KCSAN: data-race in internal_add_timer / timer_clear_idle
8 views
Skip to first unread message
syzbot
Dec 7, 2020, 6:53:11 AM12/7/20
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4d02da97 Merge tag 'net-5.10-rc5' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10bf4539500000
kernel config: https://syzkaller.appspot.com/x/.config?x=73fc125ff8990ab9
dashboard link: https://syzkaller.appspot.com/bug?extid=b130e0d14518a7e0d5bf
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project.git 913f6005669cfb590c99865a90bc51ed0983d09d)
CC: [fwei...@gmail.com linux-...@vger.kernel.org mi...@kernel.org tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b130e0...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in internal_add_timer / timer_clear_idle
write to 0xffff88813bd1bce5 of 1 bytes by task 0 on cpu 1:
timer_clear_idle+0x1e/0x30 kernel/time/timer.c:1692
tick_nohz_restart_sched_tick kernel/time/tick-sched.c:868 [inline]
__tick_nohz_idle_restart_tick+0x20/0x180 kernel/time/tick-sched.c:1169
tick_nohz_idle_exit+0xfc/0x210 kernel/time/tick-sched.c:1210
do_idle+0x1f6/0x230 kernel/sched/idle.c:286
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:369
secondary_startup_64_no_verify+0xb0/0xbb
read to 0xffff88813bd1bce5 of 1 bytes by interrupt on cpu 0:
trigger_dyntick_cpu kernel/time/timer.c:568 [inline]
enqueue_timer kernel/time/timer.c:599 [inline]
internal_add_timer+0x219/0x2a0 kernel/time/timer.c:609
__mod_timer+0x789/0xbf0 kernel/time/timer.c:1060
mod_timer+0x1b/0x20 kernel/time/timer.c:1106
sk_reset_timer+0x1f/0xa0 net/core/sock.c:2933
tcp_send_delayed_ack+0x23e/0x250 net/ipv4/tcp_output.c:3925
__tcp_ack_snd_check+0x2f6/0x500 net/ipv4/tcp_input.c:5406
tcp_rcv_established+0x11bc/0x1450 net/ipv4/tcp_input.c:5835
tcp_v4_do_rcv+0x278/0x4a0 net/ipv4/tcp_ipv4.c:1652
tcp_v4_rcv+0x2101/0x2370 net/ipv4/tcp_ipv4.c:2034
ip_protocol_deliver_rcu+0x1f9/0x3e0 net/ipv4/ip_input.c:204
ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ip_local_deliver+0x1c0/0x280 net/ipv4/ip_input.c:252
dst_input include/net/dst.h:449 [inline]
ip_sublist_rcv_finish net/ipv4/ip_input.c:550 [inline]
ip_list_rcv_finish net/ipv4/ip_input.c:600 [inline]
ip_sublist_rcv+0x4c4/0x590 net/ipv4/ip_input.c:608
ip_list_rcv+0x262/0x290 net/ipv4/ip_input.c:643
__netif_receive_skb_list_ptype net/core/dev.c:5358 [inline]
__netif_receive_skb_list_core+0x34b/0x450 net/core/dev.c:5406
__netif_receive_skb_list+0x262/0x2e0 net/core/dev.c:5458
netif_receive_skb_list_internal+0xda/0x330 net/core/dev.c:5568
gro_normal_list net/core/dev.c:5722 [inline]
napi_complete_done+0x1b2/0x420 net/core/dev.c:6447
virtqueue_napi_complete+0x28/0x80 drivers/net/virtio_net.c:334
virtnet_poll+0x607/0x730 drivers/net/virtio_net.c:1460
napi_poll+0x178/0x4c0 net/core/dev.c:6763
net_rx_action+0x17a/0x480 net/core/dev.c:6833
__do_softirq+0x12c/0x2b1 kernel/softirq.c:298
asm_call_irq_on_stack+0xf/0x20
__run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
do_softirq_own_stack+0x32/0x40 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:393 [inline]
__irq_exit_rcu+0xb2/0xc0 kernel/softirq.c:423
common_interrupt+0xb5/0x130 arch/x86/kernel/irq.c:239
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:622
native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
acpi_idle_do_entry drivers/acpi/processor_idle.c:517 [inline]
acpi_idle_enter+0x25b/0x2e0 drivers/acpi/processor_idle.c:648
cpuidle_enter_state+0x2bd/0x750 drivers/cpuidle/cpuidle.c:237
cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:351
call_cpuidle kernel/sched/idle.c:132 [inline]
cpuidle_idle_call kernel/sched/idle.c:213 [inline]
do_idle+0x193/0x230 kernel/sched/idle.c:273
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:369
rest_init+0xd7/0xe0 init/main.c:721
arch_call_rest_init+0xa/0xb
start_kernel+0x5a0/0x625 init/main.c:1061
secondary_startup_64_no_verify+0xb0/0xbb
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 4d02da97 Merge tag 'net-5.10-rc5' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10bf4539500000
kernel config: https://syzkaller.appspot.com/x/.config?x=73fc125ff8990ab9
dashboard link: https://syzkaller.appspot.com/bug?extid=b130e0d14518a7e0d5bf
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project.git 913f6005669cfb590c99865a90bc51ed0983d09d)
CC: [fwei...@gmail.com linux-...@vger.kernel.org mi...@kernel.org tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b130e0...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in internal_add_timer / timer_clear_idle
write to 0xffff88813bd1bce5 of 1 bytes by task 0 on cpu 1:
timer_clear_idle+0x1e/0x30 kernel/time/timer.c:1692
tick_nohz_restart_sched_tick kernel/time/tick-sched.c:868 [inline]
__tick_nohz_idle_restart_tick+0x20/0x180 kernel/time/tick-sched.c:1169
tick_nohz_idle_exit+0xfc/0x210 kernel/time/tick-sched.c:1210
do_idle+0x1f6/0x230 kernel/sched/idle.c:286
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:369
secondary_startup_64_no_verify+0xb0/0xbb
read to 0xffff88813bd1bce5 of 1 bytes by interrupt on cpu 0:
trigger_dyntick_cpu kernel/time/timer.c:568 [inline]
enqueue_timer kernel/time/timer.c:599 [inline]
internal_add_timer+0x219/0x2a0 kernel/time/timer.c:609
__mod_timer+0x789/0xbf0 kernel/time/timer.c:1060
mod_timer+0x1b/0x20 kernel/time/timer.c:1106
sk_reset_timer+0x1f/0xa0 net/core/sock.c:2933
tcp_send_delayed_ack+0x23e/0x250 net/ipv4/tcp_output.c:3925
__tcp_ack_snd_check+0x2f6/0x500 net/ipv4/tcp_input.c:5406
tcp_rcv_established+0x11bc/0x1450 net/ipv4/tcp_input.c:5835
tcp_v4_do_rcv+0x278/0x4a0 net/ipv4/tcp_ipv4.c:1652
tcp_v4_rcv+0x2101/0x2370 net/ipv4/tcp_ipv4.c:2034
ip_protocol_deliver_rcu+0x1f9/0x3e0 net/ipv4/ip_input.c:204
ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
NF_HOOK include/linux/netfilter.h:301 [inline]
ip_local_deliver+0x1c0/0x280 net/ipv4/ip_input.c:252
dst_input include/net/dst.h:449 [inline]
ip_sublist_rcv_finish net/ipv4/ip_input.c:550 [inline]
ip_list_rcv_finish net/ipv4/ip_input.c:600 [inline]
ip_sublist_rcv+0x4c4/0x590 net/ipv4/ip_input.c:608
ip_list_rcv+0x262/0x290 net/ipv4/ip_input.c:643
__netif_receive_skb_list_ptype net/core/dev.c:5358 [inline]
__netif_receive_skb_list_core+0x34b/0x450 net/core/dev.c:5406
__netif_receive_skb_list+0x262/0x2e0 net/core/dev.c:5458
netif_receive_skb_list_internal+0xda/0x330 net/core/dev.c:5568
gro_normal_list net/core/dev.c:5722 [inline]
napi_complete_done+0x1b2/0x420 net/core/dev.c:6447
virtqueue_napi_complete+0x28/0x80 drivers/net/virtio_net.c:334
virtnet_poll+0x607/0x730 drivers/net/virtio_net.c:1460
napi_poll+0x178/0x4c0 net/core/dev.c:6763
net_rx_action+0x17a/0x480 net/core/dev.c:6833
__do_softirq+0x12c/0x2b1 kernel/softirq.c:298
asm_call_irq_on_stack+0xf/0x20
__run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
do_softirq_own_stack+0x32/0x40 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:393 [inline]
__irq_exit_rcu+0xb2/0xc0 kernel/softirq.c:423
common_interrupt+0xb5/0x130 arch/x86/kernel/irq.c:239
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:622
native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
acpi_idle_do_entry drivers/acpi/processor_idle.c:517 [inline]
acpi_idle_enter+0x25b/0x2e0 drivers/acpi/processor_idle.c:648
cpuidle_enter_state+0x2bd/0x750 drivers/cpuidle/cpuidle.c:237
cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:351
call_cpuidle kernel/sched/idle.c:132 [inline]
cpuidle_idle_call kernel/sched/idle.c:213 [inline]
do_idle+0x193/0x230 kernel/sched/idle.c:273
cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:369
rest_init+0xd7/0xe0 init/main.c:721
arch_call_rest_init+0xa/0xb
start_kernel+0x5a0/0x625 init/main.c:1061
secondary_startup_64_no_verify+0xb0/0xbb
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 9, 2021, 8:40:20 PM12/9/21
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages