general protection fault in bq_flush_to

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in bq_flush_to_queue bpf net				22	111d	120d	27/28	fixed on 2024/08/23 02:59
linux-6.1	general protection fault in bq_flush_to_queue				2	90d	115d	0/3	upstream: reported on 2024/07/29 12:28

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 2215 Comm: syz.1.779 Not tainted 6.1.112-syzkaller-00110-g976b055754d7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:bq_flush_to_queue+0x47/0x6e0 kernel/bpf/cpumap.c:713 Code: df e8 ad 6c dd ff 49 8d 5f 50 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 53 d6 24 00 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 cd 04 00 00 48 89 5d 80 44 8b 33 4d 8d RSP: 0018:ffffc9000e1af5d8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 RDX: ffffc900010f9000 RSI: 0000000000000c25 RDI: 0000000000000c26 RBP: ffffc9000e1af668 R08: ffffffff81983638 R09: 0000000000000003 R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 R13: ffff8881f6e34440 R14: ffff8881f6e34440 R15: ffff8881f7e000e0 FS: 00007f96f24d26c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e01eff8 CR3: 0000000123d09000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __cpu_map_flush+0xab/0x130 kernel/bpf/cpumap.c:804 xdp_do_flush+0x13/0x20 net/core/filter.c:4183 xdp_test_run_batch net/bpf/test_run.c:332 [inline] bpf_test_run_xdp_live+0x167d/0x1f70 net/bpf/test_run.c:362 bpf_prog_test_run_xdp+0x7d1/0x1130 net/bpf/test_run.c:1393 bpf_prog_test_run+0x3b0/0x630 kernel/bpf/syscall.c:3665 __sys_bpf+0x59f/0x7f0 kernel/bpf/syscall.c:5020 __do_sys_bpf kernel/bpf/syscall.c:5106 [inline] __se_sys_bpf kernel/bpf/syscall.c:5104 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5104 x64_sys_call+0x87f/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f96f177e719 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f96f24d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f96f1935f80 RCX: 00007f96f177e719 RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a RBP: 00007f96f17f139e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f96f1935f80 R15: 00007ffde8682958 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:bq_flush_to_queue+0x47/0x6e0 kernel/bpf/cpumap.c:713 Code: df e8 ad 6c dd ff 49 8d 5f 50 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 53 d6 24 00 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 cd 04 00 00 48 89 5d 80 44 8b 33 4d 8d RSP: 0018:ffffc9000e1af5d8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 RDX: ffffc900010f9000 RSI: 0000000000000c25 RDI: 0000000000000c26 RBP: ffffc9000e1af668 R08: ffffffff81983638 R09: 0000000000000003 R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 R13: ffff8881f6e34440 R14: ffff8881f6e34440 R15: ffff8881f7e000e0 FS: 00007f96f24d26c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e01eff8 CR3: 0000000123d09000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: e8 ad 6c dd ff call 0xffdd6cb2 5: 49 8d 5f 50 lea 0x50(%r15),%rbx 9: 48 89 d8 mov %rbx,%rax c: 48 c1 e8 03 shr $0x3,%rax 10: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) 15: 74 08 je 0x1f 17: 48 89 df mov %rbx,%rdi 1a: e8 53 d6 24 00 call 0x24d672 1f: 48 8b 1b mov (%rbx),%rbx 22: 48 89 d8 mov %rbx,%rax 25: 48 c1 e8 03 shr $0x3,%rax * 29: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 0f 85 cd 04 00 00 jne 0x503 36: 48 89 5d 80 mov %rbx,-0x80(%rbp) 3a: 44 8b 33 mov (%rbx),%r14d 3d: 4d rex.WRB 3e: 8d .byte 0x8d

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2024/11/05 21:35	android14-6.1	976b055754d7	da38b4c9	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	general protection fault in bq_flush_to_queue
2024/11/03 13:20	android14-6.1	fadb08b36671	f00eed24	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1-perf	general protection fault in bq_flush_to_queue
2024/10/18 22:23	android14-6.1	1fe91f863a7f	cd6fc0a3	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	general protection fault in bq_flush_to_queue
2024/08/26 14:18	android14-6.1	514bdc80b9d2	9aee4e0b	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	general protection fault in bq_flush_to_queue
2024/08/24 21:46	android14-6.1	514bdc80b9d2	d7d32352	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1-perf	general protection fault in bq_flush_to_queue
2024/07/18 06:28	android14-6.1	c78828e3832d	0f902625	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1-perf	general protection fault in bq_flush_to_queue
2024/07/15 20:17	android14-6.1	96d66062d076	e8709b21	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-android-6-1	general protection fault in bq_flush_to_queue