* [syzbot] [bpf?] inconsistent lock state in bpf_lru_push_free
@ 2025-12-22 19:02 syzbot
2025-12-22 20:11 ` syzbot
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: syzbot @ 2025-12-22 19:02 UTC (permalink / raw)
To: andrii, ast, bpf, daniel, eddyz87, haoluo, john.fastabend, jolsa,
kpsingh, linux-kernel, martin.lau, netdev, sdf, song,
syzkaller-bugs, yonghong.song
Hello,
syzbot found the following issue on:
HEAD commit: f785a31395d9 bpf: arm64: Fix sparse warnings
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1122d392580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4aa52bacc0658d1
dashboard link: https://syzkaller.appspot.com/bug?extid=c69a0a2c816716f1e0d5
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1780f584580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7e044cc52f4d/disk-f785a313.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5af05af9fe6f/vmlinux-f785a313.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e8bd1bb41f24/bzImage-f785a313.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c69a0a2c816716f1e0d5@syzkaller.appspotmail.com
================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {INITIAL USE} -> {IN-NMI} usage.
syz.0.17/5989 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffffe8ffffc2f8d8 (&l->lock#2){....}-{2:2}, at: bpf_lru_push_free+0x13e/0x520 kernel/bpf/bpf_lru_list.c:-1
{INITIAL USE} state was registered at:
lock_acquire+0x117/0x340 kernel/locking/lockdep.c:5868
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162
bpf_percpu_lru_pop_free kernel/bpf/bpf_lru_list.c:407 [inline]
bpf_lru_pop_free+0xcb/0x19b0 kernel/bpf/bpf_lru_list.c:494
prealloc_lru_pop kernel/bpf/hashtab.c:299 [inline]
htab_lru_map_update_elem+0x168/0x8a0 kernel/bpf/hashtab.c:1215
bpf_map_update_value+0x751/0x920 kernel/bpf/syscall.c:294
generic_map_update_batch+0x5a9/0x810 kernel/bpf/syscall.c:2038
bpf_map_do_batch+0x39b/0x630 kernel/bpf/syscall.c:5647
__sys_bpf+0x750/0x8a0 kernel/bpf/syscall.c:-1
__do_sys_bpf kernel/bpf/syscall.c:6320 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6318 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6318
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 19654
hardirqs last enabled at (19653): [<ffffffff8b5b413e>] syscall_enter_from_user_mode include/linux/entry-common.h:108 [inline]
hardirqs last enabled at (19653): [<ffffffff8b5b413e>] do_syscall_64+0xbe/0xf80 arch/x86/entry/syscall_64.c:90
hardirqs last disabled at (19654): [<ffffffff8b5b8058>] exc_debug_kernel+0x68/0x150 arch/x86/kernel/traps.c:1233
softirqs last enabled at (19590): [<ffffffff81d3246b>] bpf_prog_load+0x14fb/0x1a10 kernel/bpf/syscall.c:3118
softirqs last disabled at (19588): [<ffffffff81d0e0bd>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (19588): [<ffffffff81d0e0bd>] bpf_ksym_add+0x2d/0x340 kernel/bpf/core.c:640
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&l->lock#2);
<Interrupt>
lock(&l->lock#2);
*** DEADLOCK ***
no locks held by syz.0.17/5989.
stack backtrace:
CPU: 0 UID: 0 PID: 5989 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
<#DB>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042
lock_acquire+0x1f8/0x340 kernel/locking/lockdep.c:5859
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162
bpf_lru_push_free+0x13e/0x520 kernel/bpf/bpf_lru_list.c:-1
htab_lru_push_free kernel/bpf/hashtab.c:1183 [inline]
htab_lru_map_delete_elem+0x3a3/0x410 kernel/bpf/hashtab.c:1464
bpf_prog_464bc2be3fc7c272+0x43/0x4b
bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
__bpf_prog_run include/linux/filter.h:723 [inline]
bpf_prog_run include/linux/filter.h:730 [inline]
bpf_overflow_handler kernel/events/core.c:10303 [inline]
__perf_event_overflow+0x39c/0xe70 kernel/events/core.c:10402
perf_swevent_overflow kernel/events/core.c:10536 [inline]
perf_swevent_event+0x4f8/0x5e0 kernel/events/core.c:10574
perf_bp_event+0x251/0x300 kernel/events/core.c:11395
hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:556 [inline]
hw_breakpoint_exceptions_notify+0x244/0x680 arch/x86/kernel/hw_breakpoint.c:587
notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
notify_die+0x130/0x180 kernel/notifier.c:588
notify_debug+0x2e/0x50 arch/x86/kernel/traps.c:1208
exc_debug_kernel+0xbe/0x150 arch/x86/kernel/traps.c:1270
asm_exc_debug+0x1e/0x40 arch/x86/include/asm/idtentry.h:654
RIP: 0010:rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:74
Code: 48 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 8f 48 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
RSP: 0018:ffffc90003697cf8 EFLAGS: 00050202
RAX: 00007ffffffff001 RBX: 0000000000000050 RCX: 000000000000000f
RDX: 0000000000000001 RSI: 0000200000000301 RDI: ffffc90003697da1
RBP: ffffc90003697ea8 R08: ffffc90003697daf R09: 1ffff920006d2fb5
R10: dffffc0000000000 R11: fffff520006d2fb6 R12: ffffc90003697d60
R13: 0000000000000050 R14: ffffc90003697d60 R15: 00002000000002c0
</#DB>
<TASK>
copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
raw_copy_from_user arch/x86/include/asm/uaccess_64.h:141 [inline]
_inline_copy_from_user include/linux/uaccess.h:185 [inline]
_copy_from_user+0x7a/0xb0 lib/usercopy.c:18
copy_from_user include/linux/uaccess.h:223 [inline]
copy_from_bpfptr_offset include/linux/bpfptr.h:53 [inline]
copy_from_bpfptr include/linux/bpfptr.h:59 [inline]
__sys_bpf+0x1f2/0x8a0 kernel/bpf/syscall.c:6180
__do_sys_bpf kernel/bpf/syscall.c:6320 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6318 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6318
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efcc198f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007efcc2754038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007efcc1be5fa0 RCX: 00007efcc198f749
RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
RBP: 00007efcc1a13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007efcc1be6038 R14: 00007efcc1be5fa0 R15: 00007ffd9db831a8
</TASK>
----------------
Code disassembly (best guess):
0: 48 04 00 rex.W add $0x0,%al
3: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
a: 00 00 00
d: 0f 1f 00 nopl (%rax)
10: 48 8b 06 mov (%rsi),%rax
13: 48 89 07 mov %rax,(%rdi)
16: 48 83 c6 08 add $0x8,%rsi
1a: 48 83 c7 08 add $0x8,%rdi
1e: 83 e9 08 sub $0x8,%ecx
21: 74 db je 0xfffffffe
23: 83 f9 08 cmp $0x8,%ecx
26: 73 e8 jae 0x10
28: eb c5 jmp 0xffffffef
* 2a: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
2c: e9 8f 48 04 00 jmp 0x448c0
31: 48 8b 06 mov (%rsi),%rax
34: 48 89 07 mov %rax,(%rdi)
37: 48 8d 47 08 lea 0x8(%rdi),%rax
3b: 48 83 e0 f8 and $0xfffffffffffffff8,%rax
3f: 48 rex.W
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [bpf?] inconsistent lock state in bpf_lru_push_free
2025-12-22 19:02 [syzbot] [bpf?] inconsistent lock state in bpf_lru_push_free syzbot
@ 2025-12-22 20:11 ` syzbot
2026-03-15 15:52 ` Forwarded: test: bpf lru nmi deadlock fix syzbot
2026-05-19 7:04 ` Forwarded: Re: [PATCH RFC v2] bpf: lru: Use resilient spinlocks to prevent NMI deadlocks syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2025-12-22 20:11 UTC (permalink / raw)
To: andrii, ast, bpf, daniel, eddyz87, haoluo, john.fastabend, jolsa,
kpsingh, linux-kernel, martin.lau, netdev, sdf, song,
syzkaller-bugs, yonghong.song
syzbot has found a reproducer for the following issue on:
HEAD commit: 22cc16c04b78 riscv, bpf: Fix incorrect usage of BPF_TRAMP_..
git tree: bpf
console output: https://syzkaller.appspot.com/x/log.txt?x=106c3db4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a94030c847137a18
dashboard link: https://syzkaller.appspot.com/bug?extid=c69a0a2c816716f1e0d5
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14b4808a580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=146c3db4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/43a53493cb5f/disk-22cc16c0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9726fb9e1980/vmlinux-22cc16c0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/efd2bc050ab6/bzImage-22cc16c0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c69a0a2c816716f1e0d5@syzkaller.appspotmail.com
================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {INITIAL USE} -> {IN-NMI} usage.
syz.0.140/6455 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffffe8ffffd582d8 (&l->lock#2){....}-{2:2}, at: bpf_lru_push_free+0x13e/0x520 kernel/bpf/bpf_lru_list.c:-1
{INITIAL USE} state was registered at:
lock_acquire+0x117/0x340 kernel/locking/lockdep.c:5868
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162
bpf_percpu_lru_pop_free kernel/bpf/bpf_lru_list.c:407 [inline]
bpf_lru_pop_free+0xcb/0x19b0 kernel/bpf/bpf_lru_list.c:494
prealloc_lru_pop kernel/bpf/hashtab.c:299 [inline]
htab_lru_map_update_elem+0x168/0x8a0 kernel/bpf/hashtab.c:1215
bpf_map_update_value+0x751/0x920 kernel/bpf/syscall.c:294
generic_map_update_batch+0x5a9/0x810 kernel/bpf/syscall.c:2038
bpf_map_do_batch+0x39b/0x630 kernel/bpf/syscall.c:5647
__sys_bpf+0x690/0x860 kernel/bpf/syscall.c:-1
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 19630
hardirqs last enabled at (19629): [<ffffffff8b5b313e>] syscall_enter_from_user_mode include/linux/entry-common.h:108 [inline]
hardirqs last enabled at (19629): [<ffffffff8b5b313e>] do_syscall_64+0xbe/0xf80 arch/x86/entry/syscall_64.c:90
hardirqs last disabled at (19630): [<ffffffff8b5b7058>] exc_debug_kernel+0x68/0x150 arch/x86/kernel/traps.c:1233
softirqs last enabled at (18324): [<ffffffff81858cca>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last enabled at (18324): [<ffffffff81858cca>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last enabled at (18324): [<ffffffff81858cca>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
softirqs last disabled at (18267): [<ffffffff81858cca>] __do_softirq kernel/softirq.c:656 [inline]
softirqs last disabled at (18267): [<ffffffff81858cca>] invoke_softirq kernel/softirq.c:496 [inline]
softirqs last disabled at (18267): [<ffffffff81858cca>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&l->lock#2);
<Interrupt>
lock(&l->lock#2);
*** DEADLOCK ***
no locks held by syz.0.140/6455.
stack backtrace:
CPU: 1 UID: 0 PID: 6455 Comm: syz.0.140 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
<#DB>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_usage_bug+0x28b/0x2e0 kernel/locking/lockdep.c:4042
lock_acquire+0x1f8/0x340 kernel/locking/lockdep.c:5859
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162
bpf_lru_push_free+0x13e/0x520 kernel/bpf/bpf_lru_list.c:-1
htab_lru_push_free kernel/bpf/hashtab.c:1183 [inline]
htab_lru_map_delete_elem+0x3a3/0x410 kernel/bpf/hashtab.c:1464
bpf_prog_464bc2be3fc7c272+0x43/0x4b
bpf_dispatcher_nop_func include/linux/bpf.h:1378 [inline]
__bpf_prog_run include/linux/filter.h:723 [inline]
bpf_prog_run include/linux/filter.h:730 [inline]
bpf_overflow_handler kernel/events/core.c:10303 [inline]
__perf_event_overflow+0x39c/0xe70 kernel/events/core.c:10402
perf_swevent_overflow kernel/events/core.c:10536 [inline]
perf_swevent_event+0x4f8/0x5e0 kernel/events/core.c:10574
perf_bp_event+0x251/0x300 kernel/events/core.c:11395
hw_breakpoint_handler arch/x86/kernel/hw_breakpoint.c:556 [inline]
hw_breakpoint_exceptions_notify+0x244/0x680 arch/x86/kernel/hw_breakpoint.c:587
notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
notify_die+0x130/0x180 kernel/notifier.c:588
notify_debug+0x2e/0x50 arch/x86/kernel/traps.c:1208
exc_debug_kernel+0xbe/0x150 arch/x86/kernel/traps.c:1270
asm_exc_debug+0x1e/0x40 arch/x86/include/asm/idtentry.h:654
RIP: 0010:rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:74
Code: 48 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 8f 48 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
RSP: 0018:ffffc9000b9ffcf8 EFLAGS: 00050202
RAX: 00007ffffffff001 RBX: 0000000000000050 RCX: 000000000000000f
RDX: 0000000000000001 RSI: 0000200000000301 RDI: ffffc9000b9ffda1
RBP: ffffc9000b9ffea8 R08: ffffc9000b9ffdaf R09: 1ffff9200173ffb5
R10: dffffc0000000000 R11: fffff5200173ffb6 R12: 1ffff9200173ffa8
R13: 0000000000000050 R14: ffffc9000b9ffd60 R15: 00002000000002c0
</#DB>
<TASK>
copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
raw_copy_from_user arch/x86/include/asm/uaccess_64.h:141 [inline]
_inline_copy_from_user include/linux/uaccess.h:185 [inline]
_copy_from_user+0x7a/0xb0 lib/usercopy.c:18
copy_from_user include/linux/uaccess.h:223 [inline]
copy_from_bpfptr_offset include/linux/bpfptr.h:53 [inline]
copy_from_bpfptr include/linux/bpfptr.h:59 [inline]
__sys_bpf+0x1e3/0x860 kernel/bpf/syscall.c:6137
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdde098f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdde190d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fdde0be5fa0 RCX: 00007fdde098f749
RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
RBP: 00007fdde0a13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdde0be6038 R14: 00007fdde0be5fa0 R15: 00007ffde82e83d8
</TASK>
----------------
Code disassembly (best guess):
0: 48 04 00 rex.W add $0x0,%al
3: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
a: 00 00 00
d: 0f 1f 00 nopl (%rax)
10: 48 8b 06 mov (%rsi),%rax
13: 48 89 07 mov %rax,(%rdi)
16: 48 83 c6 08 add $0x8,%rsi
1a: 48 83 c7 08 add $0x8,%rdi
1e: 83 e9 08 sub $0x8,%ecx
21: 74 db je 0xfffffffe
23: 83 f9 08 cmp $0x8,%ecx
26: 73 e8 jae 0x10
28: eb c5 jmp 0xffffffef
* 2a: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
2c: e9 8f 48 04 00 jmp 0x448c0
31: 48 8b 06 mov (%rsi),%rax
34: 48 89 07 mov %rax,(%rdi)
37: 48 8d 47 08 lea 0x8(%rdi),%rax
3b: 48 83 e0 f8 and $0xfffffffffffffff8,%rax
3f: 48 rex.W
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Forwarded: test: bpf lru nmi deadlock fix
2025-12-22 19:02 [syzbot] [bpf?] inconsistent lock state in bpf_lru_push_free syzbot
2025-12-22 20:11 ` syzbot
@ 2026-03-15 15:52 ` syzbot
2026-05-19 7:04 ` Forwarded: Re: [PATCH RFC v2] bpf: lru: Use resilient spinlocks to prevent NMI deadlocks syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2026-03-15 15:52 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: test: bpf lru nmi deadlock fix
Author: nooraineqbal@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master
From b1add52f63c8309c3a91bcc294139134ce1c0fa5 Mon Sep 17 00:00:00 2001
From: Noorain Eqbal <nooraineqbal@gmail.com>
Date: Sun, 15 Mar 2026 21:02:42 +0530
Subject: [PATCH] bpf: Fix NMI deadlocks in LRU map operations
LRU maps can deadlock when accessed from NMI context (e.g., when
attached to perf events with hardware breakpoints). The issue occurs
because raw_spin_lock_irqsave() cannot prevent NMI interruption on
the same CPU.
This is the same issue that was fixed for queue and stack maps in
commit a34a9f1a19af ("bpf: Avoid deadlock when using queue and stack
maps from NMI"). The queue/stack map fix was later updated to use
resilient spinlocks which provide built in NMI deadlock detection.
Apply the same fix to LRU maps by replacing raw_spin_lock_irqsave()
with raw_res_spin_lock_irqsave() in all LRU pop/push operations:
- bpf_common_lru_pop_free()
- bpf_percpu_lru_pop_free()
- bpf_common_lru_push_free()
- bpf_percpu_lru_push_free()
The resilient spinlock will return -EDEADLK when it detects a deadlock
scenario (NMI trying to acquire a lock already held), allowing the
operation to fail safely instead of deadlocking.
Reproducer and lockdep splat:
https://syzkaller.appspot.com/bug?id=c4d6f5f7d392471722983a2e85ae391360ca7ae8
Related discussion:
https://lore.kernel.org/bpf/CAPPBnEYO4R+m+SpVc2gNj_x31R6fo1uJvj2bK2YS1P09GWT6kQ@mail.gmail.com/
Fixes: 3a08c2fd7634 ("bpf: LRU List")
Reported-by: syzbot+c69a0a2c816716f1e0d5@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=c69a0a2c816716f1e0d5
Signed-off-by: Noorain Eqbal <nooraineqbal@gmail.com>
---
kernel/bpf/bpf_lru_list.c | 46 +++++++++++++++++++++++----------------
kernel/bpf/bpf_lru_list.h | 5 +++--
2 files changed, 30 insertions(+), 21 deletions(-)
diff --git a/kernel/bpf/bpf_lru_list.c b/kernel/bpf/bpf_lru_list.c
index e7a2fc60523f..0cd1d5c511fa 100644
--- a/kernel/bpf/bpf_lru_list.c
+++ b/kernel/bpf/bpf_lru_list.c
@@ -4,6 +4,7 @@
#include <linux/cpumask.h>
#include <linux/spinlock.h>
#include <linux/percpu.h>
+#include <asm/rqspinlock.h>
#include "bpf_lru_list.h"
@@ -307,9 +308,10 @@ static void bpf_lru_list_push_free(struct bpf_lru_list *l,
if (WARN_ON_ONCE(IS_LOCAL_LIST_TYPE(node->type)))
return;
- raw_spin_lock_irqsave(&l->lock, flags);
+ if (raw_res_spin_lock_irqsave(&l->lock, flags))
+ return;
__bpf_lru_node_move(l, node, BPF_LRU_LIST_T_FREE);
- raw_spin_unlock_irqrestore(&l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&l->lock, flags);
}
static void bpf_lru_list_pop_free_to_local(struct bpf_lru *lru,
@@ -319,7 +321,7 @@ static void bpf_lru_list_pop_free_to_local(struct bpf_lru *lru,
struct bpf_lru_node *node, *tmp_node;
unsigned int nfree = 0;
- raw_spin_lock(&l->lock);
+ raw_res_spin_lock(&l->lock);
__local_list_flush(l, loc_l);
@@ -338,7 +340,7 @@ static void bpf_lru_list_pop_free_to_local(struct bpf_lru *lru,
local_free_list(loc_l),
BPF_LRU_LOCAL_LIST_T_FREE);
- raw_spin_unlock(&l->lock);
+ raw_res_spin_unlock(&l->lock);
}
static void __local_list_add_pending(struct bpf_lru *lru,
@@ -404,7 +406,8 @@ static struct bpf_lru_node *bpf_percpu_lru_pop_free(struct bpf_lru *lru,
l = per_cpu_ptr(lru->percpu_lru, cpu);
- raw_spin_lock_irqsave(&l->lock, flags);
+ if (raw_res_spin_lock_irqsave(&l->lock, flags))
+ return NULL;
__bpf_lru_list_rotate(lru, l);
@@ -420,7 +423,7 @@ static struct bpf_lru_node *bpf_percpu_lru_pop_free(struct bpf_lru *lru,
__bpf_lru_node_move(l, node, BPF_LRU_LIST_T_INACTIVE);
}
- raw_spin_unlock_irqrestore(&l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&l->lock, flags);
return node;
}
@@ -437,7 +440,8 @@ static struct bpf_lru_node *bpf_common_lru_pop_free(struct bpf_lru *lru,
loc_l = per_cpu_ptr(clru->local_list, cpu);
- raw_spin_lock_irqsave(&loc_l->lock, flags);
+ if (raw_res_spin_lock_irqsave(&loc_l->lock, flags))
+ return NULL;
node = __local_list_pop_free(loc_l);
if (!node) {
@@ -448,7 +452,7 @@ static struct bpf_lru_node *bpf_common_lru_pop_free(struct bpf_lru *lru,
if (node)
__local_list_add_pending(lru, loc_l, cpu, node, hash);
- raw_spin_unlock_irqrestore(&loc_l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
if (node)
return node;
@@ -466,13 +470,14 @@ static struct bpf_lru_node *bpf_common_lru_pop_free(struct bpf_lru *lru,
do {
steal_loc_l = per_cpu_ptr(clru->local_list, steal);
- raw_spin_lock_irqsave(&steal_loc_l->lock, flags);
+ if (raw_res_spin_lock_irqsave(&steal_loc_l->lock, flags))
+ return NULL;
node = __local_list_pop_free(steal_loc_l);
if (!node)
node = __local_list_pop_pending(lru, steal_loc_l);
- raw_spin_unlock_irqrestore(&steal_loc_l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&steal_loc_l->lock, flags);
steal = cpumask_next_wrap(steal, cpu_possible_mask);
} while (!node && steal != first_steal);
@@ -480,9 +485,10 @@ static struct bpf_lru_node *bpf_common_lru_pop_free(struct bpf_lru *lru,
loc_l->next_steal = steal;
if (node) {
- raw_spin_lock_irqsave(&loc_l->lock, flags);
+ if (raw_res_spin_lock_irqsave(&loc_l->lock, flags))
+ return NULL;
__local_list_add_pending(lru, loc_l, cpu, node, hash);
- raw_spin_unlock_irqrestore(&loc_l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
}
return node;
@@ -511,10 +517,11 @@ static void bpf_common_lru_push_free(struct bpf_lru *lru,
loc_l = per_cpu_ptr(lru->common_lru.local_list, node->cpu);
- raw_spin_lock_irqsave(&loc_l->lock, flags);
+ if (raw_res_spin_lock_irqsave(&loc_l->lock, flags))
+ return;
if (unlikely(node->type != BPF_LRU_LOCAL_LIST_T_PENDING)) {
- raw_spin_unlock_irqrestore(&loc_l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
goto check_lru_list;
}
@@ -522,7 +529,7 @@ static void bpf_common_lru_push_free(struct bpf_lru *lru,
bpf_lru_node_clear_ref(node);
list_move(&node->list, local_free_list(loc_l));
- raw_spin_unlock_irqrestore(&loc_l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
return;
}
@@ -538,11 +545,12 @@ static void bpf_percpu_lru_push_free(struct bpf_lru *lru,
l = per_cpu_ptr(lru->percpu_lru, node->cpu);
- raw_spin_lock_irqsave(&l->lock, flags);
+ if (raw_res_spin_lock_irqsave(&l->lock, flags))
+ return;
__bpf_lru_node_move(l, node, BPF_LRU_LIST_T_FREE);
- raw_spin_unlock_irqrestore(&l->lock, flags);
+ raw_res_spin_unlock_irqrestore(&l->lock, flags);
}
void bpf_lru_push_free(struct bpf_lru *lru, struct bpf_lru_node *node)
@@ -625,7 +633,7 @@ static void bpf_lru_locallist_init(struct bpf_lru_locallist *loc_l, int cpu)
loc_l->next_steal = cpu;
- raw_spin_lock_init(&loc_l->lock);
+ raw_res_spin_lock_init(&loc_l->lock);
}
static void bpf_lru_list_init(struct bpf_lru_list *l)
@@ -640,7 +648,7 @@ static void bpf_lru_list_init(struct bpf_lru_list *l)
l->next_inactive_rotation = &l->lists[BPF_LRU_LIST_T_INACTIVE];
- raw_spin_lock_init(&l->lock);
+ raw_res_spin_lock_init(&l->lock);
}
int bpf_lru_init(struct bpf_lru *lru, bool percpu, u32 hash_offset,
diff --git a/kernel/bpf/bpf_lru_list.h b/kernel/bpf/bpf_lru_list.h
index fe2661a58ea9..ecd93c77a7ff 100644
--- a/kernel/bpf/bpf_lru_list.h
+++ b/kernel/bpf/bpf_lru_list.h
@@ -7,6 +7,7 @@
#include <linux/cache.h>
#include <linux/list.h>
#include <linux/spinlock_types.h>
+#include <asm/rqspinlock.h>
#define NR_BPF_LRU_LIST_T (3)
#define NR_BPF_LRU_LIST_COUNT (2)
@@ -34,13 +35,13 @@ struct bpf_lru_list {
/* The next inactive list rotation starts from here */
struct list_head *next_inactive_rotation;
- raw_spinlock_t lock ____cacheline_aligned_in_smp;
+ rqspinlock_t lock ____cacheline_aligned_in_smp;
};
struct bpf_lru_locallist {
struct list_head lists[NR_BPF_LRU_LOCAL_LIST_T];
u16 next_steal;
- raw_spinlock_t lock;
+ rqspinlock_t lock;
};
struct bpf_common_lru {
--
2.53.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Forwarded: Re: [PATCH RFC v2] bpf: lru: Use resilient spinlocks to prevent NMI deadlocks
2025-12-22 19:02 [syzbot] [bpf?] inconsistent lock state in bpf_lru_push_free syzbot
2025-12-22 20:11 ` syzbot
2026-03-15 15:52 ` Forwarded: test: bpf lru nmi deadlock fix syzbot
@ 2026-05-19 7:04 ` syzbot
2 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2026-05-19 7:04 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: Re: [PATCH RFC v2] bpf: lru: Use resilient spinlocks to prevent NMI deadlocks
Author: dvyukov@google.com
#syz upstream
On Sat, 16 May 2026 at 19:17, 'syzbot' via
syzkaller-upstream-moderation
<syzkaller-upstream-moderation@googlegroups.com> wrote:
>
> BPF LRU maps currently use standard `raw_spinlock_t` for their local and
> global list locks, which are not NMI-safe. If an NMI (such as a perf
> event hardware breakpoint) interrupts a normal context that is holding
> an LRU list lock, and a BPF program executed in the NMI context attempts
> to acquire the exact same lock (e.g., via `bpf_map_delete_elem`), it
> will spin forever waiting for the lock to be released. This results in a
> hard deadlock because the context holding the lock has been preempted by
> the NMI itself. Lockdep correctly detects this unsafe `{INITIAL USE} ->
> {IN-NMI}` transition and emits an inconsistent lock state warning.
>
> To resolve this, update the LRU list implementation to use resilient
> queued spinlocks (`rqspinlock_t`), similar to how bucket locks in
> standard BPF hash maps were previously converted. Resilient spinlocks
> are NMI-safe because they detect deadlocks (such as re-entrancy on the
> same CPU) and return an error instead of hanging. Replace all standard
> spinlock operations with their resilient counterparts in
> `bpf_lru_list.c`. Since resilient spinlock acquisitions can fail, update
> the LRU functions to handle these failures gracefully. For pop
> functions, return `NULL` when the lock cannot be acquired, which callers
> already handle by propagating an `-ENOMEM` error. When stealing nodes
> from remote CPUs, safely skip the CPU if its lock cannot be acquired.
> For push and flush functions, abort and return early if the lock fails,
> effectively leaking the LRU node, which is an acceptable trade-off to
> prevent a hard system deadlock in NMI context.
>
> Fixes: 3a08c2fd763450a927d1130de078d6f9e74944fb ("bpf: LRU List")
> Assisted-by: Gemini:gemini-3.1-pro-preview Gemini:gemini-3-flash-preview
> Reported-by: syzbot+c69a0a2c816716f1e0d5@syzkaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?extid=c69a0a2c816716f1e0d5
> Link: https://syzkaller.appspot.com/ai_job?id=5256e80f-91f9-40da-865e-578a2aee46ad
> To: <bpf@vger.kernel.org>
> To: <martin.lau@linux.dev>
> Cc: <andrii@kernel.org>
> Cc: <ast@kernel.org>
> Cc: <daniel@iogearbox.net>
> Cc: <eddyz87@gmail.com>
> Cc: <jolsa@kernel.org>
> Cc: <linux-kernel@vger.kernel.org>
> Cc: <memxor@gmail.com>
> Cc: <song@kernel.org>
> Cc: <yonghong.song@linux.dev>
>
> ---
> v2:
> - Added missing `<asm/rqspinlock.h>` include in `kernel/bpf/bpf_lru_list.c`.
>
> v1:
> https://lore.kernel.org/all/dcebc4bd-5cc1-4dc9-b82b-6cca0fad128b@mail.kernel.org/T/
> ---
> diff --git a/kernel/bpf/bpf_lru_list.c b/kernel/bpf/bpf_lru_list.c
> index e7a2fc605..3d6613378 100644
> --- a/kernel/bpf/bpf_lru_list.c
> +++ b/kernel/bpf/bpf_lru_list.c
> @@ -4,6 +4,7 @@
> #include <linux/cpumask.h>
> #include <linux/spinlock.h>
> #include <linux/percpu.h>
> +#include <asm/rqspinlock.h>
>
> #include "bpf_lru_list.h"
>
> @@ -307,9 +308,10 @@ static void bpf_lru_list_push_free(struct bpf_lru_list *l,
> if (WARN_ON_ONCE(IS_LOCAL_LIST_TYPE(node->type)))
> return;
>
> - raw_spin_lock_irqsave(&l->lock, flags);
> + if (raw_res_spin_lock_irqsave(&l->lock, flags))
> + return;
> __bpf_lru_node_move(l, node, BPF_LRU_LIST_T_FREE);
> - raw_spin_unlock_irqrestore(&l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&l->lock, flags);
> }
>
> static void bpf_lru_list_pop_free_to_local(struct bpf_lru *lru,
> @@ -319,7 +321,8 @@ static void bpf_lru_list_pop_free_to_local(struct bpf_lru *lru,
> struct bpf_lru_node *node, *tmp_node;
> unsigned int nfree = 0;
>
> - raw_spin_lock(&l->lock);
> + if (raw_res_spin_lock(&l->lock))
> + return;
>
> __local_list_flush(l, loc_l);
>
> @@ -338,7 +341,7 @@ static void bpf_lru_list_pop_free_to_local(struct bpf_lru *lru,
> local_free_list(loc_l),
> BPF_LRU_LOCAL_LIST_T_FREE);
>
> - raw_spin_unlock(&l->lock);
> + raw_res_spin_unlock(&l->lock);
> }
>
> static void __local_list_add_pending(struct bpf_lru *lru,
> @@ -404,7 +407,8 @@ static struct bpf_lru_node *bpf_percpu_lru_pop_free(struct bpf_lru *lru,
>
> l = per_cpu_ptr(lru->percpu_lru, cpu);
>
> - raw_spin_lock_irqsave(&l->lock, flags);
> + if (raw_res_spin_lock_irqsave(&l->lock, flags))
> + return NULL;
>
> __bpf_lru_list_rotate(lru, l);
>
> @@ -420,7 +424,7 @@ static struct bpf_lru_node *bpf_percpu_lru_pop_free(struct bpf_lru *lru,
> __bpf_lru_node_move(l, node, BPF_LRU_LIST_T_INACTIVE);
> }
>
> - raw_spin_unlock_irqrestore(&l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&l->lock, flags);
>
> return node;
> }
> @@ -437,7 +441,8 @@ static struct bpf_lru_node *bpf_common_lru_pop_free(struct bpf_lru *lru,
>
> loc_l = per_cpu_ptr(clru->local_list, cpu);
>
> - raw_spin_lock_irqsave(&loc_l->lock, flags);
> + if (raw_res_spin_lock_irqsave(&loc_l->lock, flags))
> + return NULL;
>
> node = __local_list_pop_free(loc_l);
> if (!node) {
> @@ -448,7 +453,7 @@ static struct bpf_lru_node *bpf_common_lru_pop_free(struct bpf_lru *lru,
> if (node)
> __local_list_add_pending(lru, loc_l, cpu, node, hash);
>
> - raw_spin_unlock_irqrestore(&loc_l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
>
> if (node)
> return node;
> @@ -466,23 +471,26 @@ static struct bpf_lru_node *bpf_common_lru_pop_free(struct bpf_lru *lru,
> do {
> steal_loc_l = per_cpu_ptr(clru->local_list, steal);
>
> - raw_spin_lock_irqsave(&steal_loc_l->lock, flags);
> + if (raw_res_spin_lock_irqsave(&steal_loc_l->lock, flags))
> + goto next_steal;
>
> node = __local_list_pop_free(steal_loc_l);
> if (!node)
> node = __local_list_pop_pending(lru, steal_loc_l);
>
> - raw_spin_unlock_irqrestore(&steal_loc_l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&steal_loc_l->lock, flags);
>
> +next_steal:
> steal = cpumask_next_wrap(steal, cpu_possible_mask);
> } while (!node && steal != first_steal);
>
> loc_l->next_steal = steal;
>
> if (node) {
> - raw_spin_lock_irqsave(&loc_l->lock, flags);
> + if (raw_res_spin_lock_irqsave(&loc_l->lock, flags))
> + return NULL;
> __local_list_add_pending(lru, loc_l, cpu, node, hash);
> - raw_spin_unlock_irqrestore(&loc_l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
> }
>
> return node;
> @@ -511,10 +519,11 @@ static void bpf_common_lru_push_free(struct bpf_lru *lru,
>
> loc_l = per_cpu_ptr(lru->common_lru.local_list, node->cpu);
>
> - raw_spin_lock_irqsave(&loc_l->lock, flags);
> + if (raw_res_spin_lock_irqsave(&loc_l->lock, flags))
> + return;
>
> if (unlikely(node->type != BPF_LRU_LOCAL_LIST_T_PENDING)) {
> - raw_spin_unlock_irqrestore(&loc_l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
> goto check_lru_list;
> }
>
> @@ -522,7 +531,7 @@ static void bpf_common_lru_push_free(struct bpf_lru *lru,
> bpf_lru_node_clear_ref(node);
> list_move(&node->list, local_free_list(loc_l));
>
> - raw_spin_unlock_irqrestore(&loc_l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&loc_l->lock, flags);
> return;
> }
>
> @@ -538,11 +547,12 @@ static void bpf_percpu_lru_push_free(struct bpf_lru *lru,
>
> l = per_cpu_ptr(lru->percpu_lru, node->cpu);
>
> - raw_spin_lock_irqsave(&l->lock, flags);
> + if (raw_res_spin_lock_irqsave(&l->lock, flags))
> + return;
>
> __bpf_lru_node_move(l, node, BPF_LRU_LIST_T_FREE);
>
> - raw_spin_unlock_irqrestore(&l->lock, flags);
> + raw_res_spin_unlock_irqrestore(&l->lock, flags);
> }
>
> void bpf_lru_push_free(struct bpf_lru *lru, struct bpf_lru_node *node)
> @@ -625,7 +635,7 @@ static void bpf_lru_locallist_init(struct bpf_lru_locallist *loc_l, int cpu)
>
> loc_l->next_steal = cpu;
>
> - raw_spin_lock_init(&loc_l->lock);
> + raw_res_spin_lock_init(&loc_l->lock);
> }
>
> static void bpf_lru_list_init(struct bpf_lru_list *l)
> @@ -640,7 +650,7 @@ static void bpf_lru_list_init(struct bpf_lru_list *l)
>
> l->next_inactive_rotation = &l->lists[BPF_LRU_LIST_T_INACTIVE];
>
> - raw_spin_lock_init(&l->lock);
> + raw_res_spin_lock_init(&l->lock);
> }
>
> int bpf_lru_init(struct bpf_lru *lru, bool percpu, u32 hash_offset,
> diff --git a/kernel/bpf/bpf_lru_list.h b/kernel/bpf/bpf_lru_list.h
> index fe2661a58..ecd93c77a 100644
> --- a/kernel/bpf/bpf_lru_list.h
> +++ b/kernel/bpf/bpf_lru_list.h
> @@ -7,6 +7,7 @@
> #include <linux/cache.h>
> #include <linux/list.h>
> #include <linux/spinlock_types.h>
> +#include <asm/rqspinlock.h>
>
> #define NR_BPF_LRU_LIST_T (3)
> #define NR_BPF_LRU_LIST_COUNT (2)
> @@ -34,13 +35,13 @@ struct bpf_lru_list {
> /* The next inactive list rotation starts from here */
> struct list_head *next_inactive_rotation;
>
> - raw_spinlock_t lock ____cacheline_aligned_in_smp;
> + rqspinlock_t lock ____cacheline_aligned_in_smp;
> };
>
> struct bpf_lru_locallist {
> struct list_head lists[NR_BPF_LRU_LOCAL_LIST_T];
> u16 next_steal;
> - raw_spinlock_t lock;
> + rqspinlock_t lock;
> };
>
> struct bpf_common_lru {
>
>
> base-commit: 5d6919055dec134de3c40167a490f33c74c12581
> --
> This is an AI-generated patch subject to moderation.
> Reply with '#syz upstream' to send it to the mailing list.
> Reply with '#syz reject' to reject it.
>
> See for more information.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-moderation+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/471284ae-0b11-43ca-ad34-e497fe2ee24e%40mail.kernel.org.
--
You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-moderation+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/CACT4Y%2Bb%3DUYSxh_7Ct%2Bx4Trh8fR2R%3DuLJj4_EFzRXiZ9f2Chp6Q%40mail.gmail.com.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-05-19 7:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-22 19:02 [syzbot] [bpf?] inconsistent lock state in bpf_lru_push_free syzbot
2025-12-22 20:11 ` syzbot
2026-03-15 15:52 ` Forwarded: test: bpf lru nmi deadlock fix syzbot
2026-05-19 7:04 ` Forwarded: Re: [PATCH RFC v2] bpf: lru: Use resilient spinlocks to prevent NMI deadlocks syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.