[v6.6] WARNING: suspicious RCU usage in get_callchain_entry
4 views
Skip to first unread message
syzbot
Jun 17, 2025, 10:15:33 PM6/17/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c2603c511feb Linux 6.6.93
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1690750c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=486bade17c8c30b9
dashboard link: https://syzkaller.appspot.com/bug?extid=013fb58ec10bd119bf65
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8754f950a6e7/disk-c2603c51.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b19332dbf63/vmlinux-c2603c51.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb245e836038/bzImage-c2603c51.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+013fb5...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
6.6.93-syzkaller #0 Not tainted
-----------------------------
kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz.0.2979/23361:
#0: ffffffff8cd2f900 (rcu_read_lock_trace){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
#0: ffffffff8cd2f900 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 include/linux/rcupdate_trace.h:57
stack backtrace:
CPU: 0 PID: 23361 Comm: syz.0.2979 Not tainted 6.6.93-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
<TASK>
dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
lockdep_rcu_suspicious+0x1e1/0x300 kernel/locking/lockdep.c:6731
get_callchain_entry+0x2a9/0x3c0 kernel/events/callchain.c:161
get_perf_callchain+0xa3/0x4b0 kernel/events/callchain.c:187
__bpf_get_stack+0x2d7/0x510 kernel/bpf/stackmap.c:435
____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1917 [inline]
bpf_get_stack_raw_tp+0x195/0x220 kernel/trace/bpf_trace.c:1907
bpf_prog_d43750871481577d+0x45/0x49
bpf_dispatcher_nop_func include/linux/bpf.h:1213 [inline]
__bpf_prog_run include/linux/filter.h:612 [inline]
bpf_prog_run include/linux/filter.h:619 [inline]
bpf_prog_run_pin_on_cpu+0x63/0x140 include/linux/filter.h:636
bpf_prog_test_run_syscall+0x311/0x490 net/bpf/test_run.c:1501
bpf_prog_test_run+0x321/0x390 kernel/bpf/syscall.c:4123
__sys_bpf+0x440/0x800 kernel/bpf/syscall.c:5485
__do_sys_bpf kernel/bpf/syscall.c:5571 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5569 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5569
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f402758e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f40284e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f40277b5fa0 RCX: 00007f402758e929
RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a
RBP: 00007f4027610b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f40277b5fa0 R15: 00007fff922e9ec8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c2603c511feb Linux 6.6.93
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1690750c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=486bade17c8c30b9
dashboard link: https://syzkaller.appspot.com/bug?extid=013fb58ec10bd119bf65
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8754f950a6e7/disk-c2603c51.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b19332dbf63/vmlinux-c2603c51.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb245e836038/bzImage-c2603c51.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+013fb5...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
6.6.93-syzkaller #0 Not tainted
-----------------------------
kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz.0.2979/23361:
#0: ffffffff8cd2f900 (rcu_read_lock_trace){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
#0: ffffffff8cd2f900 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 include/linux/rcupdate_trace.h:57
stack backtrace:
CPU: 0 PID: 23361 Comm: syz.0.2979 Not tainted 6.6.93-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
<TASK>
dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
lockdep_rcu_suspicious+0x1e1/0x300 kernel/locking/lockdep.c:6731
get_callchain_entry+0x2a9/0x3c0 kernel/events/callchain.c:161
get_perf_callchain+0xa3/0x4b0 kernel/events/callchain.c:187
__bpf_get_stack+0x2d7/0x510 kernel/bpf/stackmap.c:435
____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1917 [inline]
bpf_get_stack_raw_tp+0x195/0x220 kernel/trace/bpf_trace.c:1907
bpf_prog_d43750871481577d+0x45/0x49
bpf_dispatcher_nop_func include/linux/bpf.h:1213 [inline]
__bpf_prog_run include/linux/filter.h:612 [inline]
bpf_prog_run include/linux/filter.h:619 [inline]
bpf_prog_run_pin_on_cpu+0x63/0x140 include/linux/filter.h:636
bpf_prog_test_run_syscall+0x311/0x490 net/bpf/test_run.c:1501
bpf_prog_test_run+0x321/0x390 kernel/bpf/syscall.c:4123
__sys_bpf+0x440/0x800 kernel/bpf/syscall.c:5485
__do_sys_bpf kernel/bpf/syscall.c:5571 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5569 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5569
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f402758e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f40284e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f40277b5fa0 RCX: 00007f402758e929
RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a
RBP: 00007f4027610b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f40277b5fa0 R15: 00007fff922e9ec8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 18, 2025, 5:11:24 AM6/18/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: c2603c511feb Linux 6.6.93
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12d835d4580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12c0a370580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8754f950a6e7/disk-c2603c51.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b19332dbf63/vmlinux-c2603c51.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb245e836038/bzImage-c2603c51.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+013fb5...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
6.6.93-syzkaller #0 Not tainted
-----------------------------
kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor416/5760:
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffcbd48ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000200000000440 RCX: 00007fe3a61486a9
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: c2603c511feb Linux 6.6.93
git tree: linux-6.6.y
kernel config: https://syzkaller.appspot.com/x/.config?x=486bade17c8c30b9
dashboard link: https://syzkaller.appspot.com/bug?extid=013fb58ec10bd119bf65
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d0f50c580000
dashboard link: https://syzkaller.appspot.com/bug?extid=013fb58ec10bd119bf65
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12c0a370580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8754f950a6e7/disk-c2603c51.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b19332dbf63/vmlinux-c2603c51.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb245e836038/bzImage-c2603c51.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+013fb5...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
6.6.93-syzkaller #0 Not tainted
-----------------------------
kernel/events/callchain.c:161 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
#0: ffffffff8cd2f900 (rcu_read_lock_trace){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:334 [inline]
#0: ffffffff8cd2f900 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 include/linux/rcupdate_trace.h:57
stack backtrace:
CPU: 0 PID: 5760 Comm: syz-executor416 Not tainted 6.6.93-syzkaller #0
#0: ffffffff8cd2f900 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x37/0x70 include/linux/rcupdate_trace.h:57
stack backtrace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
<TASK>
dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
lockdep_rcu_suspicious+0x1e1/0x300 kernel/locking/lockdep.c:6731
get_callchain_entry+0x2a9/0x3c0 kernel/events/callchain.c:161
get_perf_callchain+0xa3/0x4b0 kernel/events/callchain.c:187
__bpf_get_stack+0x2d7/0x510 kernel/bpf/stackmap.c:435
____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1917 [inline]
bpf_get_stack_raw_tp+0x195/0x220 kernel/trace/bpf_trace.c:1907
bpf_prog_d43750871481577d+0x45/0x49
bpf_dispatcher_nop_func include/linux/bpf.h:1213 [inline]
__bpf_prog_run include/linux/filter.h:612 [inline]
bpf_prog_run include/linux/filter.h:619 [inline]
bpf_prog_run_pin_on_cpu+0x63/0x140 include/linux/filter.h:636
bpf_prog_test_run_syscall+0x311/0x490 net/bpf/test_run.c:1501
bpf_prog_test_run+0x321/0x390 kernel/bpf/syscall.c:4123
__sys_bpf+0x440/0x800 kernel/bpf/syscall.c:5485
__do_sys_bpf kernel/bpf/syscall.c:5571 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5569 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5569
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fe3a61486a9
Call Trace:
<TASK>
dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
lockdep_rcu_suspicious+0x1e1/0x300 kernel/locking/lockdep.c:6731
get_callchain_entry+0x2a9/0x3c0 kernel/events/callchain.c:161
get_perf_callchain+0xa3/0x4b0 kernel/events/callchain.c:187
__bpf_get_stack+0x2d7/0x510 kernel/bpf/stackmap.c:435
____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1917 [inline]
bpf_get_stack_raw_tp+0x195/0x220 kernel/trace/bpf_trace.c:1907
bpf_prog_d43750871481577d+0x45/0x49
bpf_dispatcher_nop_func include/linux/bpf.h:1213 [inline]
__bpf_prog_run include/linux/filter.h:612 [inline]
bpf_prog_run include/linux/filter.h:619 [inline]
bpf_prog_run_pin_on_cpu+0x63/0x140 include/linux/filter.h:636
bpf_prog_test_run_syscall+0x311/0x490 net/bpf/test_run.c:1501
bpf_prog_test_run+0x321/0x390 kernel/bpf/syscall.c:4123
__sys_bpf+0x440/0x800 kernel/bpf/syscall.c:5485
__do_sys_bpf kernel/bpf/syscall.c:5571 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5569 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5569
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffcbd48ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000200000000440 RCX: 00007fe3a61486a9
RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000a
RBP: 00002000000000c0 R08: 0000000000000000 R09: 0000000000000000
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages