syzbot


KCSAN: data-race in clockevents_program_event / print_tickdevice (10)

Status: auto-obsoleted due to no activity on 2024/10/04 08:26
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+31a87aefacb06c07a1d6@syzkaller.appspotmail.com
First crash: 46d, last: 39d
Similar bugs (9)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (8) kernel 1 294d 294d 0/28 auto-obsoleted due to no activity on 2024/01/23 08:37
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (6) kernel 28 481d 773d 0/28 auto-obsoleted due to no activity on 2023/07/21 02:50
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (7) kernel 2 348d 349d 0/28 auto-obsoleted due to no activity on 2023/11/30 21:56
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (5) kernel 7 820d 846d 0/28 auto-closed as invalid on 2022/08/15 19:00
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (2) kernel 1 1181d 1181d 0/28 auto-closed as invalid on 2021/08/19 20:40
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (9) kernel 1 183d 183d 0/28 auto-obsoleted due to no activity on 2024/05/13 19:49
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (4) kernel 1 969d 969d 0/28 auto-closed as invalid on 2022/03/19 14:36
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice kernel 1 1264d 1261d 0/28 auto-closed as invalid on 2021/05/28 09:07
upstream KCSAN: data-race in clockevents_program_event / print_tickdevice (3) kernel 5 1070d 1101d 0/28 auto-closed as invalid on 2021/12/08 10:38

Sample crash report:
==================================================================
BUG: KCSAN: data-race in clockevents_program_event / print_tickdevice

write to 0xffff888237d1c218 of 8 bytes by interrupt on cpu 1:
 clockevents_program_event+0x36/0x1f0 kernel/time/clockevents.c:313
 tick_program_event+0x7c/0xd0 kernel/time/tick-oneshot.c:44
 hrtimer_interrupt+0x254/0x7b0 kernel/time/hrtimer.c:1828
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1a0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 xas_next_entry include/linux/xarray.h:1708 [inline]
 next_uptodate_folio+0xfd/0x890 mm/filemap.c:3464
 filemap_map_pages+0x7b2/0x9f0 mm/filemap.c:3653
 do_fault_around mm/memory.c:5019 [inline]
 do_read_fault mm/memory.c:5052 [inline]
 do_fault mm/memory.c:5191 [inline]
 do_pte_missing mm/memory.c:3947 [inline]
 handle_pte_fault mm/memory.c:5521 [inline]
 __handle_mm_fault mm/memory.c:5664 [inline]
 handle_mm_fault+0x1130/0x2a30 mm/memory.c:5832
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x3b9/0x650 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

read to 0xffff888237d1c218 of 8 bytes by task 4476 on cpu 0:
 print_tickdevice+0x144/0x340 kernel/time/timer_list.c:208
 timer_list_show+0x79/0x180 kernel/time/timer_list.c:300
 seq_read_iter+0x2d7/0x940 fs/seq_file.c:230
 proc_reg_read_iter+0x11e/0x190 fs/proc/inode.c:299
 copy_splice_read+0x3a4/0x5d0 fs/splice.c:365
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x26c/0x670 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3ab/0x950 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 x64_sys_call+0xed5/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x7fffffffffffffff -> 0x0000000d14823c9c

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4476 Comm: syz.0.346 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/30 08:25 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in clockevents_program_event / print_tickdevice
2024/08/24 04:27 upstream 60f0560f53e3 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in clockevents_program_event / print_tickdevice
* Struck through repros no longer work on HEAD.