kernel BUG in prog_array_map_poke

Title	Replies (including bot)	Last reply
[PATCH stable 5.15 1/1] bpf: Fix prog_array_map_poke_run map poke update	1 (1)	2024/01/03 14:25
[PATCHv4 bpf 0/2] bpf: Fix map poke update	9 (9)	2023/12/21 14:34
[PATCHv3 bpf 0/2] bpf: Fix map poke update	5 (5)	2023/12/05 07:17
[PATCHv2 bpf 0/2] bpf: Fix prog_array_map_poke_run map poke update	7 (7)	2023/12/01 14:52
[PATCH bpf] bpf, x64: Fix prog_array_map_poke_run map poke update	4 (4)	2023/11/27 16:27
[REPORT] BPF: Reproducible triggering of BUG() from userspace PoC	1 (1)	2023/11/08 15:46

Title

Replies (including bot)

Last reply

[PATCH stable 5.15 1/1] bpf: Fix prog_array_map_poke_run map poke update

1 (1)

2024/01/03 14:25

[PATCHv4 bpf 0/2] bpf: Fix map poke update

9 (9)

2023/12/21 14:34

[PATCHv3 bpf 0/2] bpf: Fix map poke update

5 (5)

2023/12/05 07:17

[PATCHv2 bpf 0/2] bpf: Fix prog_array_map_poke_run map poke update

7 (7)

2023/12/01 14:52

[PATCH bpf] bpf, x64: Fix prog_array_map_poke_run map poke update

4 (4)

2023/11/27 16:27

[REPORT] BPF: Reproducible triggering of BUG() from userspace PoC

1 (1)

2023/11/08 15:46

Date	Name	Commit	Repro	Result
2023/12/22	android14-6.1 (ToT)	401a2769d990	C	[report] kernel BUG in prog_array_map_poke_run
2023/11/07	lts (merge base)	52a953d0934b	C	[report] kernel BUG in prog_array_map_poke_run
2023/11/07	upstream (ToT)	be3ca57cfb77	C	[report] kernel BUG in prog_array_map_poke_run
2023/12/22	upstream (ToT)	24e0d2e527a3	C	Didn't crash

Date

Name

Commit

Repro

Result

2023/12/22

android14-6.1 (ToT)

401a2769d990

[report] kernel BUG in prog_array_map_poke_run

2023/11/07

lts (merge base)

52a953d0934b

[report] kernel BUG in prog_array_map_poke_run

2023/11/07

upstream (ToT)

be3ca57cfb77

[report] kernel BUG in prog_array_map_poke_run

2023/12/22

upstream (ToT)

24e0d2e527a3

Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	kernel BUG in prog_array_map_poke_run origin:upstream missing-backport	C		done	16	321d	380d	0/3	upstream: reported C repro on 2023/11/07 11:42
upstream	kernel BUG in prog_array_map_poke_run bpf	C	done	done	35	339d	380d	25/28	fixed on 2024/01/23 01:55
linux-6.1	kernel BUG in prog_array_map_poke_run origin:upstream missing-backport	C		unreliable	3	334d	379d	0/3	upstream: reported C repro on 2023/11/08 01:21
android-5-15	kernel BUG in prog_array_map_poke_run missing-backport origin:upstream	C		done	32	312d	380d	0/2	auto-obsoleted due to no activity on 2024/03/24 07:32
android-5-10	kernel BUG in prog_array_map_poke_run	C			236	3d09h	380d	0/2	upstream: reported C repro on 2023/11/07 04:51

Created	Duration	User	Repo	Result
2023/12/16 20:56	15m	retest repro	android14-6.1	report log
2023/12/16 20:56	11m	retest repro	android14-6.1	report log
2023/12/16 20:56	6m	retest repro	android14-6.1	report log
2023/12/16 20:56	36m	retest repro	android14-6.1	report log

Created

Duration

User

Patch

Repo

Result

2023/12/16 20:56

15m

retest repro

android14-6.1

report log

2023/12/16 20:56

11m

retest repro

android14-6.1

report log

2023/12/16 20:56

retest repro

android14-6.1

report log

2023/12/16 20:56

36m

retest repro

android14-6.1

report log

------------[ cut here ]------------ kernel BUG at kernel/bpf/arraymap.c:1077! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 305 Comm: kworker/0:2 Not tainted 6.1.57-syzkaller-00085-g6465e29536ed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 Workqueue: events prog_array_map_clear_deferred RIP: 0010:prog_array_map_poke_run+0x692/0x6b0 kernel/bpf/arraymap.c:1077 Code: 97 e4 ff 48 83 c4 70 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e1 97 e4 ff 0f 0b e9 e2 f9 ff ff e8 d5 97 e4 ff 0f 0b e8 ce 97 e4 ff <0f> 0b e8 c7 97 e4 ff 0f 0b e8 c0 97 e4 ff 0f 0b 66 2e 0f 1f 84 00 RSP: 0018:ffffc90000e47b70 EFLAGS: 00010293 RAX: ffffffff81909922 RBX: ffff888113b39090 RCX: ffff88811afe5100 RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 00000000ffffffea RBP: ffffc90000e47c08 R08: ffffffff819096ad R09: fffff520001c8f3d R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888121d6b200 R13: dffffc0000000000 R14: ffff888110fb6800 R15: 00000000fffffff0 FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f562ca1e110 CR3: 000000010f626000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> fd_array_map_delete_elem+0x154/0x250 kernel/bpf/arraymap.c:871 bpf_fd_array_map_clear kernel/bpf/arraymap.c:918 [inline] prog_array_map_clear_deferred+0xf8/0x210 kernel/bpf/arraymap.c:1097 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446 kthread+0x26d/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:prog_array_map_poke_run+0x692/0x6b0 kernel/bpf/arraymap.c:1077 Code: 97 e4 ff 48 83 c4 70 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 e1 97 e4 ff 0f 0b e9 e2 f9 ff ff e8 d5 97 e4 ff 0f 0b e8 ce 97 e4 ff <0f> 0b e8 c7 97 e4 ff 0f 0b e8 c0 97 e4 ff 0f 0b 66 2e 0f 1f 84 00 RSP: 0018:ffffc90000e47b70 EFLAGS: 00010293 RAX: ffffffff81909922 RBX: ffff888113b39090 RCX: ffff88811afe5100 RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 00000000ffffffea RBP: ffffc90000e47c08 R08: ffffffff819096ad R09: fffff520001c8f3d R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888121d6b200 R13: dffffc0000000000 R14: ffff888110fb6800 R15: 00000000fffffff0 FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f562ca1e110 CR3: 000000011e8c1000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (14):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2023/12/02 20:54	android14-6.1	6465e29536ed	f819d6f7	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-6-1	kernel BUG in prog_array_map_poke_run
2023/11/27 19:54	android14-6.1	df6e6fc38f4f	7ec6c044	.config	console log	report	syz	C			ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2023/11/09 07:51	android14-6.1	beea09533dd2	4862372a	.config	console log	report	syz	C			ci2-android-6-1	kernel BUG in prog_array_map_poke_run
2023/11/07 09:58	android14-6.1	fef66e854447	83211397	.config	console log	report	syz	C			ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2023/11/07 06:24	android14-6.1	fef66e854447	83211397	.config	console log	report	syz	C			ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2023/11/07 04:59	android14-6.1	fef66e854447	83211397	.config	console log	report	syz	C			ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2024/01/04 21:21	android14-6.1	4d99e41ce174	28c42cff	.config	console log	report	syz			[disk image] [vmlinux] [kernel image]	ci2-android-6-1	kernel BUG in prog_array_map_poke_run
2024/01/04 18:58	android14-6.1	4d99e41ce174	28c42cff	.config	console log	report	syz				ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2024/01/02 10:02	android14-6.1	d3006fb9449d	fb427a07	.config	console log	report			info		ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2024/01/02 09:54	android14-6.1	d3006fb9449d	fb427a07	.config	console log	report			info		ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2023/12/29 04:02	android14-6.1	401a2769d990	fb427a07	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	kernel BUG in prog_array_map_poke_run
2023/12/24 14:06	android14-6.1	401a2769d990	fb427a07	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2023/11/27 03:25	android14-6.1	d2c0f4c4502a	5b429f39	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run
2023/11/14 17:45	android14-6.1	a59b32866cd4	cb976f63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1-perf	kernel BUG in prog_array_map_poke_run

Crashes (14):

Assets (help?)