syzbot

 sign-in | mailing list | source | docs
🐞 Open [120] 🐞 Fixed [1] 🐞 Invalid [36] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG in prog_array_map_poke_run

Status: fixed on 2024/01/09 06:37
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+97a4fe20470e9bc30810@syzkaller.appspotmail.com
Fix commit: ec46fe0ac7cb UPSTREAM: bpf: Fix prog_array_map_poke_run map poke update
First crash: 184d, last: 125d
Cause bisection: failed (error log, bisect log)
  
Discussions (6)
Title Replies (including bot) Last reply
[PATCH stable 5.15 1/1] bpf: Fix prog_array_map_poke_run map poke update 1 (1) 2024/01/03 14:25
[PATCHv4 bpf 0/2] bpf: Fix map poke update 9 (9) 2023/12/21 14:34
[PATCHv3 bpf 0/2] bpf: Fix map poke update 5 (5) 2023/12/05 07:17
[PATCHv2 bpf 0/2] bpf: Fix prog_array_map_poke_run map poke update 7 (7) 2023/12/01 14:52
[PATCH bpf] bpf, x64: Fix prog_array_map_poke_run map poke update 4 (4) 2023/11/27 16:27
[REPORT] BPF: Reproducible triggering of BUG() from userspace PoC 1 (1) 2023/11/08 15:46
Bug presence (4)
Date Name Commit Repro Result
2023/12/22 android14-6.1 (ToT) 401a2769d990 C [report] kernel BUG in prog_array_map_poke_run
2023/11/07 lts (merge base) 52a953d0934b C [report] kernel BUG in prog_array_map_poke_run
2023/11/07 upstream (ToT) be3ca57cfb77 C [report] kernel BUG in prog_array_map_poke_run
2023/12/22 upstream (ToT) 24e0d2e527a3 C Didn't crash
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 kernel BUG in prog_array_map_poke_run origin:upstream missing-backport C done 16 125d 183d 0/3 upstream: reported C repro on 2023/11/07 11:42
upstream kernel BUG in prog_array_map_poke_run bpf C done done 35 143d 183d 25/26 fixed on 2024/01/23 01:55
linux-6.1 kernel BUG in prog_array_map_poke_run origin:upstream missing-backport C unreliable 3 138d 183d 0/3 upstream: reported C repro on 2023/11/08 01:21
android-5-15 kernel BUG in prog_array_map_poke_run missing-backport origin:upstream C done 32 116d 184d 0/2 auto-obsoleted due to no activity on 2024/03/24 07:32
android-5-10 kernel BUG in prog_array_map_poke_run C 149 2d04h 184d 0/2 upstream: reported C repro on 2023/11/07 04:51
Last patch testing requests (4)
Created Duration User Patch Repo Result
2023/12/16 20:56 15m retest repro android14-6.1 report log
2023/12/16 20:56 11m retest repro android14-6.1 report log
2023/12/16 20:56 6m retest repro android14-6.1 report log
2023/12/16 20:56 36m retest repro android14-6.1 report log

Sample crash report:
------------[ cut here ]------------
kernel BUG at kernel/bpf/arraymap.c:1077!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 305 Comm: kworker/0:2 Not tainted 6.1.57-syzkaller-00085-g6465e29536ed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Workqueue: events prog_array_map_clear_deferred
RIP: 0010:prog_array_map_poke_run+0x692/0x6b0 kernel/bpf/arraymap.c:1077
Code: 97 e4 ff 48 83 c4 70 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e1 97 e4 ff 0f 0b e9 e2 f9 ff ff e8 d5 97 e4 ff 0f 0b e8 ce 97 e4 ff <0f> 0b e8 c7 97 e4 ff 0f 0b e8 c0 97 e4 ff 0f 0b 66 2e 0f 1f 84 00
RSP: 0018:ffffc90000e47b70 EFLAGS: 00010293
RAX: ffffffff81909922 RBX: ffff888113b39090 RCX: ffff88811afe5100
RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 00000000ffffffea
RBP: ffffc90000e47c08 R08: ffffffff819096ad R09: fffff520001c8f3d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888121d6b200
R13: dffffc0000000000 R14: ffff888110fb6800 R15: 00000000fffffff0
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f562ca1e110 CR3: 000000010f626000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 fd_array_map_delete_elem+0x154/0x250 kernel/bpf/arraymap.c:871
 bpf_fd_array_map_clear kernel/bpf/arraymap.c:918 [inline]
 prog_array_map_clear_deferred+0xf8/0x210 kernel/bpf/arraymap.c:1097
 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299
 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446
 kthread+0x26d/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:prog_array_map_poke_run+0x692/0x6b0 kernel/bpf/arraymap.c:1077
Code: 97 e4 ff 48 83 c4 70 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e1 97 e4 ff 0f 0b e9 e2 f9 ff ff e8 d5 97 e4 ff 0f 0b e8 ce 97 e4 ff <0f> 0b e8 c7 97 e4 ff 0f 0b e8 c0 97 e4 ff 0f 0b 66 2e 0f 1f 84 00
RSP: 0018:ffffc90000e47b70 EFLAGS: 00010293
RAX: ffffffff81909922 RBX: ffff888113b39090 RCX: ffff88811afe5100
RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 00000000ffffffea
RBP: ffffc90000e47c08 R08: ffffffff819096ad R09: fffff520001c8f3d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888121d6b200
R13: dffffc0000000000 R14: ffff888110fb6800 R15: 00000000fffffff0
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f562ca1e110 CR3: 000000011e8c1000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/02 20:54 android14-6.1 6465e29536ed f819d6f7 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in prog_array_map_poke_run
2023/11/27 19:54 android14-6.1 df6e6fc38f4f 7ec6c044 .config console log report syz C ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2023/11/09 07:51 android14-6.1 beea09533dd2 4862372a .config console log report syz C ci2-android-6-1 kernel BUG in prog_array_map_poke_run
2023/11/07 09:58 android14-6.1 fef66e854447 83211397 .config console log report syz C ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2023/11/07 06:24 android14-6.1 fef66e854447 83211397 .config console log report syz C ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2023/11/07 04:59 android14-6.1 fef66e854447 83211397 .config console log report syz C ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2024/01/04 21:21 android14-6.1 4d99e41ce174 28c42cff .config console log report syz [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in prog_array_map_poke_run
2024/01/04 18:58 android14-6.1 4d99e41ce174 28c42cff .config console log report syz ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2024/01/02 10:02 android14-6.1 d3006fb9449d fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2024/01/02 09:54 android14-6.1 d3006fb9449d fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2023/12/29 04:02 android14-6.1 401a2769d990 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in prog_array_map_poke_run
2023/12/24 14:06 android14-6.1 401a2769d990 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2023/11/27 03:25 android14-6.1 d2c0f4c4502a 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
2023/11/14 17:45 android14-6.1 a59b32866cd4 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf kernel BUG in prog_array_map_poke_run
* Struck through repros no longer work on HEAD.