syzbot


BUG: unable to handle kernel NULL pointer dereference in bpf

Status: fixed on 2022/03/08 16:10
Fix commit: ad10c381d133 bpf: Add missing map_delete_elem method to bloom filter map
First crash: 1141d, last: 1069d
Cause bisection: introduced by (bisect log) :
commit 9330986c03006ab1d33d243b7cfe598a7a3c1baa
Author: Joanne Koong <joannekoong@fb.com>
Date: Wed Oct 27 23:45:00 2021 +0000

  bpf: Add bloom filter map implementation

Crash: BUG: unable to handle kernel NULL pointer dereference in bpf (log)
Repro: C syz .config
  

Sample crash report:
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 18cb1067 P4D 18cb1067 PUD 188da067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3597 Comm: syz-executor657 Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc9000297fce0 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 1ffff9200052ffa3 RCX: 0000000000000000
RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff888073397000
RBP: ffffc9000297ff08 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff8185f8f3 R11: 0000000000000000 R12: ffffffff89b3f400
R13: ffff888073397000 R14: ffff88801c44ea00 R15: 0000000000000000
FS:  00005555574bc300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000018baa000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 map_get_next_key kernel/bpf/syscall.c:1292 [inline]
 __sys_bpf+0x36c3/0x5950 kernel/bpf/syscall.c:4627
 __do_sys_bpf kernel/bpf/syscall.c:4737 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4735 [inline]
 __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4735
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7ff46c576089
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffec7d87e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff46c576089
RDX: 0000000000000020 RSI: 0000000020000280 RDI: 0000000000000004
RBP: 00007ff46c53a070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff46c53a100
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 1c7b49361345a281 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0018:ffffc9000297fce0 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 1ffff9200052ffa3 RCX: 0000000000000000
RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff888073397000
RBP: ffffc9000297ff08 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff8185f8f3 R11: 0000000000000000 R12: ffffffff89b3f400
R13: ffff888073397000 R14: ffff88801c44ea00 R15: 0000000000000000
FS:  00005555574bc300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000018baa000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (753):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/01/03 21:12 bpf d6d86830705f 4a3f34f2 .config console log report syz C ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/03 21:12 net-old 1ef5e1d0dca5 4a3f34f2 .config console log report syz C ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/03 20:18 net-old 1ef5e1d0dca5 4a3f34f2 .config console log report syz C ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/03 20:18 bpf d6d86830705f 4a3f34f2 .config console log report syz C ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2021/12/25 07:42 net-old b45396afa417 6caa12e4 .config console log report syz C ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2021/12/25 07:39 bpf 819d11507f66 6caa12e4 .config console log report syz C ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2021/12/25 07:53 bpf-next 4b443bc1785f 6caa12e4 .config console log report syz C ci-upstream-bpf-next-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2021/12/25 07:44 net-next-old 7467d716583e 6caa12e4 .config console log report syz C ci-upstream-net-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2021/10/30 13:12 bpf-next f48ad69097fe 098b5d53 .config console log report syz C ci-upstream-bpf-next-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 10:42 upstream d1587f7bfe9a 2ca0d385 .config console log report info ci-upstream-kasan-gce-selinux-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 09:38 upstream d1587f7bfe9a 2ca0d385 .config console log report info ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 19:50 upstream ddec8ed2d490 2ca0d385 .config console log report info ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 19:43 upstream ddec8ed2d490 2ca0d385 .config console log report info ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 15:49 upstream 75acfdb6fd92 6acc789a .config console log report info ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 14:48 upstream 75acfdb6fd92 6acc789a .config console log report info ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 12:31 upstream c9e6606c7fe9 0a2584dd .config console log report info ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 12:05 upstream c9e6606c7fe9 0a2584dd .config console log report info ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 23:47 upstream c9e6606c7fe9 0a2584dd .config console log report info ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 21:38 upstream c9e6606c7fe9 0a2584dd .config console log report info ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 08:06 upstream c9e6606c7fe9 7f723fbe .config console log report info ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/02 17:41 upstream 278218f6778b e1768e9c .config console log report info ci-qemu-upstream BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/09 22:18 upstream 4634129ad9fd 2ca0d385 .config console log report info ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 10:13 upstream b2b436ec0205 6acc789a .config console log report info ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 22:52 upstream 75acfdb6fd92 6acc789a .config console log report info ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 06:36 upstream c9e6606c7fe9 0a2584dd .config console log report info ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 05:12 upstream c9e6606c7fe9 0a2584dd .config console log report info ci-qemu-upstream-386 BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/10 08:45 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/09 20:58 net-old 6dc9a23e2906 2ca0d385 .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/09 17:33 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/09 03:45 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 20:51 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 18:37 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 14:14 net-old 6dc9a23e2906 2ca0d385 .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 13:05 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 06:39 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 03:04 net-old dc35616e6c29 2ca0d385 .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/08 00:53 net-old dc35616e6c29 2ca0d385 .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 21:08 bpf d6d86830705f 2ca0d385 .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 18:13 net-old dc35616e6c29 2ca0d385 .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 09:43 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 07:56 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 04:07 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/07 00:50 net-old 36595d8ad46d 6acc789a .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 22:57 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 18:42 net-old 36595d8ad46d 6acc789a .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 14:14 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 09:00 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 07:19 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 02:29 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/06 01:28 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 21:33 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 19:22 bpf d6d86830705f 6acc789a .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 03:56 bpf d6d86830705f 0a2584dd .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/05 02:13 bpf d6d86830705f 0a2584dd .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 21:38 net-old 7d18a07897d0 0a2584dd .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 20:11 bpf d6d86830705f 0a2584dd .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 14:46 bpf d6d86830705f 7f723fbe .config console log report info ci-upstream-bpf-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 11:27 net-old 065e1ae02fbe 7f723fbe .config console log report info ci-upstream-net-this-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/01 06:58 net-next-old af30f8eaa8fe e1768e9c .config console log report info ci-upstream-net-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2021/12/31 15:57 bpf-next 4b443bc1785f 36bd2e48 .config console log report info ci-upstream-bpf-next-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2021/10/30 12:56 bpf-next f48ad69097fe 098b5d53 .config console log report info ci-upstream-bpf-next-kasan-gce BUG: unable to handle kernel NULL pointer dereference in bpf
2022/01/04 10:03 linux-next ea586a076e8a 7f723fbe .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in bpf
* Struck through repros no longer work on HEAD.