From: syzbot ci <syzbot+ci51bd138098766aea@syzkaller.appspotmail.com>
To: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org,
chen.dylane@linux.dev, daniel@iogearbox.net, eddyz87@gmail.com,
haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org,
kpsingh@kernel.org, linux-kernel@vger.kernel.org,
martin.lau@linux.dev, sdf@fomichev.me, song@kernel.org,
yonghong.song@linux.dev
Cc: syzbot@lists.linux.dev, syzkaller-bugs@googlegroups.com
Subject: [syzbot ci] Re: bpf: Add preempt disable for bpf_get_stack
Date: Fri, 06 Feb 2026 06:19:58 -0800 [thread overview]
Message-ID: <6985f88e.a00a0220.37c87e.0037.GAE@google.com> (raw)
In-Reply-To: <20260206090653.1336687-1-chen.dylane@linux.dev>
syzbot ci has tested the following series
[v2] bpf: Add preempt disable for bpf_get_stack
https://lore.kernel.org/all/20260206090653.1336687-1-chen.dylane@linux.dev
* [PATCH bpf-next v2 1/2] bpf: Add preempt disable for bpf_get_stack
* [PATCH bpf-next v2 2/2] bpf: Add preempt disable for bpf_get_stackid
and found the following issue:
WARNING in preempt_count_sub
Full report is available here:
https://ci.syzbot.org/series/90d08df2-d19d-404f-b9dd-c201605b83a2
***
WARNING in preempt_count_sub
tree: bpf-next
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf-next.git
base: 1ace9bac1ad2bc6a0a70baaa16d22b7e783e88c5
arch: amd64
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
config: https://ci.syzbot.org/builds/64881591-241a-4854-9beb-1f691566835c/config
C repro: https://ci.syzbot.org/findings/98f347c8-b879-4c85-829b-a20ef900e645/c_repro
syz repro: https://ci.syzbot.org/findings/98f347c8-b879-4c85-829b-a20ef900e645/syz_repro
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(val > preempt_count())
WARNING: kernel/sched/core.c:5751 at preempt_count_sub+0x9e/0x170 kernel/sched/core.c:5751, CPU#0: syz.0.17/5991
Modules linked in:
CPU: 0 UID: 0 PID: 5991 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:preempt_count_sub+0xa5/0x170 kernel/sched/core.c:5751
Code: 05 cf 8f 48 c1 e8 03 0f b6 04 18 84 c0 0f 85 88 00 00 00 83 3d ef 21 3d 0e 00 75 13 48 8d 3d b2 f3 3f 0e 48 c7 c6 a0 fe 8b 8b <67> 48 0f b9 3a 90 eb b8 90 e8 5d ab 03 03 85 c0 74 2f 48 c7 c0 a4
RSP: 0018:ffffc90004437bc8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffff8881746f8000
RDX: 0000000000000000 RSI: ffffffff8b8bfea0 RDI: ffffffff8fd1d770
RBP: ffffc90004437cd0 R08: ffffffff8fcf05a3 R09: 1ffffffff1f9e0b4
R10: dffffc0000000000 R11: fffffbfff1f9e0b5 R12: dffffc0000000000
R13: 1ffff92000886f84 R14: 0000000000000000 R15: 0000000000000000
FS: 000055557d481500(0000) GS:ffff88818e328000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1f89c706c0 CR3: 00000001742f0000 CR4: 00000000000006f0
Call Trace:
<TASK>
bpf_prog_test_run_raw_tp+0x4b9/0x6c0 net/bpf/test_run.c:794
bpf_prog_test_run+0x2c7/0x340 kernel/bpf/syscall.c:4721
__sys_bpf+0x643/0x950 kernel/bpf/syscall.c:6246
__do_sys_bpf kernel/bpf/syscall.c:6341 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6339 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6339
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1f89d9acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff9e3fd488 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1f8a015fa0 RCX: 00007f1f89d9acb9
RDX: 000000000000000c RSI: 0000200000000500 RDI: 000000000000000a
RBP: 00007f1f89e08bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1f8a015fac R14: 00007f1f8a015fa0 R15: 00007f1f8a015fa0
</TASK>
----------------
Code disassembly (best guess):
0: 05 cf 8f 48 c1 add $0xc1488fcf,%eax
5: e8 03 0f b6 04 call 0x4b60f0d
a: 18 84 c0 0f 85 88 00 sbb %al,0x88850f(%rax,%rax,8)
11: 00 00 add %al,(%rax)
13: 83 3d ef 21 3d 0e 00 cmpl $0x0,0xe3d21ef(%rip) # 0xe3d2209
1a: 75 13 jne 0x2f
1c: 48 8d 3d b2 f3 3f 0e lea 0xe3ff3b2(%rip),%rdi # 0xe3ff3d5
23: 48 c7 c6 a0 fe 8b 8b mov $0xffffffff8b8bfea0,%rsi
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: 90 nop
30: eb b8 jmp 0xffffffea
32: 90 nop
33: e8 5d ab 03 03 call 0x303ab95
38: 85 c0 test %eax,%eax
3a: 74 2f je 0x6b
3c: 48 rex.W
3d: c7 .byte 0xc7
3e: c0 .byte 0xc0
3f: a4 movsb %ds:(%rsi),%es:(%rdi)
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syzbot@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzkaller@googlegroups.com.
next prev parent reply other threads:[~2026-02-06 14:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 9:06 [PATCH bpf-next v2 1/2] bpf: Add preempt disable for bpf_get_stack Tao Chen
2026-02-06 9:06 ` [PATCH bpf-next v2 2/2] bpf: Add preempt disable for bpf_get_stackid Tao Chen
2026-02-06 9:34 ` bot+bpf-ci
2026-02-06 9:58 ` Tao Chen
2026-02-06 17:20 ` Andrii Nakryiko
2026-02-11 7:18 ` Tao Chen
2026-02-06 14:19 ` syzbot ci [this message]
2026-02-06 17:12 ` [PATCH bpf-next v2 1/2] bpf: Add preempt disable for bpf_get_stack Andrii Nakryiko
2026-02-11 7:10 ` Tao Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6985f88e.a00a0220.37c87e.0037.GAE@google.com \
--to=syzbot+ci51bd138098766aea@syzkaller.appspotmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=chen.dylane@linux.dev \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=syzbot@lists.linux.dev \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.