syzbot


kernel BUG in __text_poke

Status: upstream: reported C repro on 2022/02/14 10:44
Reported-by: syzbot+87f65c75f4a72db05445@syzkaller.appspotmail.com
Fix commit: 1d5f82d9dd47 bpf, x86: fix freeing of not-finalized bpf_prog_pack d24d2a2b0a81 bpf: bpf_prog_pack: Set proper size before freeing ro_header
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64 ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386]
First crash: 352d, last: 172d

Sample crash report:
------------[ cut here ]------------
kernel BUG at arch/x86/kernel/alternative.c:1112!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3597 Comm: syz-executor148 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:__text_poke+0x4f5/0x8e0 arch/x86/kernel/alternative.c:1112
Code: c3 0f 86 7f fc ff ff 49 8d bc 24 00 10 00 00 e8 b1 d3 8d 00 48 89 44 24 30 48 83 7c 24 30 00 74 09 48 85 db 0f 85 6e fc ff ff <0f> 0b 48 b8 00 f0 ff ff ff ff 0f 00 49 21 c0 48 85 db 0f 85 81 00
RSP: 0018:ffffc90002f3f548 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888024ad3b00 RSI: ffffffff81b9f4b3 RDI: 0000000000000005
RBP: 0000000000000004 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffffa0401800
R13: 0000000000000004 R14: 0000000000000804 R15: 0000000000002000
FS:  00005555574eb300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000cf3d CR3: 00000000763ad000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 text_poke_copy+0x6d/0xa0 arch/x86/kernel/alternative.c:1257
 bpf_arch_text_copy+0x21/0x40 arch/x86/net/bpf_jit_comp.c:2505
 bpf_jit_binary_pack_alloc+0x8fd/0x990 kernel/bpf/core.c:1120
 bpf_int_jit_compile+0x53a/0x13e0 arch/x86/net/bpf_jit_comp.c:2436
 jit_subprogs kernel/bpf/verifier.c:13562 [inline]
 fixup_call_args kernel/bpf/verifier.c:13693 [inline]
 bpf_check+0x69c6/0xb680 kernel/bpf/verifier.c:15044
 bpf_prog_load+0xfb2/0x2250 kernel/bpf/syscall.c:2575
 __sys_bpf+0x11a1/0x5700 kernel/bpf/syscall.c:4917
 __do_sys_bpf kernel/bpf/syscall.c:5021 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5019 [inline]
 __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:5019
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7005ce7209
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc6a87b798 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7005ce7209
RDX: 0000000000000070 RSI: 0000000020000440 RDI: 0000000000000005
RBP: 00007ffc6a87b7b0 R08: 0000000000000002 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__text_poke+0x4f5/0x8e0 arch/x86/kernel/alternative.c:1112
Code: c3 0f 86 7f fc ff ff 49 8d bc 24 00 10 00 00 e8 b1 d3 8d 00 48 89 44 24 30 48 83 7c 24 30 00 74 09 48 85 db 0f 85 6e fc ff ff <0f> 0b 48 b8 00 f0 ff ff ff ff 0f 00 49 21 c0 48 85 db 0f 85 81 00
RSP: 0018:ffffc90002f3f548 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888024ad3b00 RSI: ffffffff81b9f4b3 RDI: 0000000000000005
RBP: 0000000000000004 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffffa0401800
R13: 0000000000000004 R14: 0000000000000804 R15: 0000000000002000
FS:  00005555574eb300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000cf3d CR3: 00000000763ad000 CR4: 0000000000350ef0

Crashes (80):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-root 2022/08/05 01:43 upstream 200e340f2196 1c9013ac .config console log report syz C kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/07/03 08:16 bpf d28b25a62a47 1434eec0 .config strace log report syz C kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/08/08 13:02 bpf 9fe2e6f39606 88e3a122 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/08/07 20:32 bpf 9fe2e6f39606 88e3a122 .config console log report info kernel BUG in __text_poke
ci-upstream-net-this-kasan-gce 2022/07/27 13:14 net b5177ed92bf6 da9d0366 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/07/19 08:35 bpf f946964a9f79 ff988920 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/07/03 07:37 bpf d28b25a62a47 1434eec0 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/30 10:20 bpf 512d1999b8e9 1434eec0 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/29 04:37 bpf 32df6fe110c4 496a8536 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/13 23:04 bpf 825464e79db4 0d5abf15 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/08 22:23 bpf d678cbd2f867 b2706118 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/05 20:09 bpf d08af2c46881 c8857892 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/06/02 08:13 bpf e0491b11c131 b4bc6a3d .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/31 09:29 bpf 90343f573252 af70c3a9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/31 01:51 bpf 90343f573252 af70c3a9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/30 14:40 bpf 90343f573252 a46af346 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/26 05:01 bpf 7e062cda7d90 3037caa9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/21 02:15 bpf f3f19f939c11 bd37ad7e .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/18 21:06 bpf f3f19f939c11 50c53f39 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/16 03:59 bpf f3f19f939c11 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/15 20:12 bpf f3f19f939c11 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/05/11 13:57 bpf a0df71948e95 8d7b3b67 .config console log report info kernel BUG in __text_poke
ci-upstream-net-this-kasan-gce 2022/04/30 01:17 net 4f159a7c4d1b 44a5ca63 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/04/28 20:18 bpf a0df71948e95 e9076525 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-kasan-gce 2022/04/16 07:03 bpf 425d239379db 8bcc32a6 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/07/14 07:23 net-next 6a605eb1d71e 5d921b08 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/07/12 06:19 bpf-next 9974d37ea75f da3d6955 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/07/08 20:23 net-next 9d542f7bf197 b5765a15 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/07/05 07:59 net-next 874bdbfe624e bff65f44 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/07/05 01:03 bpf-next b0d93b44641a bff65f44 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/07/04 12:17 bpf-next b0d93b44641a 1434eec0 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/07/04 07:12 bpf-next b0d93b44641a 1434eec0 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/07/02 19:14 bpf-next b0d93b44641a 1434eec0 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/07/01 04:19 bpf-next 6d304871e3ef 1434eec0 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/07/01 02:27 bpf-next 6d304871e3ef 1434eec0 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/26 12:52 bpf-next fd75733da2f3 a371c43c .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/23 22:08 net-next 85763435d5b5 912f5df7 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/23 20:57 net-next 85763435d5b5 912f5df7 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/23 06:56 bpf-next 772251742262 912f5df7 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/22 06:04 bpf-next d4609a5d8c70 0fc5c330 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/21 13:13 net-next 4336487e30c3 0fc5c330 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/18 19:26 bpf-next f5be22c64bd6 8f633d84 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/17 19:54 net-next 4875d94c69d5 cb58b3b2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/13 05:47 bpf-next d5e9aeda8161 0d5abf15 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/06 23:53 bpf-next 02f4afebf8a5 c8857892 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/06/06 18:31 net-next 58f9d52ff689 c8857892 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/02 19:53 bpf-next 330eb2a696f2 5783034f .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/06/01 09:21 bpf-next 4c7cbcc9c097 3666edfe .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/31 22:31 bpf-next 4b4b4f94a4f6 af70c3a9 .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/05/31 09:43 net-next 7e062cda7d90 af70c3a9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/31 08:48 bpf-next 1626f57f061c af70c3a9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/29 01:24 bpf-next 7e062cda7d90 a46af346 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/27 15:29 bpf-next 7e062cda7d90 116e7a7b .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/27 03:51 bpf-next 7e062cda7d90 3037caa9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/27 01:04 bpf-next 7e062cda7d90 3037caa9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/26 04:58 bpf-next 7e062cda7d90 3037caa9 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/24 17:45 bpf-next 677fb7525331 fcfad4ff .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/24 04:12 bpf-next 608b638ebf36 e7f9308d .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/19 10:15 bpf-next 70a1b25326dd 50c53f39 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/19 05:35 bpf-next 70a1b25326dd 50c53f39 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/19 00:07 bpf-next 68084a136420 50c53f39 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/17 12:28 bpf-next ac6a65868a5a 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/16 05:43 bpf-next 418fbe82578e 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/15 20:13 bpf-next 418fbe82578e 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/15 10:03 bpf-next 418fbe82578e 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/15 09:35 bpf-next 418fbe82578e 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/14 14:14 bpf-next 418fbe82578e 744a39e2 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/14 02:07 bpf-next b2531d4bdce1 107f6434 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/13 00:12 bpf-next a2aa95b71c9b 9ad6612a .config console log report info kernel BUG in __text_poke
ci-upstream-net-kasan-gce 2022/05/11 05:08 net-next 61004d1d4bad 8d7b3b67 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/05/05 12:52 bpf-next 20b87e7c29df 06089fcd .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/04/29 19:08 bpf-next 20b87e7c29df 44a5ca63 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/04/29 11:30 bpf-next a2c70dbc3407 e9076525 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/04/12 01:20 bpf-next 33fc250c3e76 af01ee7d .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/03/14 19:42 bpf-next d3b351f65bf4 9e8eaa75 .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/02/24 03:15 bpf-next e5313968c41b 6e821dbf .config console log report info kernel BUG in __text_poke
ci-upstream-bpf-next-kasan-gce 2022/02/09 04:22 bpf-next f95f768f0af4 0b33604d .config console log report info kernel BUG in __text_poke
ci-upstream-linux-next-kasan-gce-root 2022/07/01 13:51 linux-next cb71b93c2dc3 1434eec0 .config console log report info kernel BUG in __text_poke
* Struck through repros no longer work on HEAD.