| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2025/12/05 | linux-5.15.y (ToT) | cc5ec8769306 | C | [report] inconsistent lock state in trie_delete_elem |
| 2025/12/05 | upstream (ToT) | 7203ca412fc8 | C | Didn't crash |
syzbot |
sign-in | mailing list | source | docs |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2025/12/05 | linux-5.15.y (ToT) | cc5ec8769306 | C | [report] inconsistent lock state in trie_delete_elem |
| 2025/12/05 | upstream (ToT) | 7203ca412fc8 | C | Didn't crash |
================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {INITIAL USE} -> {IN-NMI} usage.
syz.0.17/4308 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff88801eb3e238 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467
{INITIAL USE} state was registered at:
lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467
bpf_prog_2c29ac5cdc6b1842+0x3a/0x97c
bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
bpf_overflow_handler+0x1c4/0x4c0 kernel/events/core.c:10297
__perf_event_overflow+0x364/0x530 kernel/events/core.c:9515
perf_swevent_overflow kernel/events/core.c:9591 [inline]
perf_swevent_event+0x4ad/0x530 kernel/events/core.c:9629
perf_bp_event+0x224/0x290 kernel/events/core.c:10484
hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:555 [inline]
hw_breakpoint_exceptions_notify+0x152/0x470 arch/x86/kernel/hw_breakpoint.c:586
notifier_call_chain kernel/notifier.c:83 [inline]
atomic_notifier_call_chain+0x15d/0x280 kernel/notifier.c:198
notify_die+0x12d/0x180 kernel/notifier.c:529
notify_debug+0x20/0x30 arch/x86/kernel/traps.c:872
exc_debug_user arch/x86/kernel/traps.c:998 [inline]
noist_exc_debug+0x73/0x120 arch/x86/kernel/traps.c:1035
asm_exc_debug+0x2f/0x40 arch/x86/include/asm/idtentry.h:642
irq event stamp: 2470
hardirqs last enabled at (2469): [<ffffffff89a1c366>] exc_debug_kernel arch/x86/kernel/traps.c:947 [inline]
hardirqs last enabled at (2469): [<ffffffff89a1c366>] exc_debug+0xe6/0x130 arch/x86/kernel/traps.c:1029
hardirqs last disabled at (2470): [<ffffffff89a1c2ee>] exc_debug_kernel arch/x86/kernel/traps.c:893 [inline]
hardirqs last disabled at (2470): [<ffffffff89a1c2ee>] exc_debug+0x6e/0x130 arch/x86/kernel/traps.c:1029
softirqs last enabled at (2268): [<ffffffff81856560>] bpf_prog_load+0x1150/0x1550 kernel/bpf/syscall.c:2380
softirqs last disabled at (2266): [<ffffffff8183c969>] spin_lock_bh include/linux/spinlock.h:369 [inline]
softirqs last disabled at (2266): [<ffffffff8183c969>] bpf_ksym_add+0x29/0x340 kernel/bpf/core.c:633
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&trie->lock);
<Interrupt>
lock(&trie->lock);
*** DEADLOCK ***
no locks held by syz.0.17/4308.
stack backtrace:
CPU: 0 PID: 4308 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
<#DB>
dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
lock_acquire+0x2b2/0x3f0 kernel/locking/lockdep.c:5614
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
trie_delete_elem+0x90/0x710 kernel/bpf/lpm_trie.c:467
bpf_prog_2c29ac5cdc6b1842+0x3a/0x97c
bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline]
__bpf_prog_run include/linux/filter.h:628 [inline]
bpf_prog_run include/linux/filter.h:635 [inline]
bpf_overflow_handler+0x1c4/0x4c0 kernel/events/core.c:10297
__perf_event_overflow+0x364/0x530 kernel/events/core.c:9515
perf_swevent_overflow kernel/events/core.c:9591 [inline]
perf_swevent_event+0x4ad/0x530 kernel/events/core.c:9629
perf_bp_event+0x224/0x290 kernel/events/core.c:10484
hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:555 [inline]
hw_breakpoint_exceptions_notify+0x152/0x470 arch/x86/kernel/hw_breakpoint.c:586
notifier_call_chain kernel/notifier.c:83 [inline]
atomic_notifier_call_chain+0x15d/0x280 kernel/notifier.c:198
notify_die+0x12d/0x180 kernel/notifier.c:529
notify_debug+0x20/0x30 arch/x86/kernel/traps.c:872
exc_debug_kernel arch/x86/kernel/traps.c:929 [inline]
exc_debug+0xcf/0x130 arch/x86/kernel/traps.c:1029
asm_exc_debug+0x1a/0x40 arch/x86/include/asm/idtentry.h:642
RIP: 0010:copy_user_generic_unrolled+0xa0/0xc0 arch/x86/lib/copy_user_64.S:101
Code: 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a 06 <88> 07 48 ff c6 48 ff c7 ff c9 75 f2 31 c0 0f 01 ca c3 90 90 90 90
RSP: 0018:ffffc9000313fd08 EFLAGS: 00040206
RAX: ffffffff83dae000 RBX: 0000000000000004 RCX: 0000000000000003
RDX: 0000000000000004 RSI: 0000200000000301 RDI: ffff888141da7691
RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed10283b4ed2 R11: 1ffff110283b4ed2 R12: 00007ffffffff000
R13: 0000200000000304 R14: ffff888141da7690 R15: 0000200000000300
</#DB>
<TASK>
copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
raw_copy_from_user arch/x86/include/asm/uaccess_64.h:52 [inline]
_copy_from_user+0xfa/0x170 lib/usercopy.c:23
copy_from_user include/linux/uaccess.h:192 [inline]
copy_from_bpfptr_offset include/linux/bpfptr.h:52 [inline]
copy_from_bpfptr include/linux/bpfptr.h:58 [inline]
kvmemdup_bpfptr include/linux/bpfptr.h:73 [inline]
___bpf_copy_key kernel/bpf/syscall.c:1069 [inline]
map_update_elem+0x3c3/0x770 kernel/bpf/syscall.c:1177
__sys_bpf+0x3fb/0x670 kernel/bpf/syscall.c:4645
__do_sys_bpf kernel/bpf/syscall.c:4761 [inline]
__se_sys_bpf kernel/bpf/syscall.c:4759 [inline]
__x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:4759
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fae5a3f6749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc52da6718 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fae5a64cfa0 RCX: 00007fae5a3f6749
RDX: 0000000000000020 RSI: 0000200000004080 RDI: 0000000000000002
RBP: 00007fae5a47af91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fae5a64cfa0 R14: 00007fae5a64cfa0 R15: 0000000000000003
</TASK>
----------------
Code disassembly (best guess):
0: 7f 40 jg 0x42
2: ff c9 dec %ecx
4: 75 b6 jne 0xffffffbc
6: 89 d1 mov %edx,%ecx
8: 83 e2 07 and $0x7,%edx
b: c1 e9 03 shr $0x3,%ecx
e: 74 12 je 0x22
10: 4c 8b 06 mov (%rsi),%r8
13: 4c 89 07 mov %r8,(%rdi)
16: 48 8d 76 08 lea 0x8(%rsi),%rsi
1a: 48 8d 7f 08 lea 0x8(%rdi),%rdi
1e: ff c9 dec %ecx
20: 75 ee jne 0x10
22: 21 d2 and %edx,%edx
24: 74 10 je 0x36
26: 89 d1 mov %edx,%ecx
28: 8a 06 mov (%rsi),%al
* 2a: 88 07 mov %al,(%rdi) <-- trapping instruction
2c: 48 ff c6 inc %rsi
2f: 48 ff c7 inc %rdi
32: ff c9 dec %ecx
34: 75 f2 jne 0x28
36: 31 c0 xor %eax,%eax
38: 0f 01 ca clac
3b: c3 ret
3c: 90 nop
3d: 90 nop
3e: 90 nop
3f: 90 nop
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/01/16 16:01 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | |
| 2025/12/04 19:07 | linux-5.15.y | cc5ec8769306 | d6526ea3 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | |
| 2025/12/04 17:54 | linux-5.15.y | cc5ec8769306 | d6526ea3 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | |
| 2026/01/15 14:20 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/15 07:34 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/14 17:24 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/13 21:50 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/13 04:50 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/09 18:41 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/07 19:44 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/06 04:22 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/04 19:13 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2026/01/03 08:07 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2025/12/31 11:10 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2025/12/27 14:19 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2025/12/15 04:31 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem | ||
| 2025/12/11 17:04 | linux-5.15.y | 68efe5a6c16a | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-perf | inconsistent lock state in trie_delete_elem |