[moderation] [bpf?] KCSAN: data-race in bpf_obj_memcpy / copy_map_value
1 view
Skip to first unread message
syzbot
5:53 AM (8 hours ago) 5:53 AM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d12453c7e281 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1360db9a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=676c6f0212d0c041
dashboard link: https://syzkaller.appspot.com/bug?extid=2c785a41be7897a5f10c
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [and...@kernel.org a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net edd...@gmail.com hao...@google.com john.fa...@gmail.com jo...@kernel.org kps...@kernel.org linux-...@vger.kernel.org marti...@linux.dev s...@fomichev.me so...@kernel.org yongho...@linux.dev]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9b7ff9fa464d/disk-d12453c7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/601cb6607d0e/vmlinux-d12453c7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7c30afd57721/bzImage-d12453c7.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2c785a...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in bpf_obj_memcpy / copy_map_value
write to 0xffff8881217cb5e0 of 1389 bytes by task 6903 on cpu 0:
bpf_obj_memcpy+0x13c/0x1a0 include/linux/bpf.h:-1
copy_map_value include/linux/bpf.h:556 [inline]
htab_lru_map_update_elem+0x17c/0x700 kernel/bpf/hashtab.c:1218
bpf_map_update_value+0x4f3/0x570 kernel/bpf/syscall.c:294
generic_map_update_batch+0x3eb/0x540 kernel/bpf/syscall.c:2038
bpf_map_do_batch+0x25c/0x380 kernel/bpf/syscall.c:5647
__sys_bpf+0x5f8/0x7b0 kernel/bpf/syscall.c:-1
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff8881217cb5e0 of 1389 bytes by task 6888 on cpu 1:
bpf_obj_memcpy include/linux/bpf.h:-1 [inline]
copy_map_value+0x128/0x140 include/linux/bpf.h:556
bpf_map_copy_value+0x495/0x510 kernel/bpf/syscall.c:353
map_lookup_elem+0x426/0x560 kernel/bpf/syscall.c:1760
__sys_bpf+0x3b9/0x7b0 kernel/bpf/syscall.c:6149
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 6888 Comm: syz.4.855 Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d12453c7e281 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1360db9a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=676c6f0212d0c041
dashboard link: https://syzkaller.appspot.com/bug?extid=2c785a41be7897a5f10c
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [and...@kernel.org a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net edd...@gmail.com hao...@google.com john.fa...@gmail.com jo...@kernel.org kps...@kernel.org linux-...@vger.kernel.org marti...@linux.dev s...@fomichev.me so...@kernel.org yongho...@linux.dev]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9b7ff9fa464d/disk-d12453c7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/601cb6607d0e/vmlinux-d12453c7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7c30afd57721/bzImage-d12453c7.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2c785a...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in bpf_obj_memcpy / copy_map_value
write to 0xffff8881217cb5e0 of 1389 bytes by task 6903 on cpu 0:
bpf_obj_memcpy+0x13c/0x1a0 include/linux/bpf.h:-1
copy_map_value include/linux/bpf.h:556 [inline]
htab_lru_map_update_elem+0x17c/0x700 kernel/bpf/hashtab.c:1218
bpf_map_update_value+0x4f3/0x570 kernel/bpf/syscall.c:294
generic_map_update_batch+0x3eb/0x540 kernel/bpf/syscall.c:2038
bpf_map_do_batch+0x25c/0x380 kernel/bpf/syscall.c:5647
__sys_bpf+0x5f8/0x7b0 kernel/bpf/syscall.c:-1
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff8881217cb5e0 of 1389 bytes by task 6888 on cpu 1:
bpf_obj_memcpy include/linux/bpf.h:-1 [inline]
copy_map_value+0x128/0x140 include/linux/bpf.h:556
bpf_map_copy_value+0x495/0x510 kernel/bpf/syscall.c:353
map_lookup_elem+0x426/0x560 kernel/bpf/syscall.c:1760
__sys_bpf+0x3b9/0x7b0 kernel/bpf/syscall.c:6149
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6272
x64_sys_call+0x28e1/0x3000 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 6888 Comm: syz.4.855 Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages