syzbot


KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free (2)

Status: fixed on 2021/04/09 19:46
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+516acdb03d3e27d91bcd@syzkaller.appspotmail.com
Fix commit: 6df8fb83301d bpf_lru_list: Read double-checked variable once without lock
First crash: 1302d, last: 1193d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.19 000/247] 4.19.178-rc1 review 277 (277) 2022/03/02 15:52
[PATCH 5.10 000/663] 5.10.20-rc1 review 673 (673) 2021/03/05 18:03
[PATCH 5.4 000/340] 5.4.102-rc1 review 348 (348) 2021/03/04 09:26
[PATCH 5.11 000/775] 5.11.3-rc1 review 776 (776) 2021/03/01 16:15
[PATCH 4.14 000/176] 4.14.223-rc1 review 177 (177) 2021/03/01 16:14
[PATCH] bpf_lru_list: Read double-checked variable once without lock 4 (4) 2021/02/11 00:00
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free bpf 10 1362d 1433d 0/26 auto-closed as invalid on 2020/10/03 23:58

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free

write to 0xffff8881307b3cca of 1 bytes by task 22638 on cpu 1:
 __bpf_lru_node_move kernel/bpf/bpf_lru_list.c:111 [inline]
 __bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:151 [inline]
 __bpf_lru_list_rotate+0x328/0x7b0 kernel/bpf/bpf_lru_list.c:240
 bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]
 bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]
 bpf_lru_pop_free+0x7bc/0xed0 kernel/bpf/bpf_lru_list.c:499
 prealloc_lru_pop kernel/bpf/hashtab.c:264 [inline]
 htab_lru_map_update_elem+0xaf/0x4a0 kernel/bpf/hashtab.c:1099
 bpf_map_update_value+0x1b9/0x300 kernel/bpf/syscall.c:201
 generic_map_update_batch+0x344/0x450 kernel/bpf/syscall.c:1350
 bpf_map_do_batch+0x286/0x2f0 kernel/bpf/syscall.c:3990
 __do_sys_bpf+0x87c/0x9950 kernel/bpf/syscall.c:4446
 __se_sys_bpf kernel/bpf/syscall.c:4340 [inline]
 __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4340
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8881307b3cca of 1 bytes by task 22632 on cpu 0:
 bpf_common_lru_push_free kernel/bpf/bpf_lru_list.c:507 [inline]
 bpf_lru_push_free+0xd7/0x590 kernel/bpf/bpf_lru_list.c:555
 htab_lru_map_update_elem+0x454/0x4a0 kernel/bpf/hashtab.c:1130
 bpf_map_update_value+0x1b9/0x300 kernel/bpf/syscall.c:201
 generic_map_update_batch+0x344/0x450 kernel/bpf/syscall.c:1350
 bpf_map_do_batch+0x286/0x2f0 kernel/bpf/syscall.c:3990
 __do_sys_bpf+0x87c/0x9950 kernel/bpf/syscall.c:4446
 __se_sys_bpf kernel/bpf/syscall.c:4340 [inline]
 __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4340
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 22632 Comm: syz-executor.1 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (32):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/14 13:22 upstream 358feceebbf6 98682e5e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/13 23:54 upstream ac30d8ce28d6 98682e5e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/11 19:09 upstream 291009f656e8 a5f86b15 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/11 06:32 upstream 291009f656e8 a52ee10a .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/08 14:25 upstream 92bf22614b21 2ce644fc .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/07 15:58 upstream 825b5991a46e 2ce644fc .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/07 01:29 upstream 964d069f93c4 0655e081 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/01 15:57 upstream 1048ba83fb1c e6b95f32 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/02/01 04:02 upstream 1048ba83fb1c fc9fd31e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/29 00:11 upstream e5ff2cb9cf67 7df34f59 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/27 20:37 upstream 76c057c84d28 a57db36f .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/27 11:21 upstream 2ab38c17aac1 a0ebf917 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/25 12:59 upstream 6ee1d745b7c9 52e37319 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/24 06:32 upstream e1ae4b0be158 52e37319 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/20 12:02 upstream 45dfb8a5659a d4f4eca5 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/18 16:49 upstream 19c329f68089 63631df1 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/18 06:02 upstream 19c329f68089 fd103621 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2021/01/17 11:48 upstream 0da0a8a0a0e1 813be542 .config console log report info ci2-upstream-kcsan-gce
2021/01/09 23:02 upstream 2ff90100ace8 2c1f2513 .config console log report info ci2-upstream-kcsan-gce
2021/01/07 00:18 upstream 71c061d24438 c104d4a3 .config console log report info ci2-upstream-kcsan-gce
2021/01/05 15:28 upstream 36bbbd0e234d a0234d98 .config console log report info ci2-upstream-kcsan-gce
2020/12/31 07:42 upstream f6e1ea196492 5cc121d6 .config console log report info ci2-upstream-kcsan-gce
2020/12/31 00:09 upstream f6e1ea196492 ecb8c012 .config console log report info ci2-upstream-kcsan-gce
2020/12/29 08:37 upstream dea8dcf2a9fa 8259d56c .config console log report info ci2-upstream-kcsan-gce
2020/12/27 04:04 upstream f838f8d2b694 821e0b09 .config console log report info ci2-upstream-kcsan-gce
2020/12/22 05:03 upstream 8653b778e454 04201c06 .config console log report info ci2-upstream-kcsan-gce
2020/12/13 01:27 upstream 7b1b868e1d91 bca53db9 .config console log report info ci2-upstream-kcsan-gce
2020/12/10 01:18 upstream ca4bbdaf1716 c090b4da .config console log report info ci2-upstream-kcsan-gce
2020/12/08 12:29 upstream cd796ed33450 9af51e31 .config console log report info ci2-upstream-kcsan-gce
2020/12/07 13:46 upstream 0477e9288185 f80ce148 .config console log report info ci2-upstream-kcsan-gce
2020/11/01 15:42 upstream c2dc4c073fb7 8bc4594f .config console log report info ci2-upstream-kcsan-gce
2020/10/28 13:31 upstream ed8780e3f2ec 96e03c1c .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.