[moderation] [serial?] KCSAN: data-race in serial8250_do_startup / serial8250_handle_irq (2)
4 views
Skip to first unread message
syzbot
Dec 19, 2024, 5:40:25 PM12/19/24
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: baaa2567a712 Merge tag 'mmc-v6.13-rc2' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d062df980000
kernel config: https://syzkaller.appspot.com/x/.config?x=67aa69407438e9cf
dashboard link: https://syzkaller.appspot.com/bug?extid=5f348e3542302335e61e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [gre...@linuxfoundation.org jiri...@kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/92e608722093/disk-baaa2567.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/379f9ec0e799/vmlinux-baaa2567.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e95f55f609c5/bzImage-baaa2567.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5f348e...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in serial8250_do_startup / serial8250_handle_irq
write to 0xffffffff88c1a7a6 of 1 bytes by task 25644 on cpu 1:
serial8250_do_startup+0x165c/0x1ea0 drivers/tty/serial/8250/8250_port.c:2456
serial8250_startup+0x40/0x50 drivers/tty/serial/8250/8250_port.c:2478
uart_port_startup drivers/tty/serial/serial_core.c:323 [inline]
uart_startup+0x481/0x9b0 drivers/tty/serial/serial_core.c:367
uart_port_activate+0x66/0xb0 drivers/tty/serial/serial_core.c:2010
tty_port_open+0x160/0x1f0 drivers/tty/tty_port.c:784
uart_open+0x30/0x40 drivers/tty/serial/serial_core.c:1990
tty_open+0x3d4/0xb00 drivers/tty/tty_io.c:2146
chrdev_open+0x2f9/0x370 fs/char_dev.c:414
do_dentry_open+0x621/0xa20 fs/open.c:945
vfs_open+0x38/0x1f0 fs/open.c:1075
do_open fs/namei.c:3828 [inline]
path_openat+0x1ac2/0x1fa0 fs/namei.c:3987
do_filp_open+0x107/0x230 fs/namei.c:4014
do_sys_openat2+0xab/0x120 fs/open.c:1402
do_sys_open fs/open.c:1417 [inline]
__do_sys_openat fs/open.c:1433 [inline]
__se_sys_openat fs/open.c:1428 [inline]
__x64_sys_openat+0xf3/0x120 fs/open.c:1428
x64_sys_call+0x2b30/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:258
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88c1a7a6 of 1 bytes by interrupt on cpu 0:
serial8250_handle_irq+0x3c8/0x620 drivers/tty/serial/8250/8250_port.c:1947
serial8250_default_handle_irq+0x94/0x130 drivers/tty/serial/8250/8250_port.c:1969
serial8250_interrupt+0x5d/0x120 drivers/tty/serial/8250/8250_core.c:86
__handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x64/0xf0 kernel/irq/handle.c:210
handle_edge_irq+0x16d/0x5b0 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
handle_irq arch/x86/kernel/irq.c:247 [inline]
call_irq_handler arch/x86/kernel/irq.c:259 [inline]
__common_interrupt+0x58/0xe0 arch/x86/kernel/irq.c:285
common_interrupt+0x7c/0x90 arch/x86/kernel/irq.c:278
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
kcsan_setup_watchpoint+0x404/0x410 kernel/kcsan/core.c:705
__tlb_remove_folio_pages_size mm/mmu_gather.c:179 [inline]
__tlb_remove_folio_pages+0x30/0x210 mm/mmu_gather.c:208
zap_present_folio_ptes mm/memory.c:1531 [inline]
zap_present_ptes mm/memory.c:1585 [inline]
zap_pte_range mm/memory.c:1627 [inline]
zap_pmd_range mm/memory.c:1753 [inline]
zap_pud_range mm/memory.c:1782 [inline]
zap_p4d_range mm/memory.c:1803 [inline]
unmap_page_range+0x1185/0x2380 mm/memory.c:1824
unmap_single_vma+0x142/0x1d0 mm/memory.c:1870
unmap_vmas+0x18d/0x2b0 mm/memory.c:1914
exit_mmap+0x18a/0x680 mm/mmap.c:1668
__mmput+0x28/0x1d0 kernel/fork.c:1353
mmput+0x4c/0x60 kernel/fork.c:1375
exit_mm+0xe4/0x190 kernel/exit.c:570
do_exit+0x55e/0x17f0 kernel/exit.c:925
do_group_exit+0x102/0x150 kernel/exit.c:1087
get_signal+0xeb9/0x1000 kernel/signal.c:3017
arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x62/0x120 kernel/entry/common.c:218
do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00 -> 0x05
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 25637 Comm: syz.4.18156 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: baaa2567a712 Merge tag 'mmc-v6.13-rc2' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d062df980000
kernel config: https://syzkaller.appspot.com/x/.config?x=67aa69407438e9cf
dashboard link: https://syzkaller.appspot.com/bug?extid=5f348e3542302335e61e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [gre...@linuxfoundation.org jiri...@kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/92e608722093/disk-baaa2567.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/379f9ec0e799/vmlinux-baaa2567.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e95f55f609c5/bzImage-baaa2567.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5f348e...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in serial8250_do_startup / serial8250_handle_irq
write to 0xffffffff88c1a7a6 of 1 bytes by task 25644 on cpu 1:
serial8250_do_startup+0x165c/0x1ea0 drivers/tty/serial/8250/8250_port.c:2456
serial8250_startup+0x40/0x50 drivers/tty/serial/8250/8250_port.c:2478
uart_port_startup drivers/tty/serial/serial_core.c:323 [inline]
uart_startup+0x481/0x9b0 drivers/tty/serial/serial_core.c:367
uart_port_activate+0x66/0xb0 drivers/tty/serial/serial_core.c:2010
tty_port_open+0x160/0x1f0 drivers/tty/tty_port.c:784
uart_open+0x30/0x40 drivers/tty/serial/serial_core.c:1990
tty_open+0x3d4/0xb00 drivers/tty/tty_io.c:2146
chrdev_open+0x2f9/0x370 fs/char_dev.c:414
do_dentry_open+0x621/0xa20 fs/open.c:945
vfs_open+0x38/0x1f0 fs/open.c:1075
do_open fs/namei.c:3828 [inline]
path_openat+0x1ac2/0x1fa0 fs/namei.c:3987
do_filp_open+0x107/0x230 fs/namei.c:4014
do_sys_openat2+0xab/0x120 fs/open.c:1402
do_sys_open fs/open.c:1417 [inline]
__do_sys_openat fs/open.c:1433 [inline]
__se_sys_openat fs/open.c:1428 [inline]
__x64_sys_openat+0xf3/0x120 fs/open.c:1428
x64_sys_call+0x2b30/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:258
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88c1a7a6 of 1 bytes by interrupt on cpu 0:
serial8250_handle_irq+0x3c8/0x620 drivers/tty/serial/8250/8250_port.c:1947
serial8250_default_handle_irq+0x94/0x130 drivers/tty/serial/8250/8250_port.c:1969
serial8250_interrupt+0x5d/0x120 drivers/tty/serial/8250/8250_core.c:86
__handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x64/0xf0 kernel/irq/handle.c:210
handle_edge_irq+0x16d/0x5b0 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
handle_irq arch/x86/kernel/irq.c:247 [inline]
call_irq_handler arch/x86/kernel/irq.c:259 [inline]
__common_interrupt+0x58/0xe0 arch/x86/kernel/irq.c:285
common_interrupt+0x7c/0x90 arch/x86/kernel/irq.c:278
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
kcsan_setup_watchpoint+0x404/0x410 kernel/kcsan/core.c:705
__tlb_remove_folio_pages_size mm/mmu_gather.c:179 [inline]
__tlb_remove_folio_pages+0x30/0x210 mm/mmu_gather.c:208
zap_present_folio_ptes mm/memory.c:1531 [inline]
zap_present_ptes mm/memory.c:1585 [inline]
zap_pte_range mm/memory.c:1627 [inline]
zap_pmd_range mm/memory.c:1753 [inline]
zap_pud_range mm/memory.c:1782 [inline]
zap_p4d_range mm/memory.c:1803 [inline]
unmap_page_range+0x1185/0x2380 mm/memory.c:1824
unmap_single_vma+0x142/0x1d0 mm/memory.c:1870
unmap_vmas+0x18d/0x2b0 mm/memory.c:1914
exit_mmap+0x18a/0x680 mm/mmap.c:1668
__mmput+0x28/0x1d0 kernel/fork.c:1353
mmput+0x4c/0x60 kernel/fork.c:1375
exit_mm+0xe4/0x190 kernel/exit.c:570
do_exit+0x55e/0x17f0 kernel/exit.c:925
do_group_exit+0x102/0x150 kernel/exit.c:1087
get_signal+0xeb9/0x1000 kernel/signal.c:3017
arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x62/0x120 kernel/entry/common.c:218
do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00 -> 0x05
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 25637 Comm: syz.4.18156 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 8, 2025, 6:28:19 AM4/8/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages