ness Issues:** - Perf events collecting callchains will have **incorrect/garbage data** when profiling workloads using io_uring - This affects production systems using io_uring with performance profiling **2. Performance Impact:** - Unnecessary CPU cycles wasted attempting to unwind non-existent user stacks - Could be significant in workloads with heavy io_uring usage and perf sampling **3. Potential Stability Issues:** - Attempting to walk a non-existent user stack could access invalid memory - Architecture-specific `perf_callchain_user()` implementations may not handle this gracefully - While no explicit crash reports are in the commit, the potential exists **4. Affected Systems:** - Any system using io_uring + perf profiling (common in modern high- performance applications) - Affects all architectures that support perf callchain unwinding #### Why This Should Be Backported ✅ **Fixes important bug**: Corrects fundamental logic error in determining user vs kernel threads ✅ **Small and contained**: Only adds a single condition check - 2 lines changed in kernel/events/core.c:8195-8196 ✅ **Minimal regression risk**: The check is conservative - it only prevents incorrect behavior, doesn't change valid cases ✅ **Affects real workloads**: io_uring is widely used in databases, web servers, and high-performance applications ✅ **Part of coordinated fix series**: Works together with commit 90942f9fac057 that's likely already being backported ✅ **Follows stable rules**: - Important correctness fix - No architectural changes - Confined to perf subsystem - Low risk ✅ **No dependencies**: Clean application on top of existing code #### Evidence from Code Analysis Looking at kernel/events/core.c:8191-8209, the current code flow for a `PF_USER_WORKER` task: 1. `user = !event->attr.exclude_callchain_user` → likely true 2. `if (!current->mm)` → **false** for io_uring helpers (they have mm) 3. `user` remains true 4. Calls `get_perf_callchain(..., user=true, ...)` → **INCORRECT** After the fix: 1. `user = !event->attr.exclude_callchain_user && !(current->flags & PF_USER_WORKER)` → **correctly false** 2. Returns empty callchain or kernel-only callchain → **CORRECT** This is clearly a bug that needs fixing in stable kernels. kernel/events/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/events/core.c b/kernel/events/core.c index ea9ff856770be..6f01304a73f63 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -8192,7 +8192,8 @@ struct perf_callchain_entry * perf_callchain(struct perf_event *event, struct pt_regs *regs) { bool kernel = !event->attr.exclude_callchain_kernel; - bool user = !event->attr.exclude_callchain_user; + bool user = !event->attr.exclude_callchain_user && + !(current->flags & (PF_KTHREAD | PF_USER_WORKER)); /* Disallow cross-task user callchains. */ bool crosstask = event->ctx->task && event->ctx->task != current; const u32 max_stack = event->attr.sample_max_stack; -- 2.51.0[PATCH AUTOSEL 6.17-6.6] perf: Skip user unwind if the task is a kernel threadSasha Levin undefinedpatches@lists.linux.dev, stable@vger.kernel.org undefined undefined undefined undefined undefined undefined undefined undefined undefined undefinedÇ1ƒ„V