[moderation] [fs?] KCSAN: data-race in do_timerfd_settime / do_timerfd_settime (4)
5 views
Skip to first unread message
syzbot
Feb 24, 2025, 5:26:31 PM2/24/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d082ecbc71e9 Linux 6.14-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=166746e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e9dd6c7eeba2114e
dashboard link: https://syzkaller.appspot.com/bug?extid=a0e54c9358cb54949bb5
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [anna-...@linutronix.de bra...@kernel.org fred...@kernel.org ja...@suse.cz linux-...@vger.kernel.org linux-...@vger.kernel.org tg...@linutronix.de vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2b352c2abb77/disk-d082ecbc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c5f4a062a264/vmlinux-d082ecbc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c3a86625df5a/bzImage-d082ecbc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a0e54c...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in do_timerfd_settime / do_timerfd_settime
write to 0xffff88811560f3d4 of 1 bytes by task 6754 on cpu 0:
timerfd_setup_cancel fs/timerfd.c:164 [inline]
do_timerfd_settime+0x94a/0xa30 fs/timerfd.c:478
__do_sys_timerfd_settime fs/timerfd.c:569 [inline]
__se_sys_timerfd_settime fs/timerfd.c:560 [inline]
__x64_sys_timerfd_settime+0xb9/0x140 fs/timerfd.c:560
x64_sys_call+0x2b76/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:287
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88811560f3d4 of 1 bytes by task 6755 on cpu 1:
timerfd_canceled fs/timerfd.c:151 [inline]
timerfd_setup fs/timerfd.c:225 [inline]
do_timerfd_settime+0x867/0xa30 fs/timerfd.c:521
__do_sys_timerfd_settime fs/timerfd.c:569 [inline]
__se_sys_timerfd_settime fs/timerfd.c:560 [inline]
__x64_sys_timerfd_settime+0xb9/0x140 fs/timerfd.c:560
x64_sys_call+0x2b76/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:287
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 6755 Comm: syz.2.994 Tainted: G W 6.14.0-rc4-syzkaller #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
==================================================================
netlink: 'syz.2.994': attribute type 10 has an invalid length.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d082ecbc71e9 Linux 6.14-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=166746e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e9dd6c7eeba2114e
dashboard link: https://syzkaller.appspot.com/bug?extid=a0e54c9358cb54949bb5
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [anna-...@linutronix.de bra...@kernel.org fred...@kernel.org ja...@suse.cz linux-...@vger.kernel.org linux-...@vger.kernel.org tg...@linutronix.de vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2b352c2abb77/disk-d082ecbc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c5f4a062a264/vmlinux-d082ecbc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c3a86625df5a/bzImage-d082ecbc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a0e54c...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in do_timerfd_settime / do_timerfd_settime
write to 0xffff88811560f3d4 of 1 bytes by task 6754 on cpu 0:
timerfd_setup_cancel fs/timerfd.c:164 [inline]
do_timerfd_settime+0x94a/0xa30 fs/timerfd.c:478
__do_sys_timerfd_settime fs/timerfd.c:569 [inline]
__se_sys_timerfd_settime fs/timerfd.c:560 [inline]
__x64_sys_timerfd_settime+0xb9/0x140 fs/timerfd.c:560
x64_sys_call+0x2b76/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:287
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88811560f3d4 of 1 bytes by task 6755 on cpu 1:
timerfd_canceled fs/timerfd.c:151 [inline]
timerfd_setup fs/timerfd.c:225 [inline]
do_timerfd_settime+0x867/0xa30 fs/timerfd.c:521
__do_sys_timerfd_settime fs/timerfd.c:569 [inline]
__se_sys_timerfd_settime fs/timerfd.c:560 [inline]
__x64_sys_timerfd_settime+0xb9/0x140 fs/timerfd.c:560
x64_sys_call+0x2b76/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:287
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 6755 Comm: syz.2.994 Tainted: G W 6.14.0-rc4-syzkaller #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
==================================================================
netlink: 'syz.2.994': attribute type 10 has an invalid length.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 21, 2025, 6:26:16 PM4/21/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages