KCSAN: data-race in internal_add_timer / update_process_times
6 views
Skip to first unread message
syzbot
Sep 3, 2021, 4:29:19 PM9/3/21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7ba88a2a09f4 Merge tag 'platform-drivers-x86-v5.15-1' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1414960b300000
kernel config: https://syzkaller.appspot.com/x/.config?x=dca700486d55bf7d
dashboard link: https://syzkaller.appspot.com/bug?extid=809a807a59ccfea577bb
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1
CC: [john....@linaro.org linux-...@vger.kernel.org sb...@kernel.org tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+809a80...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in internal_add_timer / update_process_times
write to 0xffff888237c176d8 of 8 bytes by interrupt on cpu 1:
enqueue_timer kernel/time/timer.c:598 [inline]
internal_add_timer+0x146/0x270 kernel/time/timer.c:611
add_timer_on+0x262/0x2a0 kernel/time/timer.c:1182
clocksource_watchdog+0xa74/0xac0 kernel/time/clocksource.c:478
call_timer_fn+0x2e/0x1d0 kernel/time/timer.c:1421
expire_timers+0x135/0x240 kernel/time/timer.c:1466
__run_timers+0x358/0x420 kernel/time/timer.c:1734
run_timer_softirq+0x19/0x30 kernel/time/timer.c:1747
__do_softirq+0x12c/0x26e kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu kernel/softirq.c:636 [inline]
irq_exit_rcu+0x4e/0xa0 kernel/softirq.c:648
sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
acpi_safe_halt drivers/acpi/processor_idle.c:109 [inline]
acpi_idle_do_entry drivers/acpi/processor_idle.c:553 [inline]
acpi_idle_enter+0x258/0x2e0 drivers/acpi/processor_idle.c:688
cpuidle_enter_state+0x2b6/0x750 drivers/cpuidle/cpuidle.c:237
cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:351
call_cpuidle kernel/sched/idle.c:158 [inline]
cpuidle_idle_call kernel/sched/idle.c:239 [inline]
do_idle+0x1a3/0x240 kernel/sched/idle.c:306
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:403
secondary_startup_64_no_verify+0xb0/0xbb
read to 0xffff888237c176d8 of 8 bytes by interrupt on cpu 0:
run_local_timers kernel/time/timer.c:1761 [inline]
update_process_times+0x8c/0x150 kernel/time/timer.c:1784
tick_sched_handle kernel/time/tick-sched.c:226 [inline]
tick_sched_timer+0x191/0x210 kernel/time/tick-sched.c:1421
__run_hrtimer+0x160/0x480 kernel/time/hrtimer.c:1685
__hrtimer_run_queues kernel/time/hrtimer.c:1749 [inline]
hrtimer_interrupt+0x380/0xaf0 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
__sysvec_apic_timer_interrupt+0x6f/0x1c0 arch/x86/kernel/apic/apic.c:1103
sysvec_apic_timer_interrupt+0x64/0x80 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
acpi_safe_halt drivers/acpi/processor_idle.c:109 [inline]
acpi_idle_do_entry drivers/acpi/processor_idle.c:553 [inline]
acpi_idle_enter+0x258/0x2e0 drivers/acpi/processor_idle.c:688
cpuidle_enter_state+0x2b6/0x750 drivers/cpuidle/cpuidle.c:237
cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:351
call_cpuidle kernel/sched/idle.c:158 [inline]
cpuidle_idle_call kernel/sched/idle.c:239 [inline]
do_idle+0x1a3/0x240 kernel/sched/idle.c:306
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:403
rest_init+0xee/0x100 init/main.c:719
arch_call_rest_init+0xa/0xb
start_kernel+0x5ae/0x633 init/main.c:1125
secondary_startup_64_no_verify+0xb0/0xbb
value changed: 0x0000000100009480 -> 0x00000001000091e8
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
scsi_io_completion_action: 4 callbacks suppressed
sd 0:0:1:0: tag#2247 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#2247 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#2247 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#2247 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#2247 CDB[20]: ba
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 7ba88a2a09f4 Merge tag 'platform-drivers-x86-v5.15-1' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1414960b300000
kernel config: https://syzkaller.appspot.com/x/.config?x=dca700486d55bf7d
dashboard link: https://syzkaller.appspot.com/bug?extid=809a807a59ccfea577bb
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1
CC: [john....@linaro.org linux-...@vger.kernel.org sb...@kernel.org tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+809a80...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in internal_add_timer / update_process_times
write to 0xffff888237c176d8 of 8 bytes by interrupt on cpu 1:
enqueue_timer kernel/time/timer.c:598 [inline]
internal_add_timer+0x146/0x270 kernel/time/timer.c:611
add_timer_on+0x262/0x2a0 kernel/time/timer.c:1182
clocksource_watchdog+0xa74/0xac0 kernel/time/clocksource.c:478
call_timer_fn+0x2e/0x1d0 kernel/time/timer.c:1421
expire_timers+0x135/0x240 kernel/time/timer.c:1466
__run_timers+0x358/0x420 kernel/time/timer.c:1734
run_timer_softirq+0x19/0x30 kernel/time/timer.c:1747
__do_softirq+0x12c/0x26e kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu kernel/softirq.c:636 [inline]
irq_exit_rcu+0x4e/0xa0 kernel/softirq.c:648
sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
acpi_safe_halt drivers/acpi/processor_idle.c:109 [inline]
acpi_idle_do_entry drivers/acpi/processor_idle.c:553 [inline]
acpi_idle_enter+0x258/0x2e0 drivers/acpi/processor_idle.c:688
cpuidle_enter_state+0x2b6/0x750 drivers/cpuidle/cpuidle.c:237
cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:351
call_cpuidle kernel/sched/idle.c:158 [inline]
cpuidle_idle_call kernel/sched/idle.c:239 [inline]
do_idle+0x1a3/0x240 kernel/sched/idle.c:306
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:403
secondary_startup_64_no_verify+0xb0/0xbb
read to 0xffff888237c176d8 of 8 bytes by interrupt on cpu 0:
run_local_timers kernel/time/timer.c:1761 [inline]
update_process_times+0x8c/0x150 kernel/time/timer.c:1784
tick_sched_handle kernel/time/tick-sched.c:226 [inline]
tick_sched_timer+0x191/0x210 kernel/time/tick-sched.c:1421
__run_hrtimer+0x160/0x480 kernel/time/hrtimer.c:1685
__hrtimer_run_queues kernel/time/hrtimer.c:1749 [inline]
hrtimer_interrupt+0x380/0xaf0 kernel/time/hrtimer.c:1811
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
__sysvec_apic_timer_interrupt+0x6f/0x1c0 arch/x86/kernel/apic/apic.c:1103
sysvec_apic_timer_interrupt+0x64/0x80 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
acpi_safe_halt drivers/acpi/processor_idle.c:109 [inline]
acpi_idle_do_entry drivers/acpi/processor_idle.c:553 [inline]
acpi_idle_enter+0x258/0x2e0 drivers/acpi/processor_idle.c:688
cpuidle_enter_state+0x2b6/0x750 drivers/cpuidle/cpuidle.c:237
cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:351
call_cpuidle kernel/sched/idle.c:158 [inline]
cpuidle_idle_call kernel/sched/idle.c:239 [inline]
do_idle+0x1a3/0x240 kernel/sched/idle.c:306
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:403
rest_init+0xee/0x100 init/main.c:719
arch_call_rest_init+0xa/0xb
start_kernel+0x5ae/0x633 init/main.c:1125
secondary_startup_64_no_verify+0xb0/0xbb
value changed: 0x0000000100009480 -> 0x00000001000091e8
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
scsi_io_completion_action: 4 callbacks suppressed
sd 0:0:1:0: tag#2247 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#2247 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#2247 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#2247 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#2247 CDB[20]: ba
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 11, 2021, 11:34:14 PM12/11/21
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages