syzbot

 sign-in | mailing list | source | docs
🐞 Open [1460]
Subsystems
🐞 Fixed [6817]
🐞 Invalid [17643]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free

Status: upstream: reported on 2025/06/10 08:01
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+ad4661d6ca888ce7fe11@syzkaller.appspotmail.com
First crash: 201d, last: 12d
Discussions (6)
Title Replies (including bot) Last reply
[syzbot] Monthly bpf report (Dec 2025) 0 (1) 2025/12/06 09:24
[syzbot] Monthly bpf report (Nov 2025) 0 (1) 2025/11/05 08:25
[syzbot] Monthly bpf report (Oct 2025) 0 (1) 2025/10/06 17:29
[syzbot] Monthly bpf report (Sep 2025) 0 (1) 2025/09/03 12:45
[PATCH] bpf: restrict verifier access to bpf_lru_node.ref 5 (5) 2025/07/16 20:02
[syzbot] [bpf?] KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free 0 (1) 2025/06/10 08:01

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free

write to 0xffff88811b031d68 of 4 bytes by task 3599 on cpu 0:
 __local_list_add_pending kernel/bpf/bpf_lru_list.c:350 [inline]
 bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:449 [inline]
 bpf_lru_pop_free+0xbea/0xcc0 kernel/bpf/bpf_lru_list.c:496
 prealloc_lru_pop kernel/bpf/hashtab.c:299 [inline]
 __htab_lru_percpu_map_update_elem+0xea/0x690 kernel/bpf/hashtab.c:1346
 bpf_percpu_hash_update+0x61/0xa0 kernel/bpf/hashtab.c:2400
 bpf_map_update_value+0x36b/0x570 kernel/bpf/syscall.c:270
 generic_map_update_batch+0x3eb/0x540 kernel/bpf/syscall.c:2038
 bpf_map_do_batch+0x25c/0x380 kernel/bpf/syscall.c:5647
 __sys_bpf+0x5f8/0x7c0 kernel/bpf/syscall.c:-1
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
 x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811b031d68 of 4 bytes by task 3594 on cpu 1:
 lookup_nulls_elem_raw kernel/bpf/hashtab.c:639 [inline]
 __htab_map_lookup_elem+0xab/0x150 kernel/bpf/hashtab.c:668
 htab_lru_percpu_map_lookup_elem+0x20/0xb0 kernel/bpf/hashtab.c:2334
 bpf_prog_1908f35e458ae2da+0x48/0x50
 bpf_dispatcher_nop_func include/linux/bpf.h:1376 [inline]
 __bpf_prog_run include/linux/filter.h:723 [inline]
 bpf_prog_run include/linux/filter.h:730 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2075 [inline]
 bpf_trace_run2+0x107/0x1d0 kernel/trace/bpf_trace.c:2116
 __traceiter_kfree+0x2e/0x50 include/trace/events/kmem.h:97
 __do_trace_kfree include/trace/events/kmem.h:97 [inline]
 trace_kfree include/trace/events/kmem.h:97 [inline]
 kfree+0x353/0x3c0 mm/slub.c:6863
 __import_iovec+0x46b/0x540 lib/iov_iter.c:1394
 io_import_vec io_uring/rw.c:99 [inline]
 __io_import_rw_buffer io_uring/rw.c:120 [inline]
 io_import_rw_buffer+0x245/0x380 io_uring/rw.c:139
 io_rw_do_import io_uring/rw.c:313 [inline]
 io_prep_rw io_uring/rw.c:325 [inline]
 io_prep_rwv+0xae/0x250 io_uring/rw.c:343
 io_prep_writev+0x22/0x30 io_uring/rw.c:363
 io_init_req io_uring/io_uring.c:2234 [inline]
 io_submit_sqe io_uring/io_uring.c:2281 [inline]
 io_submit_sqes+0x70f/0x11b0 io_uring/io_uring.c:2434
 __do_sys_io_uring_enter io_uring/io_uring.c:3280 [inline]
 __se_sys_io_uring_enter+0x1bd/0x1a30 io_uring/io_uring.c:3219
 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3219
 x64_sys_call+0x27e4/0x3000 arch/x86/include/generated/asm/syscalls_64.h:427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xed14c2bb -> 0xe441e0ed

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3594 Comm: syz.2.36 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (27):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/16 15:29 upstream 40fbbd64bba6 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/12/06 11:38 upstream 416f99c3b16f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/12/06 11:35 upstream 416f99c3b16f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/11/30 10:35 upstream 6bda50f4333f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/11/28 03:47 upstream e1afacb68573 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/11/25 07:13 upstream ac3fd01e4c1e 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/10/31 10:24 upstream d127176862a9 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/10/30 06:23 upstream e53642b87a4f fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/10/29 05:40 upstream 8eefed8f65cc fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/10/04 00:08 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/10/04 00:07 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/10/04 00:07 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/10/02 07:57 upstream 080ffb4bec4d 267f56c6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/09/09 17:43 upstream f777d1112ee5 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/09/02 16:53 upstream b320789d6883 96a211bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/08/29 22:06 upstream fb679c832b64 3e1beec6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/08/17 14:34 upstream 99bade344cfa 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/08/06 05:15 upstream 6bcdbd62bd56 ffe1dd46 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/26 17:29 upstream 5f33ebd2018c fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/24 17:12 upstream 25fae0b93d1d 65d60d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/22 03:41 upstream 89be9a83ccf1 1555463b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/16 15:14 upstream 155a3c003e55 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/16 15:13 upstream 155a3c003e55 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/16 01:57 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/10 23:04 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/07/09 05:41 upstream d006330be3f7 4d9fdfa4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
2025/06/10 05:38 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __htab_map_lookup_elem / bpf_lru_pop_free
* Struck through repros no longer work on HEAD.