Re: [RFC PATCH 6.1.y 0/2] bpf: backport scalar not-equal tracking fixes

Next message: Sechang Lim: "[PATCH bpf v3] bpf: fix NULL pointer dereference in bpf_task_from_vpid()"
Previous message: Wentao Liang: "[PATCH] drm/amd/display: fix refcount leak in detect_link_and_local_sink()"
In reply to: Zhenzhong Wu: "Re: [RFC PATCH 6.1.y 0/2] bpf: backport scalar not-equal tracking fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Shung-Hsi Yu

Date: Sat Jun 06 2026 - 05:19:54 EST

Just want to send out a quick reply after looking at this.

On Wed, Jun 03, 2026 at 01:25:15AM +0800, Zhenzhong Wu wrote:
> Hi Shung-Hsi,
...
> I ran the suggested checks with the same reproducer, where BAD means the
> program ran and observed the unexpected error, and GOOD means no error was
> observed:
>
> - latest 6.6.y, v6.6.142 (924b4a879cbb): BAD
> - bpf-next at b93c55b4932d: GOOD
> - bpf-next with the d028f87517d6 JNE refinement reverted: still GOOD
>
> So the issue still reproduces on the latest 6.6.y, but d028f87517d6 alone
> does not explain why bpf-next passes. I'll do more narrowing and update the
> candidate backport set accordingly.
...

I think it possibly comes down to commit 4bf79f9be434e ("bpf: Track
equal scalars history on per-instruction level") added in v6.12. Without
that, the precise mark wasn't propogated (for scalars with the same ID),
and that likely made the state comparison (invalidly) go through.

Shung-Hsi