KCSAN: data-race in __hrtimer_run_queues / hrtimer_active
11 views
Skip to first unread message
syzbot
Oct 7, 2019, 2:59:14 PM10/7/19
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b4bd9343 x86, kcsan: Enable KCSAN for x86
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=162b4d5d600000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0906aa620713d80
dashboard link: https://syzkaller.appspot.com/bug?extid=3d7b5402470cca82b6c0
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [linux-...@vger.kernel.org tg...@linutronix.de
el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3d7b54...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __hrtimer_run_queues / hrtimer_active
read to 0xffff88812be1d818 of 8 bytes by interrupt on cpu 1:
hrtimer_active+0x84/0x1a0 kernel/time/hrtimer.c:1321
entity_tick kernel/sched/fair.c:4301 [inline]
task_tick_fair+0x4c/0x920 kernel/sched/fair.c:9977
scheduler_tick+0x5c/0xe0 kernel/sched/core.c:3471
update_process_times+0x5f/0x80 kernel/time/timer.c:1644
tick_sched_handle+0x75/0x100 kernel/time/tick-sched.c:167
tick_sched_timer+0x58/0xe0 kernel/time/tick-sched.c:1296
__run_hrtimer kernel/time/hrtimer.c:1389 [inline]
__hrtimer_run_queues+0x288/0x600 kernel/time/hrtimer.c:1451
hrtimer_interrupt+0x22a/0x480 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1110 [inline]
smp_apic_timer_interrupt+0xdc/0x280 arch/x86/kernel/apic/apic.c:1135
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
__read_once_size include/linux/compiler.h:227 [inline]
arch_atomic64_read arch/x86/include/asm/atomic64_64.h:22 [inline]
atomic64_read include/asm-generic/atomic-instrumented.h:925 [inline]
atomic_long_read include/asm-generic/atomic-long.h:28 [inline]
find_watchpoint kernel/kcsan/core.c:84 [inline]
__kcsan_check_watchpoint+0xbb/0x180 kernel/kcsan/core.c:322
__tsan_read8+0x15/0x30 kernel/kcsan/kcsan.c:31
get_next_corpse net/netfilter/nf_conntrack_core.c:2005 [inline]
nf_ct_iterate_cleanup+0x1d0/0x2e0 net/netfilter/nf_conntrack_core.c:2037
nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2122 [inline]
nf_ct_iterate_cleanup_net+0xe2/0xf0 net/netfilter/nf_conntrack_core.c:2107
write to 0xffff88812be1d818 of 8 bytes by interrupt on cpu 0:
__run_hrtimer kernel/time/hrtimer.c:1360 [inline]
__hrtimer_run_queues+0x1f2/0x600 kernel/time/hrtimer.c:1451
hrtimer_interrupt+0x22a/0x480 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1110 [inline]
smp_apic_timer_interrupt+0xdc/0x280 arch/x86/kernel/apic/apic.c:1135
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
find_watchpoint kernel/kcsan/core.c:83 [inline]
__kcsan_check_watchpoint+0xa9/0x180 kernel/kcsan/core.c:322
__tsan_read8+0x15/0x30 kernel/kcsan/kcsan.c:31
tomoyo_compare_name_union+0x26/0xa0 security/tomoyo/file.c:85
tomoyo_check_path2_acl+0x81/0xb0 security/tomoyo/file.c:303
tomoyo_check_acl+0xf6/0x270 security/tomoyo/domain.c:172
tomoyo_path2_perm+0x3d3/0x4c0 security/tomoyo/file.c:942
tomoyo_path_rename+0x95/0xd0 security/tomoyo/tomoyo.c:285
security_path_rename+0x17e/0x1e0 security/security.c:1039
do_renameat2+0x6ea/0xa50 fs/namei.c:4623
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 7227 Comm: udevd Not tainted 5.3.0+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: b4bd9343 x86, kcsan: Enable KCSAN for x86
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=162b4d5d600000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0906aa620713d80
dashboard link: https://syzkaller.appspot.com/bug?extid=3d7b5402470cca82b6c0
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [linux-...@vger.kernel.org tg...@linutronix.de
el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3d7b54...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __hrtimer_run_queues / hrtimer_active
read to 0xffff88812be1d818 of 8 bytes by interrupt on cpu 1:
hrtimer_active+0x84/0x1a0 kernel/time/hrtimer.c:1321
entity_tick kernel/sched/fair.c:4301 [inline]
task_tick_fair+0x4c/0x920 kernel/sched/fair.c:9977
scheduler_tick+0x5c/0xe0 kernel/sched/core.c:3471
update_process_times+0x5f/0x80 kernel/time/timer.c:1644
tick_sched_handle+0x75/0x100 kernel/time/tick-sched.c:167
tick_sched_timer+0x58/0xe0 kernel/time/tick-sched.c:1296
__run_hrtimer kernel/time/hrtimer.c:1389 [inline]
__hrtimer_run_queues+0x288/0x600 kernel/time/hrtimer.c:1451
hrtimer_interrupt+0x22a/0x480 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1110 [inline]
smp_apic_timer_interrupt+0xdc/0x280 arch/x86/kernel/apic/apic.c:1135
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
__read_once_size include/linux/compiler.h:227 [inline]
arch_atomic64_read arch/x86/include/asm/atomic64_64.h:22 [inline]
atomic64_read include/asm-generic/atomic-instrumented.h:925 [inline]
atomic_long_read include/asm-generic/atomic-long.h:28 [inline]
find_watchpoint kernel/kcsan/core.c:84 [inline]
__kcsan_check_watchpoint+0xbb/0x180 kernel/kcsan/core.c:322
__tsan_read8+0x15/0x30 kernel/kcsan/kcsan.c:31
get_next_corpse net/netfilter/nf_conntrack_core.c:2005 [inline]
nf_ct_iterate_cleanup+0x1d0/0x2e0 net/netfilter/nf_conntrack_core.c:2037
nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2122 [inline]
nf_ct_iterate_cleanup_net+0xe2/0xf0 net/netfilter/nf_conntrack_core.c:2107
write to 0xffff88812be1d818 of 8 bytes by interrupt on cpu 0:
__run_hrtimer kernel/time/hrtimer.c:1360 [inline]
__hrtimer_run_queues+0x1f2/0x600 kernel/time/hrtimer.c:1451
hrtimer_interrupt+0x22a/0x480 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1110 [inline]
smp_apic_timer_interrupt+0xdc/0x280 arch/x86/kernel/apic/apic.c:1135
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
find_watchpoint kernel/kcsan/core.c:83 [inline]
__kcsan_check_watchpoint+0xa9/0x180 kernel/kcsan/core.c:322
__tsan_read8+0x15/0x30 kernel/kcsan/kcsan.c:31
tomoyo_compare_name_union+0x26/0xa0 security/tomoyo/file.c:85
tomoyo_check_path2_acl+0x81/0xb0 security/tomoyo/file.c:303
tomoyo_check_acl+0xf6/0x270 security/tomoyo/domain.c:172
tomoyo_path2_perm+0x3d3/0x4c0 security/tomoyo/file.c:942
tomoyo_path_rename+0x95/0xd0 security/tomoyo/tomoyo.c:285
security_path_rename+0x17e/0x1e0 security/security.c:1039
do_renameat2+0x6ea/0xa50 fs/namei.c:4623
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 7227 Comm: udevd Not tainted 5.3.0+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 7, 2020, 2:05:13 AM4/7/20
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages