From: syzbot <syzbot+72a43cdb78469f7fbad1@syzkaller.appspotmail.com>
To: acme@kernel.org, adrian.hunter@intel.com,
alexander.shishkin@linux.intel.com, irogers@google.com,
jolsa@kernel.org, linux-kernel@vger.kernel.org,
linux-perf-users@vger.kernel.org, mark.rutland@arm.com,
mingo@redhat.com, namhyung@kernel.org, peterz@infradead.org,
syzkaller-bugs@googlegroups.com, wangqing7171@gmail.com
Subject: Re: [syzbot] [perf?] WARNING: suspicious RCU usage in get_callchain_entry
Date: Tue, 27 Jan 2026 20:26:02 -0800 [thread overview]
Message-ID: <69798fda.050a0220.c9109.0033.GAE@google.com> (raw)
In-Reply-To: <20260128035241.1839686-1-wangqing7171@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: sleeping function called from invalid context in bpf_prog_test_run_syscall
BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:201
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 6641, name: syz.0.17
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
1 lock held by syz.0.17/6641:
#0: ffffffff8dbc77c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8dbc77c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8dbc77c0 (rcu_read_lock){....}-{1:3}, at: __bpf_get_stack+0x269/0xab0 kernel/bpf/stackmap.c:463
CPU: 1 UID: 0 PID: 6641 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
__might_resched+0x329/0x480 kernel/sched/core.c:8829
__might_fault+0x76/0x130 mm/memory.c:7175
_inline_copy_to_user include/linux/uaccess.h:201 [inline]
_copy_to_user+0x2c/0xb0 lib/usercopy.c:26
copy_to_user include/linux/uaccess.h:236 [inline]
bpf_prog_test_run_syscall+0x337/0x4c0 net/bpf/test_run.c:1642
bpf_prog_test_run+0x2cd/0x340 kernel/bpf/syscall.c:4703
__sys_bpf+0x5cb/0x920 kernel/bpf/syscall.c:6182
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efdae6faeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007efdadd5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007efdae975fa0 RCX: 00007efdae6faeb9
RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a
RBP: 00007efdae768c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007efdae976038 R14: 00007efdae975fa0 R15: 00007fffcdbbfb78
</TASK>
=============================
[ BUG: Invalid wait context ]
syzkaller #0 Tainted: G W
-----------------------------
syz.0.17/6641 is trying to lock:
ffff88803daa5cf0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130 mm/memory.c:7177
other info that might help us debug this:
context-{5:5}
1 lock held by syz.0.17/6641:
#0: ffffffff8dbc77c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#0: ffffffff8dbc77c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#0: ffffffff8dbc77c0 (rcu_read_lock){....}-{1:3}, at: __bpf_get_stack+0x269/0xab0 kernel/bpf/stackmap.c:463
stack backtrace:
CPU: 1 UID: 0 PID: 6641 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)}
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline]
check_wait_context kernel/locking/lockdep.c:4902 [inline]
__lock_acquire+0xec1/0x2cf0 kernel/locking/lockdep.c:5187
lock_acquire+0x106/0x330 kernel/locking/lockdep.c:5868
__might_fault+0xcb/0x130 mm/memory.c:7177
_inline_copy_to_user include/linux/uaccess.h:201 [inline]
_copy_to_user+0x2c/0xb0 lib/usercopy.c:26
copy_to_user include/linux/uaccess.h:236 [inline]
bpf_prog_test_run_syscall+0x337/0x4c0 net/bpf/test_run.c:1642
bpf_prog_test_run+0x2cd/0x340 kernel/bpf/syscall.c:4703
__sys_bpf+0x5cb/0x920 kernel/bpf/syscall.c:6182
__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7efdae6faeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007efdadd5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007efdae975fa0 RCX: 00007efdae6faeb9
RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a
RBP: 00007efdae768c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007efdae976038 R14: 00007efdae975fa0 R15: 00007fffcdbbfb78
</TASK>
Tested on:
commit: 1f97d9dc Merge tag 'vfio-v6.19-rc8' of https://github...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1573a6ef980000
kernel config: https://syzkaller.appspot.com/x/.config?x=151a39927f1e10b4
dashboard link: https://syzkaller.appspot.com/bug?extid=72a43cdb78469f7fbad1
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=14eb785a580000
next prev parent reply other threads:[~2026-01-28 4:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-30 10:49 [syzbot] [perf?] WARNING: suspicious RCU usage in get_callchain_entry syzbot
2026-01-28 3:52 ` Qing Wang
2026-01-28 4:26 ` syzbot [this message]
2026-01-28 3:55 ` Qing Wang
2026-01-28 4:50 ` syzbot
2026-01-28 8:52 ` Peter Zijlstra
2026-01-28 9:15 ` Qing Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69798fda.050a0220.c9109.0033.GAE@google.com \
--to=syzbot+72a43cdb78469f7fbad1@syzkaller.appspotmail.com \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=irogers@google.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=wangqing7171@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.