syzbot

 sign-in | mailing list | source | docs
🐞 Open [1002] Subsystems 🐞 Fixed [5246] 🐞 Invalid [12540] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __change_pid / perf_event_switch_output

Status: moderation: reported on 2024/03/30 07:21
Subsystems: perf
[Documentation on labels]
Reported-by: syzbot+959f51db27ec603530fc@syzkaller.appspotmail.com
First crash: 31d, last: 31d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __change_pid / perf_event_switch_output

write to 0xffff88811715d860 of 8 bytes by task 3422 on cpu 1:
 __change_pid+0xe9/0x1c0 kernel/pid.c:356
 detach_pid+0x1c/0x30 kernel/pid.c:372
 __unhash_process kernel/exit.c:130 [inline]
 __exit_signal kernel/exit.c:202 [inline]
 release_task+0x6c3/0xc30 kernel/exit.c:259
 wait_task_zombie kernel/exit.c:1189 [inline]
 wait_consider_task+0x116b/0x1670 kernel/exit.c:1416
 do_wait_pid kernel/exit.c:1555 [inline]
 __do_wait+0x330/0x500 kernel/exit.c:1590
 do_wait+0x12d/0x270 kernel/exit.c:1631
 kernel_wait+0x52/0xc0 kernel/exit.c:1807
 call_usermodehelper_exec_sync kernel/umh.c:137 [inline]
 call_usermodehelper_exec_work+0x9c/0x150 kernel/umh.c:164
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335
 worker_thread+0x526/0x730 kernel/workqueue.c:3416
 kthread+0x1d1/0x210 kernel/kthread.c:388
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243

read to 0xffff88811715d860 of 8 bytes by task 10503 on cpu 0:
 pid_alive include/linux/pid.h:263 [inline]
 perf_event_pid_type kernel/events/core.c:1334 [inline]
 perf_event_tid kernel/events/core.c:1346 [inline]
 perf_event_switch_output+0x228/0x390 kernel/events/core.c:9052
 perf_iterate_sb_cpu kernel/events/core.c:7992 [inline]
 perf_iterate_sb+0x34b/0x640 kernel/events/core.c:8021
 perf_event_switch kernel/events/core.c:9097 [inline]
 __perf_event_task_sched_in+0x789/0x7f0 kernel/events/core.c:4015
 perf_event_task_sched_in include/linux/perf_event.h:1484 [inline]
 finish_task_switch+0x218/0x2b0 kernel/sched/core.c:5278
 context_switch kernel/sched/core.c:5412 [inline]
 __schedule+0x5e8/0x940 kernel/sched/core.c:6746
 preempt_schedule_common kernel/sched/core.c:6925 [inline]
 __cond_resched+0x28/0x50 kernel/sched/core.c:8590
 might_resched include/linux/kernel.h:73 [inline]
 vfree+0x6b/0x390 mm/vmalloc.c:3301
 bpf_prog_calc_tag+0x37a/0x3b0 kernel/bpf/core.c:357
 resolve_pseudo_ldimm64+0x53/0xcb0 kernel/bpf/verifier.c:18211
 bpf_check+0x28d4/0x9a30 kernel/bpf/verifier.c:21260
 bpf_prog_load+0xed4/0x1060 kernel/bpf/syscall.c:2895
 __sys_bpf+0x463/0x7a0 kernel/bpf/syscall.c:5631
 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5736
 do_syscall_64+0xd3/0x1d0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

value changed: 0xffff888116acf480 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10503 Comm: syz-executor.2 Tainted: G        W          6.9.0-rc1-syzkaller-00206-g4535e1a4174c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/30 07:20 upstream 4535e1a4174c 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __change_pid / perf_event_switch_output
* Struck through repros no longer work on HEAD.