syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [73]
🐞 Invalid [891]
Missing Backports [115]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in htab_map_delete_elem

Status: upstream: reported C repro on 2024/11/25 00:38
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+[email protected]
First crash: 203d, last: 1d09h
Fix commit to backport (bisect log) :
tree: upstream
commit 9f2c6e96c65e6fa1aebef546be0c30a5895fcb37
Author: Alexei Starovoitov <[email protected]>
Date: Fri Sep 2 21:10:58 2022 +0000

  bpf: Optimize rcu_barrier usage between hash map and bpf_mem_alloc.

  
Bug presence (2)
Date Name Commit Repro Result
2024/11/25 linux-5.15.y (ToT) 0a51d2d4527b C [report] possible deadlock in htab_map_delete_elem
2024/11/25 upstream (ToT) 9f16d5e6f220 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in htab_map_delete_elem bpf C 3 127d 278d 0/28 auto-obsoleted due to no activity on 2025/05/19 18:11
Last patch testing requests (9)
Created Duration User Patch Repo Result
2025/06/15 06:41 13m retest repro linux-5.15.y report log
2025/05/11 17:04 10m retest repro linux-5.15.y report log
2025/04/25 05:41 10m retest repro linux-5.15.y report log
2025/04/10 00:54 11m retest repro linux-5.15.y report log
2025/04/10 00:54 15m retest repro linux-5.15.y report log
2025/03/02 16:22 12m retest repro linux-5.15.y report log
2025/02/12 14:05 11m retest repro linux-5.15.y report log
2025/01/29 11:22 17m retest repro linux-5.15.y report log
2025/01/29 11:22 12m retest repro linux-5.15.y report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/12/06 18:27 8h04m fix candidate upstream OK (1) job log

Sample crash report:
============================================
WARNING: possible recursive locking detected
5.15.184-syzkaller #0 Not tainted
--------------------------------------------
syz-executor253/4167 is trying to acquire lock:
ffff888079704598 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket kernel/bpf/hashtab.c:183 [inline]
ffff888079704598 (&htab->lockdep_key){....}-{2:2}, at: htab_map_delete_elem+0x1b2/0x520 kernel/bpf/hashtab.c:1361

but task is already holding lock:
ffff8880797002f0 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket kernel/bpf/hashtab.c:183 [inline]
ffff8880797002f0 (&htab->lockdep_key){....}-{2:2}, at: htab_map_update_elem+0x225/0xa40 kernel/bpf/hashtab.c:1082

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&htab->lockdep_key);
  lock(&htab->lockdep_key);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor253/4167:
 #0: ffffffff8c11c060 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311
 #1: ffff8880797002f0 (&htab->lockdep_key){....}-{2:2}, at: htab_lock_bucket kernel/bpf/hashtab.c:183 [inline]
 #1: ffff8880797002f0 (&htab->lockdep_key){....}-{2:2}, at: htab_map_update_elem+0x225/0xa40 kernel/bpf/hashtab.c:1082
 #2: ffffffff8c11c060 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:311

stack backtrace:
CPU: 0 PID: 4167 Comm: syz-executor253 Not tainted 5.15.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 __lock_acquire+0x1227/0x7c60 kernel/locking/lockdep.c:-1
 lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
 htab_lock_bucket kernel/bpf/hashtab.c:183 [inline]
 htab_map_delete_elem+0x1b2/0x520 kernel/bpf/hashtab.c:1361
 bpf_prog_a5eea3fa43a7ddf4+0x41/0x558
 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
 bpf_trace_run4+0x188/0x330 kernel/trace/bpf_trace.c:1917
 __bpf_trace_mm_page_alloc+0xbf/0xf0 include/trace/events/kmem.h:201
 trace_mm_page_alloc include/trace/events/kmem.h:201 [inline]
 __alloc_pages+0x449/0x470 mm/page_alloc.c:5488
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_node include/linux/gfp.h:584 [inline]
 kmalloc_large_node+0x7d/0x190 mm/slub.c:4421
 __kmalloc_node+0x232/0x3b0 mm/slub.c:4437
 kmalloc_node include/linux/slab.h:627 [inline]
 bpf_map_kmalloc_node+0xba/0x140 kernel/bpf/syscall.c:430
 alloc_htab_elem+0x28f/0x980 kernel/bpf/hashtab.c:973
 htab_map_update_elem+0x3c3/0xa40 kernel/bpf/hashtab.c:1106
 bpf_map_update_value+0x591/0x670 kernel/bpf/syscall.c:221
 generic_map_update_batch+0x525/0x7c0 kernel/bpf/syscall.c:1424
 bpf_map_do_batch+0x466/0x600 kernel/bpf/syscall.c:-1
 __sys_bpf+0x601/0x670 kernel/bpf/syscall.c:-1
 __do_sys_bpf kernel/bpf/syscall.c:4755 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4753 [inline]
 __x64_sys_bpf+0x78/0x90 kernel/bpf/syscall.c:4753
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7faeed48e769
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf1b50018 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 5f656761705f6d6d RCX: 00007faeed48e769
RDX: 0000000000000038 RSI: 0000200000000300 RDI: 0

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/01 04:55 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in htab_map_delete_elem
2025/02/16 03:17 linux-5.15.y c16c81c81336 40a34ec9 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-perf possible deadlock in htab_map_delete_elem
2025/01/15 10:03 linux-5.15.y 4735586da88e 7315a7cf .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-perf possible deadlock in htab_map_delete_elem
2025/01/04 18:13 linux-5.15.y 91786f140358 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-perf possible deadlock in htab_map_delete_elem
2024/11/25 01:21 linux-5.15.y 0a51d2d4527b 68da6d95 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in htab_map_delete_elem
2025/06/01 04:25 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in htab_map_delete_elem
2025/06/01 04:24 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in htab_map_delete_elem
2025/02/16 14:35 linux-5.15.y c16c81c81336 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-perf possible deadlock in htab_map_delete_elem
2024/11/25 00:37 linux-5.15.y 0a51d2d4527b 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in htab_map_delete_elem
* Struck through repros no longer work on HEAD.
OSZAR »