syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG in prog_array_map_poke_run

Status: fixed on 2024/01/23 01:55
Subsystems: bpf
[Documentation on labels]
Fix commit: 4b7de801606e bpf: Fix prog_array_map_poke_run map poke update
First crash: 171d, last: 131d
Cause bisection: introduced by (bisect log) :
commit 7b15523a989b63927c2bb08e9b5b0bbc10b58bef
Author: Florent Revest <revest@chromium.org>
Date: Mon Apr 19 15:52:40 2021 +0000

  bpf: Add a bpf_snprintf helper

Crash: kernel BUG in prog_array_map_poke_run (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 4b7de801606e504e69689df71475d27e35336fb3
Author: Jiri Olsa <jolsa@kernel.org>
Date: Wed Dec 6 08:30:40 2023 +0000

  bpf: Fix prog_array_map_poke_run map poke update

  
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 kernel BUG in prog_array_map_poke_run origin:upstream missing-backport C done 16 113d 171d 0/3 upstream: reported C repro on 2023/11/07 11:42
linux-6.1 kernel BUG in prog_array_map_poke_run origin:upstream missing-backport C unreliable 3 126d 171d 0/3 upstream: reported C repro on 2023/11/08 01:21
android-6-1 kernel BUG in prog_array_map_poke_run origin:upstream missing-backport C error 14 113d 172d 2/2 fixed on 2024/01/09 06:37
android-5-15 kernel BUG in prog_array_map_poke_run missing-backport origin:upstream C done 32 104d 172d 0/2 auto-obsoleted due to no activity on 2024/03/24 07:32
android-5-10 kernel BUG in prog_array_map_poke_run C 142 now 172d 0/2 upstream: reported C repro on 2023/11/07 04:51
Last patch testing requests (7)
Created Duration User Patch Repo Result
2024/01/01 10:03 53m retest repro bpf OK log
2024/01/01 10:03 1h25m retest repro bpf OK log
2024/01/01 08:42 1h15m retest repro bpf-next OK log
2024/01/01 08:42 1h00m retest repro net OK log
2024/01/01 08:42 50m retest repro bpf-next OK log
2024/01/01 08:00 25m retest repro net-next OK log
2024/01/01 08:00 23m retest repro net-next OK log

Sample crash report:
------------[ cut here ]------------
kernel BUG at kernel/bpf/arraymap.c:1092!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 11035 Comm: kworker/0:4 Not tainted 6.7.0-rc2-syzkaller-g75a442581d05 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Workqueue: events prog_array_map_clear_deferred
RIP: 0010:prog_array_map_poke_run+0x58b/0x6d0 kernel/bpf/arraymap.c:1092
Code: e8 9a a7 e4 ff 90 0f 0b e8 92 a7 e4 ff 44 89 f6 bf ea ff ff ff e8 f5 a2 e4 ff 41 83 fe ea 0f 84 fe fe ff ff e8 76 a7 e4 ff 90 <0f> 0b e8 2e 4e 3b 00 e9 08 fc ff ff e8 04 4e 3b 00 e9 c7 fb ff ff
RSP: 0018:ffffc900035afb90 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880275c9280 RCX: ffffffff81a2e2ab
RDX: ffff888079af8000 RSI: ffffffff81a2e2ba RDI: 0000000000000005
RBP: dffffc0000000000 R08: 0000000000000005 R09: 00000000ffffffea
R10: 00000000fffffff0 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88801d73f050 R14: 00000000fffffff0 R15: ffff88801d73f040
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8fad872d58 CR3: 0000000024fd3000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 fd_array_map_delete_elem+0x189/0x2e0 kernel/bpf/arraymap.c:886
 bpf_fd_array_map_clear kernel/bpf/arraymap.c:933 [inline]
 prog_array_map_clear_deferred+0x113/0x1b0 kernel/bpf/arraymap.c:1112
 process_one_work+0x886/0x15d0 kernel/workqueue.c:2630
 process_scheduled_works kernel/workqueue.c:2703 [inline]
 worker_thread+0x8b9/0x1290 kernel/workqueue.c:2784
 kthread+0x2c6/0x3a0 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:prog_array_map_poke_run+0x58b/0x6d0 kernel/bpf/arraymap.c:1092
Code: e8 9a a7 e4 ff 90 0f 0b e8 92 a7 e4 ff 44 89 f6 bf ea ff ff ff e8 f5 a2 e4 ff 41 83 fe ea 0f 84 fe fe ff ff e8 76 a7 e4 ff 90 <0f> 0b e8 2e 4e 3b 00 e9 08 fc ff ff e8 04 4e 3b 00 e9 c7 fb ff ff
RSP: 0018:ffffc900035afb90 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880275c9280 RCX: ffffffff81a2e2ab
RDX: ffff888079af8000 RSI: ffffffff81a2e2ba RDI: 0000000000000005
RBP: dffffc0000000000 R08: 0000000000000005 R09: 00000000ffffffea
R10: 00000000fffffff0 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88801d73f050 R14: 00000000fffffff0 R15: ffff88801d73f040
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555637eda8 CR3: 0000000021b62000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/27 18:52 bpf 75a442581d05 5b429f39 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/27 18:30 net ccf49cebe595 5b429f39 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/07 13:55 bpf d84b139f53e8 83211397 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/27 18:40 bpf-next b16904fd9f01 5b429f39 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/27 16:58 net-next e1df5202e879 5b429f39 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/07 12:28 bpf-next 856624f12b04 83211397 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/07 11:37 net-next ff269e2cd5ad 83211397 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/05 03:11 bpf dfce9cb31405 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/04 23:23 net 79321a793945 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/04 18:59 bpf dfce9cb31405 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/04 07:52 bpf dfce9cb31405 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/30 12:30 net 300fbb247eb3 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/30 03:14 bpf 51354f700d40 6e78f9ce .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/29 00:31 net 91d3d149978b 1adfb6f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/26 07:12 net e2b706c69190 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/26 01:27 bpf c0c6bde586c7 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/25 19:42 net e2b706c69190 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/24 06:24 bpf c0c6bde586c7 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/19 19:49 net 76df934c6d5f cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/18 15:56 net 76df934c6d5f cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/17 12:46 bpf 7475e51b8796 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/11 13:53 net 719639853d88 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/11 10:21 bpf e2e57d637aa5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/09 12:37 net 1bea2c3e6df8 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/18 07:46 bpf-next 42d45c45624a 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/16 09:22 bpf-next 42d45c45624a 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/10 14:36 net-next 5a08d0065a91 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/10 02:55 net-next 5a08d0065a91 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/06 05:16 net-next fb70136ded2e f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/04 18:46 bpf-next 5bd90cdc65ef f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce kernel BUG in prog_array_map_poke_run
2023/12/03 17:02 net-next 8470e4368b0f f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/23 14:56 net-next 7490a42020bb fc59b78e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/21 23:39 net-next 335662889f5a cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/16 13:51 bpf-next 5fa201f37c2e cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce kernel BUG in prog_array_map_poke_run
2023/11/11 10:31 net-next 89cdf9d55601 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce kernel BUG in prog_array_map_poke_run
* Struck through repros no longer work on HEAD.