syzbot


kernel BUG in __text_poke

Status: upstream: reported on 2022/02/14 10:44
Reported-by: syzbot+87f65c75f4a72db05445@syzkaller.appspotmail.com
Fix commit: d24d2a2b0a81 bpf: bpf_prog_pack: Set proper size before freeing ro_header
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 140d, last: 2h36m

Sample crash report:
------------[ cut here ]------------
kernel BUG at arch/x86/kernel/alternative.c:1041!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 14195 Comm: syz-executor.2 Not tainted 5.19.0-rc2-syzkaller-00123-g32df6fe110c4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__text_poke+0x348/0x8e0 arch/x86/kernel/alternative.c:1041
Code: c3 0f 86 2c fe ff ff 49 8d bc 24 00 10 00 00 e8 de 7b 8d 00 48 89 44 24 30 48 85 db 74 0c 48 83 7c 24 30 00 0f 85 1b fe ff ff <0f> 0b 48 b8 00 f0 ff ff ff ff 0f 00 49 21 c0 48 85 db 0f 85 bf 02
RSP: 0018:ffffc90002f7f5e8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888024a29d80 RSI: ffffffff81b99803 RDI: 0000000000000005
RBP: 0000000000000040 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffffa0008fc0
R13: 0000000000000040 R14: 0000000000001000 R15: 0000000000002000
FS:  00007f0d35307700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0bb8de3fc0 CR3: 0000000073482000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 text_poke_copy+0x6d/0xa0 arch/x86/kernel/alternative.c:1186
 bpf_arch_text_copy+0x21/0x40 arch/x86/net/bpf_jit_comp.c:2491
 bpf_jit_binary_pack_finalize+0x44/0x110 kernel/bpf/core.c:1145
 bpf_int_jit_compile+0xa74/0x13e0 arch/x86/net/bpf_jit_comp.c:2447
 jit_subprogs kernel/bpf/verifier.c:13624 [inline]
 fixup_call_args kernel/bpf/verifier.c:13712 [inline]
 bpf_check+0x90a5/0xbbc0 kernel/bpf/verifier.c:15063
 bpf_prog_load+0xfb2/0x2250 kernel/bpf/syscall.c:2575
 __sys_bpf+0x11a1/0x5700 kernel/bpf/syscall.c:4917
 __do_sys_bpf kernel/bpf/syscall.c:5021 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5019 [inline]
 __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:5019
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f0d34289109
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0d35307168 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0d3439c030 RCX: 00007f0d34289109
RDX: 0000000000000070 RSI: 0000000020000440 RDI: 0000000000000005
RBP: 00007f0d342e305d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcb16c007f R14: 00007f0d35307300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__text_poke+0x348/0x8e0 arch/x86/kernel/alternative.c:1041
Code: c3 0f 86 2c fe ff ff 49 8d bc 24 00 10 00 00 e8 de 7b 8d 00 48 89 44 24 30 48 85 db 74 0c 48 83 7c 24 30 00 0f 85 1b fe ff ff <0f> 0b 48 b8 00 f0 ff ff ff ff 0f 00 49 21 c0 48 85 db 0f 85 bf 02
RSP: 0018:ffffc90002f7f5e8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888024a29d80 RSI: ffffffff81b99803 RDI: 0000000000000005
RBP: 0000000000000040 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffffa0008fc0
R13: 0000000000000040 R14: 0000000000001000 R15: 0000000000002000
FS:  00007f0d35307700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2ea9ddd718 CR3: 0000000073482000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (60):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-bpf-kasan-gce 2022/06/29 04:37 bpf 32df6fe110c4 496a8536 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/13 23:04 bpf 825464e79db4 0d5abf15 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/08 22:23 bpf d678cbd2f867 b2706118 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/05 20:09 bpf d08af2c46881 c8857892 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/02 08:13 bpf e0491b11c131 b4bc6a3d .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/31 09:29 bpf 90343f573252 af70c3a9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/31 01:51 bpf 90343f573252 af70c3a9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/30 14:40 bpf 90343f573252 a46af346 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/26 05:01 bpf 7e062cda7d90 3037caa9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/21 02:15 bpf f3f19f939c11 bd37ad7e .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/18 21:06 bpf f3f19f939c11 50c53f39 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/16 03:59 bpf f3f19f939c11 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/15 20:12 bpf f3f19f939c11 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/11 13:57 bpf a0df71948e95 8d7b3b67 .config log report info kernel BUG in __text_poke
ci-upstream-net-this-kasan-gce 2022/04/30 01:17 net 4f159a7c4d1b 44a5ca63 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/04/28 20:18 bpf a0df71948e95 e9076525 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/04/16 07:03 bpf 425d239379db 8bcc32a6 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/26 12:52 bpf-next fd75733da2f3 a371c43c .config log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/23 22:08 net-next 85763435d5b5 912f5df7 .config log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/23 20:57 net-next 85763435d5b5 912f5df7 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/23 06:56 bpf-next 772251742262 912f5df7 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/22 06:04 bpf-next d4609a5d8c70 0fc5c330 .config log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/21 13:13 net-next 4336487e30c3 0fc5c330 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/18 19:26 bpf-next f5be22c64bd6 8f633d84 .config log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/17 19:54 net-next 4875d94c69d5 cb58b3b2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/13 05:47 bpf-next d5e9aeda8161 0d5abf15 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/06 23:53 bpf-next 02f4afebf8a5 c8857892 .config log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/06 18:31 net-next 58f9d52ff689 c8857892 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/02 19:53 bpf-next 330eb2a696f2 5783034f .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/01 09:21 bpf-next 4c7cbcc9c097 3666edfe .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/31 22:31 bpf-next 4b4b4f94a4f6 af70c3a9 .config log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/05/31 09:43 net-next 7e062cda7d90 af70c3a9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/31 08:48 bpf-next 1626f57f061c af70c3a9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/29 01:24 bpf-next 7e062cda7d90 a46af346 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/27 15:29 bpf-next 7e062cda7d90 116e7a7b .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/27 03:51 bpf-next 7e062cda7d90 3037caa9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/27 01:04 bpf-next 7e062cda7d90 3037caa9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/26 04:58 bpf-next 7e062cda7d90 3037caa9 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/24 17:45 bpf-next 677fb7525331 fcfad4ff .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/24 04:12 bpf-next 608b638ebf36 e7f9308d .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/19 10:15 bpf-next 70a1b25326dd 50c53f39 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/19 05:35 bpf-next 70a1b25326dd 50c53f39 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/19 00:07 bpf-next 68084a136420 50c53f39 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/17 12:28 bpf-next ac6a65868a5a 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/16 05:43 bpf-next 418fbe82578e 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/15 20:13 bpf-next 418fbe82578e 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/15 10:03 bpf-next 418fbe82578e 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/15 09:35 bpf-next 418fbe82578e 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/14 14:14 bpf-next 418fbe82578e 744a39e2 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/14 02:07 bpf-next b2531d4bdce1 107f6434 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/13 00:12 bpf-next a2aa95b71c9b 9ad6612a .config log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/05/11 05:08 net-next 61004d1d4bad 8d7b3b67 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/05 12:52 bpf-next 20b87e7c29df 06089fcd .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/04/29 19:08 bpf-next 20b87e7c29df 44a5ca63 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/04/29 11:30 bpf-next a2c70dbc3407 e9076525 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/04/12 01:20 bpf-next 33fc250c3e76 af01ee7d .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/03/14 19:42 bpf-next d3b351f65bf4 9e8eaa75 .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/02/24 03:15 bpf-next e5313968c41b 6e821dbf .config log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/02/09 04:22 bpf-next f95f768f0af4 0b33604d .config log report info kernel BUG in __text_poke