syzbot

 sign-in | mailing list | source | docs
🐞 Open [1217]
Subsystems
🐞 Fixed [5619]
🐞 Invalid [13498]
Missing Backports [100]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in bpf_lru_pop_free / htab_lru_percpu_map_lookup_elem (2)

Status: auto-obsoleted due to no activity on 2024/08/28 12:16
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+674b7295badaa66d6e1c@syzkaller.appspotmail.com
First crash: 45d, last: 45d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in bpf_lru_pop_free / htab_lru_percpu_map_lookup_elem bpf 1 124d 124d 0/27 auto-obsoleted due to no activity on 2024/06/10 07:44

Sample crash report:
==================================================================
BUG: KCSAN: data-race in bpf_lru_pop_free / htab_lru_percpu_map_lookup_elem

write to 0xffff888114ca04a8 of 4 bytes by task 4747 on cpu 0:
 __local_list_add_pending kernel/bpf/bpf_lru_list.c:358 [inline]
 bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:457 [inline]
 bpf_lru_pop_free+0xc61/0xd30 kernel/bpf/bpf_lru_list.c:504
 prealloc_lru_pop kernel/bpf/hashtab.c:308 [inline]
 __htab_lru_percpu_map_update_elem+0xfe/0x630 kernel/bpf/hashtab.c:1355
 bpf_percpu_hash_update+0x5e/0xa0 kernel/bpf/hashtab.c:2421
 bpf_map_update_value+0x2b1/0x350 kernel/bpf/syscall.c:181
 generic_map_update_batch+0x401/0x520 kernel/bpf/syscall.c:1889
 bpf_map_do_batch+0x2f8/0x440 kernel/bpf/syscall.c:5218
 __sys_bpf+0x2e5/0x7a0
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5815
 x64_sys_call+0x23d5/0x2e00 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888114ca04a8 of 4 bytes by task 3090 on cpu 1:
 lookup_nulls_elem_raw kernel/bpf/hashtab.c:664 [inline]
 __htab_map_lookup_elem kernel/bpf/hashtab.c:694 [inline]
 htab_lru_percpu_map_lookup_elem+0xb8/0x1c0 kernel/bpf/hashtab.c:2355
 ____bpf_map_lookup_elem kernel/bpf/helpers.c:42 [inline]
 bpf_map_lookup_elem+0x35/0x50 kernel/bpf/helpers.c:38
 ___bpf_prog_run+0x9ab/0x46c0 kernel/bpf/core.c:2010
 __bpf_prog_run32+0x74/0xa0 kernel/bpf/core.c:2251
 bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
 __bpf_prog_run include/linux/filter.h:691 [inline]
 bpf_prog_run include/linux/filter.h:698 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2406 [inline]
 bpf_trace_run3+0x10c/0x1d0 kernel/trace/bpf_trace.c:2448
 trace_kmem_cache_free include/trace/events/kmem.h:114 [inline]
 kmem_cache_free+0x1fe/0x280 mm/slub.c:4547
 putname fs/namei.c:280 [inline]
 user_path_at+0xf5/0x110 fs/namei.c:3004
 ksys_umount fs/namespace.c:2033 [inline]
 __do_sys_umount fs/namespace.c:2041 [inline]
 __se_sys_umount fs/namespace.c:2039 [inline]
 __x64_sys_umount+0x85/0xe0 fs/namespace.c:2039
 x64_sys_call+0x2888/0x2e00 arch/x86/include/generated/asm/syscalls_64.h:167
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xb6290771 -> 0xb23993a3

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3090 Comm: syz-executor Not tainted 6.10.0-syzkaller-12246-g786c8248dbd3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/24 12:15 upstream 786c8248dbd3 57b2edb1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in bpf_lru_pop_free / htab_lru_percpu_map_lookup_elem
* Struck through repros no longer work on HEAD.