syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15780]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in drain_mem_cache (3)

Status: upstream: reported on 2025/04/14 17:56
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+18139576507d899c8066@syzkaller.appspotmail.com
First crash: 46d, last: 9d16h
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly bpf report (Apr 2025) 0 (1) 2025/04/24 07:48
[syzbot] [bpf?] general protection fault in drain_mem_cache (3) 0 (1) 2025/04/14 17:56
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in drain_mem_cache (2) bpf 1 253d 249d 0/28 auto-obsoleted due to no activity on 2024/12/05 06:33
upstream general protection fault in drain_mem_cache bpf 1 360d 356d 0/28 auto-obsoleted due to no activity on 2024/08/19 11:43

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 UID: 0 PID: 1138 Comm: kworker/u8:6 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
Workqueue: events_unbound bpf_map_free_deferred
RIP: 0010:free_all kernel/bpf/memalloc.c:268 [inline]
RIP: 0010:drain_mem_cache+0x68/0x480 kernel/bpf/memalloc.c:638
Code: de e8 8c 0b d8 ff 49 8d be a8 00 00 00 be 08 00 00 00 e8 6b fe 39 00 4d 87 be a8 00 00 00 4d 85 ff 74 6a 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 a9 fb 39 00 49 8b 2f 85 db 74 2a
RSP: 0018:ffffc90003a8fa28 EFLAGS: 00010212
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81e7c915
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffe8ffffc2f768
RBP: 0000000000000000 R08: ffffe8ffffc2f76f R09: 1ffffd1ffff85eed
R10: dffffc0000000000 R11: fffff91ffff85eee R12: ffffe8ffffc2f6c0
R13: dffffc0000000000 R14: ffffe8ffffc2f6c0 R15: 0000000000000009
FS:  0000000000000000(0000) GS:ffff8881260cb000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555861825c8 CR3: 000000007ac85000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 bpf_mem_alloc_destroy+0x13d/0x4d0 kernel/bpf/memalloc.c:754
 trie_free+0x132/0x150 kernel/bpf/lpm_trie.c:652
 bpf_map_free kernel/bpf/syscall.c:861 [inline]
 bpf_map_free_deferred+0xed/0x110 kernel/bpf/syscall.c:887
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4e/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:free_all kernel/bpf/memalloc.c:268 [inline]
RIP: 0010:drain_mem_cache+0x68/0x480 kernel/bpf/memalloc.c:638
Code: de e8 8c 0b d8 ff 49 8d be a8 00 00 00 be 08 00 00 00 e8 6b fe 39 00 4d 87 be a8 00 00 00 4d 85 ff 74 6a 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 a9 fb 39 00 49 8b 2f 85 db 74 2a
RSP: 0018:ffffc90003a8fa28 EFLAGS: 00010212
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81e7c915
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffe8ffffc2f768
RBP: 0000000000000000 R08: ffffe8ffffc2f76f R09: 1ffffd1ffff85eed
R10: dffffc0000000000 R11: fffff91ffff85eee R12: ffffe8ffffc2f6c0
R13: dffffc0000000000 R14: ffffe8ffffc2f6c0 R15: 0000000000000009
FS:  0000000000000000(0000) GS:ffff8881260cb000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000005d813000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	de e8                	fsubrp %st,%st(0)
   2:	8c 0b                	mov    %cs,(%rbx)
   4:	d8 ff                	fdivr  %st(7),%st
   6:	49 8d be a8 00 00 00 	lea    0xa8(%r14),%rdi
   d:	be 08 00 00 00       	mov    $0x8,%esi
  12:	e8 6b fe 39 00       	call   0x39fe82
  17:	4d 87 be a8 00 00 00 	xchg   %r15,0xa8(%r14)
  1e:	4d 85 ff             	test   %r15,%r15
  21:	74 6a                	je     0x8d
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 ff             	mov    %r15,%rdi
  34:	e8 a9 fb 39 00       	call   0x39fbe2
  39:	49 8b 2f             	mov    (%r15),%rbp
  3c:	85 db                	test   %ebx,%ebx
  3e:	74 2a                	je     0x6a

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/07 15:05 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in drain_mem_cache
2025/05/02 22:39 upstream 2bfcee565c3a b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in drain_mem_cache
2025/04/14 17:55 upstream 8ffd015db85f 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in drain_mem_cache
2025/04/12 00:19 upstream 900241a5cc15 12ba9c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in drain_mem_cache
2025/04/12 00:19 upstream 900241a5cc15 12ba9c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in drain_mem_cache
2025/04/06 09:30 linux-next a4cda136f021 1c65791e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in drain_mem_cache
2025/03/31 23:00 linux-next 405e2241def8 36d76a97 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in drain_mem_cache
2025/05/05 09:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in drain_mem_cache
2025/05/04 08:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in drain_mem_cache
2025/04/30 12:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e0f4c8dd9d2d 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in drain_mem_cache
2025/04/22 16:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in drain_mem_cache
* Struck through repros no longer work on HEAD.