci7c73a60f40f79ce2@...kaller.appspotmail.com>
To: bpf@...r.kernel.org, daniel@...earbox.net, davem@...emloft.net,
dw@...idwei.uk, john.fastabend@...il.com, jordan@...fe.io, kuba@...nel.org,
maciej.fijalkowski@...el.com, magnus.karlsson@...el.com,
martin.lau@...nel.org, netdev@...r.kernel.org, pabeni@...hat.com,
razor@...ckwall.org, sdf@...ichev.me, toke@...hat.com,
wangdongdong.6@...edance.com, willemb@...gle.com, yangzhenze@...edance.com
Cc: syzbot@...ts.linux.dev, syzkaller-bugs@...glegroups.com
Subject: [syzbot ci] Re: netkit: Support for io_uring zero-copy and AF_XDP
syzbot ci has tested the following series
[v2] netkit: Support for io_uring zero-copy and AF_XDP
https://lore.kernel.org/all/20251015140140.62273-1-daniel@iogearbox.net
* [PATCH net-next v2 01/15] net: Add bind-queue operation
* [PATCH net-next v2 02/15] net: Implement netdev_nl_bind_queue_doit
* [PATCH net-next v2 03/15] net: Add peer info to queue-get response
* [PATCH net-next v2 04/15] net, ethtool: Disallow peered real rxqs to be resized
* [PATCH net-next v2 05/15] net: Proxy net_mp_{open,close}_rxq for mapped queues
* [PATCH net-next v2 06/15] xsk: Move NETDEV_XDP_ACT_ZC into generic header
* [PATCH net-next v2 07/15] xsk: Move pool registration into single function
* [PATCH net-next v2 08/15] xsk: Add small helper xp_pool_bindable
* [PATCH net-next v2 09/15] xsk: Change xsk_rcv_check to check netdev/queue_id from pool
* [PATCH net-next v2 10/15] xsk: Proxy pool management for mapped queues
* [PATCH net-next v2 11/15] netkit: Add single device mode for netkit
* [PATCH net-next v2 12/15] netkit: Document fast vs slowpath members via macros
* [PATCH net-next v2 13/15] netkit: Implement rtnl_link_ops->alloc and ndo_queue_create
* [PATCH net-next v2 14/15] netkit: Add io_uring zero-copy support for TCP
* [PATCH net-next v2 15/15] netkit: Add xsk support for af_xdp applications
and found the following issue:
WARNING in netif_get_rx_queue_peer_locked
Full report is available here:
https://ci.syzbot.org/series/19b5990a-1eef-44da-a6f0-ffb03bd8adff
***
WARNING in netif_get_rx_queue_peer_locked
tree: net-next
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/netdev/net-next.git
base: 18a7e218cfcdca6666e1f7356533e4c988780b57
arch: amd64
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
config: https://ci.syzbot.org/builds/7583f7f3-9e92-4fe2-85f2-761655062852/config
C repro: https://ci.syzbot.org/findings/75520448-5da8-4fc1-817b-a6c9e4d487e1/c_repro
syz repro: https://ci.syzbot.org/findings/75520448-5da8-4fc1-817b-a6c9e4d487e1/syz_repro
UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5959 at ./include/net/netdev_lock.h:17 netdev_assert_locked include/net/netdev_lock.h:17 [inline]
WARNING: CPU: 1 PID: 5959 at ./include/net/netdev_lock.h:17 netif_get_rx_queue_peer_locked+0x2f1/0x3a0 net/core/netdev_rx_queue.c:71
Modules linked in:
CPU: 1 UID: 0 PID: 5959 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:netdev_assert_locked include/net/netdev_lock.h:17 [inline]
RIP: 0010:netif_get_rx_queue_peer_locked+0x2f1/0x3a0 net/core/netdev_rx_queue.c:71
Code: 6c 7e f8 eb 08 e8 3f 6c 7e f8 45 31 f6 4c 89 f0 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d e9 c6 1c 0d 02 cc e8 20 6c 7e f8 90 <0f> 0b 90 e9 a9 fd ff ff 48 c7 c1 90 44 9e 8f 80 e1 07 80 c1 03 38
RSP: 0018:ffffc90003f17ab0 EFLAGS: 00010293
RAX: ffffffff894127e0 RBX: ffffc90003f17b60 RCX: ffff8881709cba00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8f4df8a7 R09: 1ffffffff1e9bf14
R10: dffffc0000000000 R11: fffffbfff1e9bf15 R12: dffffc0000000000
R13: 0000000000000001 R14: 1ffff920007e2f6c R15: ffff8881b1832000
FS: 0000555580884500(0000) GS:ffff8882a9d0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555580884808 CR3: 00000001ba58c000 CR4: 00000000000006f0
Call Trace:
<TASK>
xsk_reg_pool_at_qid+0x20b/0x630 net/xdp/xsk.c:159
xp_assign_dev+0x115/0x760 net/xdp/xsk_buff_pool.c:181
xsk_bind+0x473/0xf90 net/xdp/xsk.c:1407
__sys_bind_socket net/socket.c:1874 [inline]
__sys_bind+0x2c6/0x3e0 net/socket.c:1905
__do_sys_bind net/socket.c:1910 [inline]
__se_sys_bind net/socket.c:1908 [inline]
__x64_sys_bind+0x7a/0x90 net/socket.c:1908
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb19bd8eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd789e00a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00007fb19bfe5fa0 RCX: 00007fb19bd8eec9
RDX: 0000000000000010 RSI: 0000200000000180 RDI: 0000000000000003
RBP: 00007fb19be11f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb19bfe5fa0 R14: 00007fb19bfe5fa0 R15: 0000000000000003
</TASK>
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syzbot@...kaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzkaller@...glegroups.com.
Powered by blists - more mailing lists