CI Failure: Fuzzer discovers malformed BPF program causing verifier infinite loop #762
Description
Summary
The fuzzer has discovered a malformed BPF program that causes the external verifier (prevail) to enter an infinite loop during verification, resulting in CI failures across all workflow runs on the main branch.
Impact
- All CI runs failing: Fuzzing jobs time out after 60+ seconds on a single test case
- Affects: Both Windows and Ubuntu fuzzer runs
- First observed: After commit 82f44fc ("Switch to mainline prevail Switch to mainline prevail #759") merged on Feb 9, 2026
- Last successful run: Feb 8, 2026 21:03 UTC (scheduled run)
Reproduction
The malformed BPF program (57 bytes) that triggers the infinite loop:
Hex dump:
0x20,0x0,0x0,0x0,0x18,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,
0x0,0x38,0x0,0xff,0x46,0x0,0xff,0xff,0x0,0x9,0x0,0x21,0x5,0x0,0xff,0xff,
0x0,0x0,0x0,0x0,0x0,0x0,0x59,0x59,0x59,0x64,0x0,0x4,0x0,0x1,0x0,0x40,
0x4,0x37,0x0,0xfe,0xff,0x36,0x1a,0x0,0x0
Base64:
IAAAABgAAAAAAAAAAAAAAAA4AP9GAP//AAkAIQUA//8AAAAAAABZWVlkAAQAAQBABDcA/v82GgAA
Artifact SHA:
timeout-8375b134ccebbeeb949d47523ddb3165c17aa3b9
Failing CI Runs
| Run ID | Commit | Date | Job |
|---|---|---|---|
| 21843099892 | 2749995 (MOVSX #760) | Feb 9 22:21 | fuzzing / run_fuzzer (windows-latest, x86_64) |
| 21840776934 | 44888ce | Feb 9 21:09 | fuzzing / run_fuzzer (both) |
| 21837419504 | 44888ce (bpf_conformance bump #761) | Feb 9 19:20 | fuzzing / run_fuzzer (windows-latest, x86_64) |
| 21835941123 | 82f44fc (Switch to mainline prevail #759) | Feb 9 18:13 | fuzzing / run_fuzzer |
Fuzzer Log Excerpt
ALARM: working on the last Unit for 64 seconds
and the timeout value is 60 (use -timeout=N to change)
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0x20,0x0,0x0,0x0,0x18,0x0,0x0,0x0,...
artifact_prefix='artifacts/'; Test unit written to artifacts/timeout-8375b134ccebbeeb949d47523ddb3165c17aa3b9
Base64: IAAAABgAAAAAAAAAAAAAAAA4AP9GAP//AAkAIQUA//8AAAAAAABZWVlkAAQAAQBABDcA/v82GgAA
==5528== ERROR: libFuzzer: timeout after 64 seconds
Root Cause Analysis
The issue appears to be related to the switch to mainline prevail verifier (PR #759, commit 82f44fc). The malformed BPF program contains:
- Instruction 0:
0x20- ABS load 32-bit (requires packet context) - Unusual byte sequences that may represent malformed wide instructions or invalid opcodes
The verifier should reject this program quickly but instead enters an infinite verification loop.
Suggested Fix
- Immediate workaround: Add this test case to the fuzzer's ignore list or add a verification timeout in the fuzzer harness
- Upstream fix: File an issue in vbpf/prevail with this reproducer so the verifier can be fixed to handle this malformed input gracefully
Related
- PR Switch to mainline prevail #759: Switch to mainline prevail
- Verifier repo: https://github.com/vbpf/prevail