[syzbot] [bpf?] WARNING in bpf_check (5)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+27689b73d9cffb8c6bca@syzkaller.appspotmail.com>
To: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org,
	 daniel@iogearbox.net, eddyz87@gmail.com, haoluo@google.com,
	 john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org,
	 linux-kernel@vger.kernel.org, martin.lau@linux.dev,
	sdf@fomichev.me,  song@kernel.org,
	syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev
Subject: [syzbot] [bpf?] WARNING in bpf_check (5)
Date: Thu, 04 Sep 2025 17:35:31 -0700	[thread overview]
Message-ID: <68ba3053.a00a0220.eb3d.000d.GAE@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    8f5ae30d69d7 Linux 6.17-rc1
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10dc087c580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8c5ac3d8b8abfcb
dashboard link: https://syzkaller.appspot.com/bug?extid=27689b73d9cffb8c6bca
compiler:       Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
userspace arch: arm64
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16342134580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10e75a42580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/18a2e4bd0c4a/disk-8f5ae30d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b5395881b25/vmlinux-8f5ae30d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e875f4e3b7ff/Image-8f5ae30d.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+27689b73d9cffb8c6bca@syzkaller.appspotmail.com

------------[ cut here ]------------
verifier bug: not inlined functions bpf_perf_event_read#22 is missing func(1)
WARNING: CPU: 1 PID: 6725 at kernel/bpf/verifier.c:22840 do_misc_fixups kernel/bpf/verifier.c:22838 [inline]
WARNING: CPU: 1 PID: 6725 at kernel/bpf/verifier.c:22840 bpf_check+0x1559c/0x15d8c kernel/bpf/verifier.c:24742
Modules linked in:
CPU: 1 UID: 0 PID: 6725 Comm: syz.0.17 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : do_misc_fixups kernel/bpf/verifier.c:22838 [inline]
pc : bpf_check+0x1559c/0x15d8c kernel/bpf/verifier.c:24742
lr : do_misc_fixups kernel/bpf/verifier.c:22838 [inline]
lr : bpf_check+0x1559c/0x15d8c kernel/bpf/verifier.c:24742
sp : ffff8000a7e87480
x29: ffff8000a7e87980 x28: dfff800000000000 x27: 0000000000000006
x26: 1ffff00012f83c13 x25: ffff800097c1e09c x24: ffff0000c8050008
x23: ffff800097c1e098 x22: ffff80008b142d60 x21: ffff800092df4000
x20: ffff800097c1e09c x19: 1ffff00012f83c13 x18: 1fffe000337a0688
x17: ffff80008f7be000 x16: ffff80008b007230 x15: 0000000000000001
x14: 1fffe000337a3108 x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000337a3109 x10: 0000000000000003 x9 : 962cacbf6519a100
x8 : 962cacbf6519a100 x7 : ffff800080491074 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010
x2 : ffff8000a7e87040 x1 : ffff80008b6577c0 x0 : 0000000000000001
Call trace:
 do_misc_fixups kernel/bpf/verifier.c:22838 [inline] (P)
 bpf_check+0x1559c/0x15d8c kernel/bpf/verifier.c:24742 (P)
 bpf_prog_load+0xec8/0x13fc kernel/bpf/syscall.c:2979
 __sys_bpf+0x450/0x628 kernel/bpf/syscall.c:6029
 __do_sys_bpf kernel/bpf/syscall.c:6139 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6137 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:6137
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 1566
hardirqs last  enabled at (1565): [<ffff800080491108>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1531 [inline]
hardirqs last  enabled at (1565): [<ffff800080491108>] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5105
hardirqs last disabled at (1566): [<ffff80008b001bfc>] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574
softirqs last  enabled at (1274): [<ffff80008080b8c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (1274): [<ffff80008080b8c4>] bpf_map_alloc_id+0x98/0x1a8 kernel/bpf/syscall.c:451
softirqs last disabled at (1270): [<ffff80008080b864>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (1270): [<ffff80008080b864>] bpf_map_alloc_id+0x38/0x1a8 kernel/bpf/syscall.c:447
---[ end trace 0000000000000000 ]---


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

next             reply	other threads:[~2025-09-05  0:35 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-05  0:35 syzbot [this message]
2025-09-05  9:40 ` [syzbot] [bpf?] WARNING in bpf_check (5) Paul Chaignon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=68ba3053.a00a0220.eb3d.000d.GAE@google.com \
    --to=syzbot+27689b73d9cffb8c6bca@syzkaller.appspotmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=sdf@fomichev.me \
    --cc=song@kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.