[moderation] [trace?] [bpf?] KCSAN: data-race in __perf_event_overflow / perf_event_attach_bpf_prog (2)
0 views
Skip to first unread message
syzbot
12:10 AM (15 hours ago) 12:10 AM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 97313d6113ab Merge tag 'iommu-fixes-v6.19-rc4' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12c67f92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c160236e1ef1e401
dashboard link: https://syzkaller.appspot.com/bug?extid=42ab71a59b6d956a1ef7
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [and...@kernel.org a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net edd...@gmail.com hao...@google.com john.fa...@gmail.com jo...@kernel.org kps...@kernel.org linux-...@vger.kernel.org linux-tra...@vger.kernel.org marti...@linux.dev mathieu....@efficios.com mattbo...@google.com mhir...@kernel.org ros...@goodmis.org s...@fomichev.me so...@kernel.org yongho...@linux.dev]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1fd1a3060ea9/disk-97313d61.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7f7fc0d9ee48/vmlinux-97313d61.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5b1f7889043/bzImage-97313d61.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42ab71...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __perf_event_overflow / perf_event_attach_bpf_prog
write to 0xffff88811ae674e8 of 8 bytes by task 18281 on cpu 1:
perf_event_attach_bpf_prog+0x138/0x1d0 kernel/trace/bpf_trace.c:1940
__perf_event_set_bpf_prog+0x44c/0x470 kernel/events/core.c:11328
_perf_ioctl kernel/events/core.c:6376 [inline]
perf_ioctl+0x717/0x12e0 kernel/events/core.c:6436
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
__x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88811ae674e8 of 8 bytes by task 18249 on cpu 0:
__perf_event_overflow+0x252/0x910 kernel/events/core.c:10401
perf_swevent_overflow kernel/events/core.c:10536 [inline]
perf_swevent_event+0x39e/0x450 kernel/events/core.c:10574
perf_tp_event+0x2ec/0x9f0 kernel/events/core.c:11081
perf_trace_run_bpf_submit+0xac/0x110 kernel/events/core.c:11005
do_perf_trace_kmalloc include/trace/events/kmem.h:57 [inline]
perf_trace_kmalloc+0xe1/0x110 include/trace/events/kmem.h:57
__do_trace_kmalloc include/trace/events/kmem.h:57 [inline]
trace_kmalloc include/trace/events/kmem.h:57 [inline]
__do_kmalloc_node mm/slub.c:5658 [inline]
__kmalloc_noprof+0x4bf/0x5a0 mm/slub.c:5669
kmalloc_noprof include/linux/slab.h:961 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hash_ipmark4_add+0xd5c/0xff0 net/netfilter/ipset/ip_set_hash_gen.h:950
hash_ipmark4_uadt+0x48b/0x550 net/netfilter/ipset/ip_set_hash_ipmark.c:159
call_ad+0x231/0x630 net/netfilter/ipset/ip_set_core.c:1751
ip_set_ad+0x5c0/0x690 net/netfilter/ipset/ip_set_core.c:1841
ip_set_uadd+0x41/0x50 net/netfilter/ipset/ip_set_core.c:1864
nfnetlink_rcv_msg+0x4c6/0x590 net/netfilter/nfnetlink.c:302
netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2550
nfnetlink_rcv+0x167/0x16c0 net/netfilter/nfnetlink.c:669
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg+0x145/0x180 net/socket.c:742
____sys_sendmsg+0x31e/0x4a0 net/socket.c:2592
___sys_sendmsg+0x17b/0x1d0 net/socket.c:2646
__sys_sendmsg net/socket.c:2678 [inline]
__do_sys_sendmsg net/socket.c:2683 [inline]
__se_sys_sendmsg net/socket.c:2681 [inline]
__x64_sys_sendmsg+0xd4/0x160 net/socket.c:2681
x64_sys_call+0x17ba/0x3000 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000000000000 -> 0xffffc900045bd000
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 18249 Comm: syz.1.4737 Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
Set syz1 is full, maxelem 65536 reached
syz.1.4737 (18249) used greatest stack depth: 8184 bytes left
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 97313d6113ab Merge tag 'iommu-fixes-v6.19-rc4' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12c67f92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c160236e1ef1e401
dashboard link: https://syzkaller.appspot.com/bug?extid=42ab71a59b6d956a1ef7
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [and...@kernel.org a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net edd...@gmail.com hao...@google.com john.fa...@gmail.com jo...@kernel.org kps...@kernel.org linux-...@vger.kernel.org linux-tra...@vger.kernel.org marti...@linux.dev mathieu....@efficios.com mattbo...@google.com mhir...@kernel.org ros...@goodmis.org s...@fomichev.me so...@kernel.org yongho...@linux.dev]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1fd1a3060ea9/disk-97313d61.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7f7fc0d9ee48/vmlinux-97313d61.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e5b1f7889043/bzImage-97313d61.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+42ab71...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __perf_event_overflow / perf_event_attach_bpf_prog
write to 0xffff88811ae674e8 of 8 bytes by task 18281 on cpu 1:
perf_event_attach_bpf_prog+0x138/0x1d0 kernel/trace/bpf_trace.c:1940
__perf_event_set_bpf_prog+0x44c/0x470 kernel/events/core.c:11328
_perf_ioctl kernel/events/core.c:6376 [inline]
perf_ioctl+0x717/0x12e0 kernel/events/core.c:6436
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
__x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88811ae674e8 of 8 bytes by task 18249 on cpu 0:
__perf_event_overflow+0x252/0x910 kernel/events/core.c:10401
perf_swevent_overflow kernel/events/core.c:10536 [inline]
perf_swevent_event+0x39e/0x450 kernel/events/core.c:10574
perf_tp_event+0x2ec/0x9f0 kernel/events/core.c:11081
perf_trace_run_bpf_submit+0xac/0x110 kernel/events/core.c:11005
do_perf_trace_kmalloc include/trace/events/kmem.h:57 [inline]
perf_trace_kmalloc+0xe1/0x110 include/trace/events/kmem.h:57
__do_trace_kmalloc include/trace/events/kmem.h:57 [inline]
trace_kmalloc include/trace/events/kmem.h:57 [inline]
__do_kmalloc_node mm/slub.c:5658 [inline]
__kmalloc_noprof+0x4bf/0x5a0 mm/slub.c:5669
kmalloc_noprof include/linux/slab.h:961 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hash_ipmark4_add+0xd5c/0xff0 net/netfilter/ipset/ip_set_hash_gen.h:950
hash_ipmark4_uadt+0x48b/0x550 net/netfilter/ipset/ip_set_hash_ipmark.c:159
call_ad+0x231/0x630 net/netfilter/ipset/ip_set_core.c:1751
ip_set_ad+0x5c0/0x690 net/netfilter/ipset/ip_set_core.c:1841
ip_set_uadd+0x41/0x50 net/netfilter/ipset/ip_set_core.c:1864
nfnetlink_rcv_msg+0x4c6/0x590 net/netfilter/nfnetlink.c:302
netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2550
nfnetlink_rcv+0x167/0x16c0 net/netfilter/nfnetlink.c:669
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg+0x145/0x180 net/socket.c:742
____sys_sendmsg+0x31e/0x4a0 net/socket.c:2592
___sys_sendmsg+0x17b/0x1d0 net/socket.c:2646
__sys_sendmsg net/socket.c:2678 [inline]
__do_sys_sendmsg net/socket.c:2683 [inline]
__se_sys_sendmsg net/socket.c:2681 [inline]
__x64_sys_sendmsg+0xd4/0x160 net/socket.c:2681
x64_sys_call+0x17ba/0x3000 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000000000000 -> 0xffffc900045bd000
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 18249 Comm: syz.1.4737 Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
Set syz1 is full, maxelem 65536 reached
syz.1.4737 (18249) used greatest stack depth: 8184 bytes left
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages