Hello,
syzbot found the following issue on:
HEAD commit: 4535e1a4174c x86/bugs: Fix the SRSO mitigation on Zen3/4
git tree: upstream
console output:
https://syzkaller.appspot.com/x/log.txt?x=1583db95180000
kernel config:
https://syzkaller.appspot.com/x/.config?x=aa27611f143168c9
dashboard link:
https://syzkaller.appspot.com/bug?extid=959f51db27ec603530fc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [
ac...@kernel.org adrian...@intel.com alexander...@linux.intel.com iro...@google.com jo...@kernel.org linux-...@vger.kernel.org linux-pe...@vger.kernel.org mark.r...@arm.com mi...@redhat.com namh...@kernel.org pet...@infradead.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/a2a278a8c64b/disk-4535e1a4.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/281650213121/vmlinux-4535e1a4.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/2498c83ebc58/bzImage-4535e1a4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+959f51...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __change_pid / perf_event_switch_output
write to 0xffff88811715d860 of 8 bytes by task 3422 on cpu 1:
__change_pid+0xe9/0x1c0 kernel/pid.c:356
detach_pid+0x1c/0x30 kernel/pid.c:372
__unhash_process kernel/exit.c:130 [inline]
__exit_signal kernel/exit.c:202 [inline]
release_task+0x6c3/0xc30 kernel/exit.c:259
wait_task_zombie kernel/exit.c:1189 [inline]
wait_consider_task+0x116b/0x1670 kernel/exit.c:1416
do_wait_pid kernel/exit.c:1555 [inline]
__do_wait+0x330/0x500 kernel/exit.c:1590
do_wait+0x12d/0x270 kernel/exit.c:1631
kernel_wait+0x52/0xc0 kernel/exit.c:1807
call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
call_usermodehelper_exec_work+0x9c/0x150 kernel/umh.c:164
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335
worker_thread+0x526/0x730 kernel/workqueue.c:3416
kthread+0x1d1/0x210 kernel/kthread.c:388
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
read to 0xffff88811715d860 of 8 bytes by task 10503 on cpu 0:
pid_alive include/linux/pid.h:263 [inline]
perf_event_pid_type kernel/events/core.c:1334 [inline]
perf_event_tid kernel/events/core.c:1346 [inline]
perf_event_switch_output+0x228/0x390 kernel/events/core.c:9052
perf_iterate_sb_cpu kernel/events/core.c:7992 [inline]
perf_iterate_sb+0x34b/0x640 kernel/events/core.c:8021
perf_event_switch kernel/events/core.c:9097 [inline]
__perf_event_task_sched_in+0x789/0x7f0 kernel/events/core.c:4015
perf_event_task_sched_in include/linux/perf_event.h:1484 [inline]
finish_task_switch+0x218/0x2b0 kernel/sched/core.c:5278
context_switch kernel/sched/core.c:5412 [inline]
__schedule+0x5e8/0x940 kernel/sched/core.c:6746
preempt_schedule_common kernel/sched/core.c:6925 [inline]
__cond_resched+0x28/0x50 kernel/sched/core.c:8590
might_resched include/linux/kernel.h:73 [inline]
vfree+0x6b/0x390 mm/vmalloc.c:3301
bpf_prog_calc_tag+0x37a/0x3b0 kernel/bpf/core.c:357
resolve_pseudo_ldimm64+0x53/0xcb0 kernel/bpf/verifier.c:18211
bpf_check+0x28d4/0x9a30 kernel/bpf/verifier.c:21260
bpf_prog_load+0xed4/0x1060 kernel/bpf/syscall.c:2895
__sys_bpf+0x463/0x7a0 kernel/bpf/syscall.c:5631
__do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5736
do_syscall_64+0xd3/0x1d0
entry_SYSCALL_64_after_hwframe+0x72/0x7a
value changed: 0xffff888116acf480 -> 0x0000000000000000
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10503 Comm: syz-executor.2 Tainted: G W 6.9.0-rc1-syzkaller-00206-g4535e1a4174c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup