syzbot


KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update (2)

Status: fixed on 2023/10/12 12:48
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+97522333291430dd277f@syzkaller.appspotmail.com
Fix commit: 6a86b5b5cd76 bpf: Annotate bpf_long_memcpy with data_race
First crash: 238d, last: 238d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 6.1 4/6] bpf: Annotate bpf_long_memcpy with data_race 1 (1) 2023/09/14 01:55
[PATCH AUTOSEL 6.5 4/7] bpf: Annotate bpf_long_memcpy with data_race 1 (1) 2023/09/14 01:54
[PATCH bpf] bpf: Annotate bpf_long_memcpy with data_race 4 (4) 2023/08/31 20:35
[syzbot] [bpf?] KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update (2) 5 (6) 2023/08/29 20:54
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update bpf 1 777d 777d 0/26 auto-closed as invalid on 2022/04/12 04:08

Sample crash report:
==================================================================
BUG: KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update

write to 0xffffe8fffe7425d8 of 8 bytes by task 8257 on cpu 1:
 bpf_long_memcpy include/linux/bpf.h:428 [inline]
 bpf_obj_memcpy include/linux/bpf.h:441 [inline]
 copy_map_value_long include/linux/bpf.h:464 [inline]
 bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380
 bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175
 generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749
 bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648
 __sys_bpf+0x28a/0x780
 __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

write to 0xffffe8fffe7425d8 of 8 bytes by task 8268 on cpu 0:
 bpf_long_memcpy include/linux/bpf.h:428 [inline]
 bpf_obj_memcpy include/linux/bpf.h:441 [inline]
 copy_map_value_long include/linux/bpf.h:464 [inline]
 bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380
 bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175
 generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749
 bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648
 __sys_bpf+0x28a/0x780
 __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x0000000000000000 -> 0xfffffff000002788

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8268 Comm: syz-executor.4 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/29 01:35 upstream 727dbda16b83 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update
* Struck through repros no longer work on HEAD.