[moderation] [bpf?] [trace?] KCSAN: data-race in __perf_event_overflow / perf_event_attach_bpf_prog
6 views
Skip to first unread message
syzbot
Feb 15, 2025, 6:45:27 PM2/15/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 496659003dac Merge tag 'i2c-for-6.14-rc3' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10620898580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c8889d5a0d6060f3
dashboard link: https://syzkaller.appspot.com/bug?extid=4b33342ce006dc3459d8
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [and...@kernel.org a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net edd...@gmail.com hao...@google.com john.fa...@gmail.com jo...@kernel.org kps...@kernel.org linux-...@vger.kernel.org linux-tra...@vger.kernel.org marti...@linux.dev mathieu....@efficios.com mattbo...@google.com mhir...@kernel.org ros...@goodmis.org s...@fomichev.me so...@kernel.org yongho...@linux.dev]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a1f9c776cf71/disk-49665900.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0020d014b0f0/vmlinux-49665900.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1834a60b06c7/bzImage-49665900.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b3334...@syzkaller.appspotmail.com
netlink: 'syz.1.5971': attribute type 13 has an invalid length.
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
==================================================================
BUG: KCSAN: data-race in __perf_event_overflow / perf_event_attach_bpf_prog
write to 0xffff8881191366d0 of 8 bytes by task 19809 on cpu 0:
perf_event_attach_bpf_prog+0x138/0x1d0 kernel/trace/bpf_trace.c:2235
perf_event_set_bpf_prog+0x469/0x490 kernel/events/core.c:10829
bpf_perf_link_attach+0x185/0x260 kernel/bpf/syscall.c:3907
link_create+0x3eb/0x660
__sys_bpf+0x430/0x7a0 kernel/bpf/syscall.c:5864
__do_sys_bpf kernel/bpf/syscall.c:5901 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5899 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5899
x64_sys_call+0x2914/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff8881191366d0 of 8 bytes by task 19801 on cpu 1:
__perf_event_overflow+0xe0/0x6f0 kernel/events/core.c:9912
perf_swevent_overflow kernel/events/core.c:10045 [inline]
perf_swevent_event+0x3f8/0x4a0 kernel/events/core.c:10083
perf_tp_event+0x2de/0xa00 kernel/events/core.c:10590
perf_trace_run_bpf_submit+0xb0/0x110 kernel/events/core.c:10514
do_perf_trace_kmalloc include/trace/events/kmem.h:54 [inline]
perf_trace_kmalloc+0xe2/0x110 include/trace/events/kmem.h:54
__do_trace_kmalloc include/trace/events/kmem.h:54 [inline]
trace_kmalloc include/trace/events/kmem.h:54 [inline]
__kmalloc_cache_noprof+0x28c/0x320 mm/slub.c:4323
kmalloc_noprof include/linux/slab.h:901 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
ref_tracker_alloc+0xe3/0x2f0 lib/ref_tracker.c:203
__netns_tracker_alloc include/net/net_namespace.h:343 [inline]
netns_tracker_alloc include/net/net_namespace.h:352 [inline]
nf_nat_masq_schedule+0x209/0x360 net/netfilter/nf_nat_masquerade.c:126
masq_inet6_event+0xac/0xe0 net/netfilter/nf_nat_masquerade.c:295
notifier_call_chain kernel/notifier.c:85 [inline]
atomic_notifier_call_chain+0x76/0x1d0 kernel/notifier.c:223
inet6addr_notifier_call_chain+0x24/0x30 net/ipv6/addrconf_core.c:109
addrconf_ifdown+0x901/0xed0 net/ipv6/addrconf.c:3974
addrconf_notify+0x2ff/0x950
notifier_call_chain kernel/notifier.c:85 [inline]
raw_notifier_call_chain+0x6f/0x1d0 kernel/notifier.c:453
call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:2141
__dev_notify_flags+0xff/0x1a0
dev_change_flags+0xab/0xd0 net/core/dev.c:9249
do_setlink+0x7a1/0x2370 net/core/rtnetlink.c:3118
rtnl_group_changelink net/core/rtnetlink.c:3747 [inline]
__rtnl_newlink net/core/rtnetlink.c:3894 [inline]
rtnl_newlink+0xcf9/0x1250 net/core/rtnetlink.c:4022
rtnetlink_rcv_msg+0x651/0x710 net/core/rtnetlink.c:6912
netlink_rcv_skb+0x12c/0x230 net/netlink/af_netlink.c:2543
rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6939
netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
netlink_unicast+0x599/0x670 net/netlink/af_netlink.c:1348
netlink_sendmsg+0x5cc/0x6e0 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg+0x140/0x180 net/socket.c:733
____sys_sendmsg+0x326/0x4b0 net/socket.c:2573
___sys_sendmsg net/socket.c:2627 [inline]
__sys_sendmsg+0x19d/0x230 net/socket.c:2659
__do_sys_sendmsg net/socket.c:2664 [inline]
__se_sys_sendmsg net/socket.c:2662 [inline]
__x64_sys_sendmsg+0x46/0x50 net/socket.c:2662
x64_sys_call+0x2734/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000000000000 -> 0xffffc900018d3000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 19801 Comm: syz.1.5971 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
==================================================================
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 496659003dac Merge tag 'i2c-for-6.14-rc3' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10620898580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c8889d5a0d6060f3
dashboard link: https://syzkaller.appspot.com/bug?extid=4b33342ce006dc3459d8
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [and...@kernel.org a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net edd...@gmail.com hao...@google.com john.fa...@gmail.com jo...@kernel.org kps...@kernel.org linux-...@vger.kernel.org linux-tra...@vger.kernel.org marti...@linux.dev mathieu....@efficios.com mattbo...@google.com mhir...@kernel.org ros...@goodmis.org s...@fomichev.me so...@kernel.org yongho...@linux.dev]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a1f9c776cf71/disk-49665900.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0020d014b0f0/vmlinux-49665900.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1834a60b06c7/bzImage-49665900.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b3334...@syzkaller.appspotmail.com
netlink: 'syz.1.5971': attribute type 13 has an invalid length.
bridge0: port 2(bridge_slave_1) entered disabled state
bridge0: port 1(bridge_slave_0) entered disabled state
==================================================================
BUG: KCSAN: data-race in __perf_event_overflow / perf_event_attach_bpf_prog
write to 0xffff8881191366d0 of 8 bytes by task 19809 on cpu 0:
perf_event_attach_bpf_prog+0x138/0x1d0 kernel/trace/bpf_trace.c:2235
perf_event_set_bpf_prog+0x469/0x490 kernel/events/core.c:10829
bpf_perf_link_attach+0x185/0x260 kernel/bpf/syscall.c:3907
link_create+0x3eb/0x660
__sys_bpf+0x430/0x7a0 kernel/bpf/syscall.c:5864
__do_sys_bpf kernel/bpf/syscall.c:5901 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5899 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5899
x64_sys_call+0x2914/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff8881191366d0 of 8 bytes by task 19801 on cpu 1:
__perf_event_overflow+0xe0/0x6f0 kernel/events/core.c:9912
perf_swevent_overflow kernel/events/core.c:10045 [inline]
perf_swevent_event+0x3f8/0x4a0 kernel/events/core.c:10083
perf_tp_event+0x2de/0xa00 kernel/events/core.c:10590
perf_trace_run_bpf_submit+0xb0/0x110 kernel/events/core.c:10514
do_perf_trace_kmalloc include/trace/events/kmem.h:54 [inline]
perf_trace_kmalloc+0xe2/0x110 include/trace/events/kmem.h:54
__do_trace_kmalloc include/trace/events/kmem.h:54 [inline]
trace_kmalloc include/trace/events/kmem.h:54 [inline]
__kmalloc_cache_noprof+0x28c/0x320 mm/slub.c:4323
kmalloc_noprof include/linux/slab.h:901 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
ref_tracker_alloc+0xe3/0x2f0 lib/ref_tracker.c:203
__netns_tracker_alloc include/net/net_namespace.h:343 [inline]
netns_tracker_alloc include/net/net_namespace.h:352 [inline]
nf_nat_masq_schedule+0x209/0x360 net/netfilter/nf_nat_masquerade.c:126
masq_inet6_event+0xac/0xe0 net/netfilter/nf_nat_masquerade.c:295
notifier_call_chain kernel/notifier.c:85 [inline]
atomic_notifier_call_chain+0x76/0x1d0 kernel/notifier.c:223
inet6addr_notifier_call_chain+0x24/0x30 net/ipv6/addrconf_core.c:109
addrconf_ifdown+0x901/0xed0 net/ipv6/addrconf.c:3974
addrconf_notify+0x2ff/0x950
notifier_call_chain kernel/notifier.c:85 [inline]
raw_notifier_call_chain+0x6f/0x1d0 kernel/notifier.c:453
call_netdevice_notifiers_info+0xae/0x100 net/core/dev.c:2141
__dev_notify_flags+0xff/0x1a0
dev_change_flags+0xab/0xd0 net/core/dev.c:9249
do_setlink+0x7a1/0x2370 net/core/rtnetlink.c:3118
rtnl_group_changelink net/core/rtnetlink.c:3747 [inline]
__rtnl_newlink net/core/rtnetlink.c:3894 [inline]
rtnl_newlink+0xcf9/0x1250 net/core/rtnetlink.c:4022
rtnetlink_rcv_msg+0x651/0x710 net/core/rtnetlink.c:6912
netlink_rcv_skb+0x12c/0x230 net/netlink/af_netlink.c:2543
rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6939
netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
netlink_unicast+0x599/0x670 net/netlink/af_netlink.c:1348
netlink_sendmsg+0x5cc/0x6e0 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg+0x140/0x180 net/socket.c:733
____sys_sendmsg+0x326/0x4b0 net/socket.c:2573
___sys_sendmsg net/socket.c:2627 [inline]
__sys_sendmsg+0x19d/0x230 net/socket.c:2659
__do_sys_sendmsg net/socket.c:2664 [inline]
__se_sys_sendmsg net/socket.c:2662 [inline]
__x64_sys_sendmsg+0x46/0x50 net/socket.c:2662
x64_sys_call+0x2734/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000000000000 -> 0xffffc900018d3000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 19801 Comm: syz.1.5971 Not tainted 6.14.0-rc2-syzkaller-00281-g496659003dac #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
==================================================================
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 12, 2025, 7:45:21 PM4/12/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages