syzbot


WARNING in bpf_jit_free

Status: fixed on 2019/09/06 20:45
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+2ff1e7cb738fd3c41113@syzkaller.appspotmail.com
Fix commit: c751798aa224 bpf: fix use after free in prog symbol exposure
First crash: 2283d, last: 1866d
Cause bisection: introduced by (bisect log) :
commit 0fff724a33917ac581b5825375d0b57affedee76
Author: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
Date: Fri Jan 18 14:51:13 2019 +0000

  drm/sun4i: backend: Use explicit fourcc helpers for packed YUV422 check

Crash: WARNING in bpf_jit_free (log)
Repro: syz .config
  
Discussions (4)
Title Replies (including bot) Last reply
Reminder: 8 active syzbot reports in "net/bpf" subsystem 1 (1) 2019/08/16 04:17
Reminder: 36 open syzbot bugs in "net/bpf" subsystem 1 (1) 2019/07/03 06:01
Reminder: 30 open syzbot bugs in "net/bpf" subsystem 1 (1) 2019/06/24 05:01
WARNING in bpf_jit_free 5 (9) 2019/06/11 09:08
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in bpf_jit_free syz done 60 1835d 2008d 1/1 fixed on 2019/12/17 14:31
linux-4.19 WARNING in bpf_jit_free syz done 293 1837d 2015d 1/1 fixed on 2019/12/17 00:29
Last patch testing requests (2)
Created Duration User Patch Repo Result
2019/08/26 08:23 18m daniel@iogearbox.net bpf OK
2019/04/01 08:48 20m daniel@iogearbox.net git://git.kernel.org/pub/scm/linux/kernel/git/dborkman/bpf.git kallsyms report log

Sample crash report:
WARNING: CPU: 0 PID: 8951 at kernel/bpf/core.c:851 bpf_jit_free+0x157/0x1b0
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8951 Comm: kworker/0:0 Not tainted 5.2.0-rc3+ #23
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events bpf_prog_free_deferred
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 panic+0x2cb/0x744 kernel/panic.c:219
 __warn.cold+0x20/0x4d kernel/panic.c:576
 report_bug+0x263/0x2b0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:986
RIP: 0010:bpf_jit_free+0x157/0x1b0
Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 5d 48 b8 00 02 00 00 00 00 ad de 48 39 43 70 0f 84 05 ff ff ff e8 f9 b5 f4 ff <0f> 0b e9 f9 fe ff ff e8 bd 53 2d 00 e9 d9 fe ff ff 48 89 7d e0 e8
RSP: 0018:ffff88808886fcb0 EFLAGS: 00010293
RAX: ffff88808cb6c480 RBX: ffff88809051d280 RCX: ffffffff817ae68d
RDX: 0000000000000000 RSI: ffffffff817bf0f7 RDI: ffff88809051d2f0
RBP: ffff88808886fcd0 R08: 1ffffffff14ccaa8 R09: fffffbfff14ccaa9
R10: fffffbfff14ccaa8 R11: ffffffff8a665547 R12: ffffc90001925000
R13: ffff88809051d2e8 R14: ffff8880a0e43900 R15: ffff8880ae834840
 bpf_prog_free_deferred+0x27a/0x350 kernel/bpf/core.c:1984
 process_one_work+0x989/0x1790 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x354/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (21697):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/08 11:21 upstream 79c3ba3206c7 cf9c3a50 .config console log report syz C ci-upstream-kasan-gce-root
2019/08/12 02:52 upstream 296d05cb0d3c acb51638 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/08/10 17:11 upstream 7f20fd23377a acb51638 .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/07/31 09:21 upstream 629f8205a6cc 7c7ded69 .config console log report syz ci-upstream-kasan-gce-root
2019/06/21 22:52 upstream abf02e2964b3 34bf9440 .config console log report syz ci-upstream-kasan-gce-root
2019/06/20 18:34 upstream abf02e2964b3 34bf9440 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/06/03 23:12 upstream f2c7c76c5d0a 63bf051f .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/06/03 04:09 upstream 9221dced3069 53c81ea5 .config console log report syz ci-upstream-kasan-gce-root
2019/06/02 16:06 upstream 3ab4436f688c 53c81ea5 .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/06/02 15:51 upstream 3ab4436f688c 53c81ea5 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/06/01 08:53 upstream 3ab4436f688c 53c81ea5 .config console log report syz ci-upstream-kasan-gce-root
2019/05/24 00:56 upstream 61686afe1ff3 0dadcd9d .config console log report syz ci-upstream-kasan-gce-smack-root
2019/05/12 09:55 upstream 8148c17b179d c017728b .config console log report syz ci-upstream-kasan-gce-root
2019/05/08 05:54 upstream 8ff468c29e9a a7383bfa .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/05/08 05:12 upstream 8ff468c29e9a a7383bfa .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/05/08 01:02 upstream 8ff468c29e9a a7383bfa .config console log report syz ci-upstream-kasan-gce-root
2019/04/30 00:22 upstream 80871482fd5c b617407b .config console log report syz ci-upstream-kasan-gce-smack-root
2019/04/29 23:05 upstream 80871482fd5c b617407b .config console log report syz ci-upstream-kasan-gce-root
2019/04/29 22:54 upstream 80871482fd5c b617407b .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/04/29 03:01 upstream 9520b5324b0e b617407b .config console log report syz ci-upstream-kasan-gce-smack-root
2019/04/29 01:49 upstream 9520b5324b0e b617407b .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/04/26 09:56 upstream 8113a85f8720 b617407b .config console log report syz ci-upstream-kasan-gce-root
2019/04/25 19:24 upstream f6f3e747454f f46aabc8 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/03/30 05:16 upstream 0e40da3efeb0 c35ee0ea .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/07/04 18:24 bpf 9d1bc24b52fb 55565fa0 .config console log report syz ci-upstream-bpf-kasan-gce
2019/06/23 02:39 bpf 56f0f84e69c7 34bf9440 .config console log report syz ci-upstream-bpf-kasan-gce
2019/06/17 23:14 bpf 5ca3cd3ffbb7 442206d7 .config console log report syz ci-upstream-bpf-kasan-gce
2019/05/08 02:08 bpf b9aa0b35d878 a7383bfa .config console log report syz ci-upstream-bpf-kasan-gce
2019/05/03 21:16 net-old ea9866793d1e d28f4ce5 .config console log report syz ci-upstream-net-this-kasan-gce
2019/04/29 01:21 net-old 21f1b8a6636c b617407b .config console log report syz ci-upstream-net-this-kasan-gce
2018/09/07 23:22 bpf 28619527b8a7 69cfeb80 .config console log report syz ci-upstream-bpf-kasan-gce
2019/08/13 05:29 net-next-old 53f6f391786e 8620c2c2 .config console log report syz ci-upstream-net-kasan-gce
2019/06/29 11:57 bpf-next 8daed7677a1d 7509bf36 .config console log report syz ci-upstream-bpf-next-kasan-gce
2019/06/20 14:53 bpf-next dca73a65a683 34bf9440 .config console log report syz ci-upstream-bpf-next-kasan-gce
2019/05/12 09:33 net-next-old b970afcfcabd c017728b .config console log report syz ci-upstream-net-kasan-gce
2019/05/11 17:43 bpf-next 80f232121b69 46caad94 .config console log report syz ci-upstream-bpf-next-kasan-gce
2019/05/11 00:00 bpf-next 80f232121b69 cfeec859 .config console log report syz ci-upstream-bpf-next-kasan-gce
2019/05/08 00:16 bpf-next d24ed99b3b27 a7383bfa .config console log report syz ci-upstream-bpf-next-kasan-gce
2019/04/26 09:32 bpf-next 0e33d334df13 b617407b .config console log report syz ci-upstream-bpf-next-kasan-gce
2019/06/16 22:17 linux-next f4788d37bc84 442206d7 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/05/11 00:45 linux-next a802303934b3 cfeec859 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/04/29 22:53 linux-next 3d17a1de96a2 b617407b .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/04/25 14:06 linux-next c392798a85ab 8e3c52b1 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/08/27 18:38 upstream a55aa89aab90 d21c5d9d .config console log report ci-upstream-kasan-gce-selinux-root
2019/08/25 13:28 upstream 361469211f87 d21c5d9d .config console log report ci-upstream-kasan-gce-root
2019/08/24 06:37 upstream e3fb13b7e47c 78ded196 .config console log report ci-upstream-kasan-gce-smack-root
2018/07/16 10:22 upstream 9d3cce1e8b85 92a49505 .config console log report ci-upstream-kasan-gce-root
2019/08/23 22:56 bpf 3035bb72ee47 78ded196 .config console log report ci-upstream-bpf-kasan-gce
2019/08/09 14:44 net-old 8c25d0887a8b ede31a9b .config console log report ci-upstream-net-this-kasan-gce
2019/09/06 17:32 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/06 14:55 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/06 04:44 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/06 03:08 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/05 23:50 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/05 20:45 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/05 19:31 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/05 17:38 bpf-next 310f4204eeb6 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/05 10:40 bpf-next 110509df4540 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 22:45 bpf-next 110509df4540 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 18:28 bpf-next 110509df4540 040fda58 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 16:52 bpf-next 110509df4540 12381952 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 14:42 bpf-next 110509df4540 12381952 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 13:37 bpf-next 110509df4540 12381952 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 12:54 bpf-next 110509df4540 12381952 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 07:56 bpf-next 110509df4540 12381952 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 04:04 bpf-next 110509df4540 526709ff .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 02:01 bpf-next 110509df4540 526709ff .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/04 00:53 bpf-next 110509df4540 526709ff .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/03 19:17 bpf-next ac915762ea39 48448e71 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/03 13:10 bpf-next bdb15a29cc28 48448e71 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/03 10:42 bpf-next bdb15a29cc28 14544a56 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/03 05:40 bpf-next bdb15a29cc28 14544a56 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/02 18:00 bpf-next bdb15a29cc28 14544a56 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/02 16:04 bpf-next bdb15a29cc28 db7c31ca .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/02 09:04 bpf-next bdb15a29cc28 db7c31ca .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/02 06:50 bpf-next bdb15a29cc28 db7c31ca .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/02 05:17 bpf-next bdb15a29cc28 db7c31ca .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/02 01:01 bpf-next bdb15a29cc28 bad3cce2 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/01 15:10 bpf-next bdb15a29cc28 bad3cce2 .config console log report ci-upstream-bpf-next-kasan-gce
2019/09/01 08:40 bpf-next bdb15a29cc28 bad3cce2 .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/31 17:31 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/31 16:05 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/31 11:33 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/31 07:23 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/31 03:26 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/30 18:32 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/30 15:11 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/30 12:10 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/30 10:25 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/30 10:11 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/30 08:46 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/29 23:20 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/29 17:54 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/29 00:57 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/28 20:23 bpf-next 47ee6e86e0a3 fd37b39e .config console log report ci-upstream-bpf-next-kasan-gce
2019/08/24 13:31 net-next-old d4ed7463d02a 78ded196 .config console log report ci-upstream-net-kasan-gce
2019/08/25 20:11 linux-next 9733a7c62c66 d21c5d9d .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.