Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue

From: Toke Høiland-Jørgensen
Date: Thu Mar 28 2024 - 16:40:19 EST

Next message: Stefan Hajnoczi: "[RFC 1/9] block: add llseek(SEEK_HOLE/SEEK_DATA) support"
Previous message: Stefan Hajnoczi: "[RFC 0/9] block: add llseek(SEEK_HOLE/SEEK_DATA) support"
In reply to: Jesper Dangaard Brouer: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Next in thread: Edward Adam Davis: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jesper Dangaard Brouer <hawk@xxxxxxxxxx> writes:

> On 27/03/2024 16.19, Alexei Starovoitov wrote:
>> Toke, Jesper,
>>
>> please take a look.
>> It's reproducible 100% of the time.
>> dst is NULL in dev_map_enqueue().
>>
>
> The `dst` (NULL) is basically `ri->tgt_value` being passed through
> (unmodified) via xdp_do_redirect_frame() and __xdp_do_redirect_frame()
> into dev_map_enqueue().
>
> I think something is wrong in xdp_test_run_batch().
> The `ri->tgt_value` is being set in __bpf_xdp_redirect_map(), but I
> cannot see __bpf_xdp_redirect_map() being used in xdp_test_run_batch().
>
> Toke, can you take a look at xdp_test_run_batch() and where
> `ri->tgt_value` is getting set?

Sure! I'm off for Easter, but I'll take a look when I get back next week :)

-Toke

Next message: Stefan Hajnoczi: "[RFC 1/9] block: add llseek(SEEK_HOLE/SEEK_DATA) support"
Previous message: Stefan Hajnoczi: "[RFC 0/9] block: add llseek(SEEK_HOLE/SEEK_DATA) support"
In reply to: Jesper Dangaard Brouer: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Next in thread: Edward Adam Davis: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]