syzbot


KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult

Status: fixed on 2020/02/18 14:31
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+134336b86f728d6e55a0@syzkaller.appspotmail.com
Fix commit: 15c7c972cd26 rcu: Use *_ONCE() to protect lockless ->expmask accesses
First crash: 1715d, last: 1589d
Discussions (5)
Title Replies (including bot) Last reply
[PATCH 5.4 000/309] 5.4.19-stable review 321 (321) 2020/02/12 21:17
[PATCH 5.5 000/367] 5.5.3-stable review 385 (385) 2020/02/12 07:27
KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult 11 (12) 2020/01/25 10:42
[PATCH tip/core/rcu 0/10] Expedited grace-period updates for v5.6 11 (11) 2019/12/10 04:01
[PATCH] rcu: Avoid to modify mask_ofl_ipi in sync_rcu_exp_select_node_cpus() 9 (9) 2019/10/09 15:45

Sample crash report:
==================================================================
BUG: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult

write to 0xffffffff85c7d080 of 8 bytes by interrupt on cpu 1:
 rcu_report_exp_cpu_mult+0x4f/0xa0 kernel/rcu/tree_exp.h:244
 rcu_report_exp_rdp+0x6c/0x90 kernel/rcu/tree_exp.h:254
 rcu_exp_handler+0xe5/0x190 kernel/rcu/tree_exp.h:616
 flush_smp_call_function_queue+0x18c/0x2b0 kernel/smp.c:248
 generic_smp_call_function_single_interrupt+0x1c/0x49 kernel/smp.c:193
 smp_call_function_single_interrupt+0x3f/0x100 arch/x86/kernel/smp.c:262
 call_function_single_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:851
 __read_once_size include/linux/compiler.h:232 [inline]
 check_kcov_mode kernel/kcov.c:155 [inline]
 write_comp_data+0x1e/0x70 kernel/kcov.c:208
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:404 [inline]
 batadv_nc_worker+0x151/0x390 net/batman-adv/network-coding.c:718
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2264
 worker_thread+0xa0/0x800 kernel/workqueue.c:2410
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

read to 0xffffffff85c7d080 of 8 bytes by task 5 on cpu 0:
 _find_next_bit lib/find_bit.c:39 [inline]
 find_next_bit+0x57/0xe0 lib/find_bit.c:70
 sync_rcu_exp_select_node_cpus+0x28e/0x510 kernel/rcu/tree_exp.h:375
 sync_rcu_exp_select_cpus+0x30c/0x590 kernel/rcu/tree_exp.h:439
 rcu_exp_sel_wait_wake kernel/rcu/tree_exp.h:575 [inline]
 wait_rcu_exp_gp+0x25/0x40 kernel/rcu/tree_exp.h:589
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2264
 worker_thread+0xa0/0x800 kernel/workqueue.c:2410
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: rcu_gp wait_rcu_exp_gp
==================================================================

Crashes (203):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/07 00:08 https://github.com/google/ktsan.git kcsan 245a43005292 06150bf1 .config console log report ci2-upstream-kcsan-gce
2020/02/06 11:56 https://github.com/google/ktsan.git kcsan 245a43005292 5be3a391 .config console log report ci2-upstream-kcsan-gce
2020/02/05 13:42 https://github.com/google/ktsan.git kcsan 245a43005292 662cf49a .config console log report ci2-upstream-kcsan-gce
2020/02/05 13:40 https://github.com/google/ktsan.git kcsan 245a43005292 662cf49a .config console log report ci2-upstream-kcsan-gce
2020/02/02 12:22 https://github.com/google/ktsan.git kcsan 245a43005292 93e5e335 .config console log report ci2-upstream-kcsan-gce
2020/02/01 22:31 https://github.com/google/ktsan.git kcsan 245a43005292 2274ad39 .config console log report ci2-upstream-kcsan-gce
2020/02/01 10:26 https://github.com/google/ktsan.git kcsan 245a43005292 326d4c78 .config console log report ci2-upstream-kcsan-gce
2020/01/31 18:48 https://github.com/google/ktsan.git kcsan 245a43005292 0eb59c27 .config console log report ci2-upstream-kcsan-gce
2020/01/29 15:37 https://github.com/google/ktsan.git kcsan 245a43005292 5ed23f9a .config console log report ci2-upstream-kcsan-gce
2020/01/28 16:33 https://github.com/google/ktsan.git kcsan 245a43005292 c8e81ce4 .config console log report ci2-upstream-kcsan-gce
2020/01/27 15:04 https://github.com/google/ktsan.git kcsan 245a43005292 56cd6c9b .config console log report ci2-upstream-kcsan-gce
2020/01/26 15:54 https://github.com/google/ktsan.git kcsan 245a43005292 dd56146d .config console log report ci2-upstream-kcsan-gce
2020/01/25 22:07 https://github.com/google/ktsan.git kcsan 245a43005292 f4e7270e .config console log report ci2-upstream-kcsan-gce
2020/01/24 06:28 https://github.com/google/ktsan.git kcsan 245a43005292 2e95ab33 .config console log report ci2-upstream-kcsan-gce
2020/01/23 14:45 https://github.com/google/ktsan.git kcsan 245a43005292 11ebf937 .config console log report ci2-upstream-kcsan-gce
2020/01/22 17:50 https://github.com/google/ktsan.git kcsan 245a43005292 3334d684 .config console log report ci2-upstream-kcsan-gce
2020/01/20 21:46 https://github.com/google/ktsan.git kcsan 245a43005292 8eda0b95 .config console log report ci2-upstream-kcsan-gce
2020/01/20 09:47 https://github.com/google/ktsan.git kcsan 245a43005292 c40da18c .config console log report ci2-upstream-kcsan-gce
2020/01/19 15:18 https://github.com/google/ktsan.git kcsan 245a43005292 0342f8c7 .config console log report ci2-upstream-kcsan-gce
2020/01/18 21:00 https://github.com/google/ktsan.git kcsan 245a43005292 bc8bc756 .config console log report ci2-upstream-kcsan-gce
2020/01/16 11:35 https://github.com/google/ktsan.git kcsan 245a43005292 3de7aabb .config console log report ci2-upstream-kcsan-gce
2020/01/16 11:34 https://github.com/google/ktsan.git kcsan 245a43005292 3de7aabb .config console log report ci2-upstream-kcsan-gce
2020/01/15 17:31 https://github.com/google/ktsan.git kcsan 245a43005292 f9b69507 .config console log report ci2-upstream-kcsan-gce
2020/01/15 15:35 https://github.com/google/ktsan.git kcsan 245a43005292 069a5a44 .config console log report ci2-upstream-kcsan-gce
2020/01/14 19:14 https://github.com/google/ktsan.git kcsan 245a43005292 fa12bd3c .config console log report ci2-upstream-kcsan-gce
2020/01/13 23:03 https://github.com/google/ktsan.git kcsan 245a43005292 32881205 .config console log report ci2-upstream-kcsan-gce
2020/01/13 10:55 https://github.com/google/ktsan.git kcsan 245a43005292 99565c1a .config console log report ci2-upstream-kcsan-gce
2020/01/12 22:35 https://github.com/google/ktsan.git kcsan 245a43005292 53faa9fe .config console log report ci2-upstream-kcsan-gce
2020/01/12 10:39 https://github.com/google/ktsan.git kcsan 245a43005292 31290a45 .config console log report ci2-upstream-kcsan-gce
2020/01/11 02:37 https://github.com/google/ktsan.git kcsan 245a43005292 4c04afaa .config console log report ci2-upstream-kcsan-gce
2020/01/10 14:21 https://github.com/google/ktsan.git kcsan 245a43005292 2e0a9b2b .config console log report ci2-upstream-kcsan-gce
2020/01/09 14:33 https://github.com/google/ktsan.git kcsan 245a43005292 4de4e9f0 .config console log report ci2-upstream-kcsan-gce
2020/01/09 14:33 https://github.com/google/ktsan.git kcsan 245a43005292 4de4e9f0 .config console log report ci2-upstream-kcsan-gce
2020/01/08 09:23 https://github.com/google/ktsan.git kcsan 245a43005292 ddc3e859 .config console log report ci2-upstream-kcsan-gce
2020/01/07 21:43 https://github.com/google/ktsan.git kcsan 245a43005292 6738e0b3 .config console log report ci2-upstream-kcsan-gce
2020/01/07 09:15 https://github.com/google/ktsan.git kcsan 245a43005292 1bcd407e .config console log report ci2-upstream-kcsan-gce
2020/01/06 19:51 https://github.com/google/ktsan.git kcsan 245a43005292 53430d97 .config console log report ci2-upstream-kcsan-gce
2020/01/06 00:19 https://github.com/google/ktsan.git kcsan 245a43005292 438e1227 .config console log report ci2-upstream-kcsan-gce
2020/01/05 12:02 https://github.com/google/ktsan.git kcsan 245a43005292 d646e21f .config console log report ci2-upstream-kcsan-gce
2020/01/03 21:51 https://github.com/google/ktsan.git kcsan 245a43005292 68256974 .config console log report ci2-upstream-kcsan-gce
2020/01/03 09:41 https://github.com/google/ktsan.git kcsan 245a43005292 9dcc1191 .config console log report ci2-upstream-kcsan-gce
2019/12/31 16:34 https://github.com/google/ktsan.git kcsan 245a43005292 25a0186e .config console log report ci2-upstream-kcsan-gce
2019/12/31 04:26 https://github.com/google/ktsan.git kcsan 245a43005292 7f117e28 .config console log report ci2-upstream-kcsan-gce
2019/10/04 16:12 https://github.com/google/ktsan.git kcsan b4bd934316dc c86336cf .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.