syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12492] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in do_timer_create / do_timer_create (8)

Status: fixed on 2023/09/28 17:51
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com
Fix commit: 8ce8849dd1e7 posix-timers: Ensure timer ID search-loop limit is valid
First crash: 469d, last: 337d
Discussions (31)
Title Replies (including bot) Last reply
[PATCH RT 10/12] posix-timers: Ensure timer ID search-loop limit is valid 1 (1) 2023/10/18 19:48
[PATCH AUTOSEL 4.14 1/5] debugobjects: Recheck debug_objects_enabled before reporting 2 (2) 2023/07/02 19:42
[PATCH AUTOSEL 4.19 1/5] debugobjects: Recheck debug_objects_enabled before reporting 2 (2) 2023/07/02 19:42
[PATCH AUTOSEL 5.4 5/5] posix-timers: Ensure timer ID search-loop limit is valid 1 (1) 2023/07/02 19:42
[PATCH AUTOSEL 5.10 6/7] posix-timers: Ensure timer ID search-loop limit is valid 1 (1) 2023/07/02 19:41
[PATCH AUTOSEL 5.15 07/10] posix-timers: Ensure timer ID search-loop limit is valid 1 (1) 2023/07/02 19:41
[PATCH AUTOSEL 6.1 09/12] posix-timers: Ensure timer ID search-loop limit is valid 1 (1) 2023/07/02 19:41
[PATCH AUTOSEL 6.3 10/14] posix-timers: Ensure timer ID search-loop limit is valid 1 (1) 2023/07/02 19:40
[PATCH AUTOSEL 6.4 11/15] posix-timers: Ensure timer ID search-loop limit is valid 1 (1) 2023/07/02 19:40
[patch 02/20] posix-timers: Ensure timer ID search-loop limit is valid 33 (33) 2023/06/18 20:50
[patch 00/20] posix-timers: Fixes and cleanups 2 (2) 2023/06/05 14:32
[patch 18/20] posix-timers: Clarify posix_timer_fn() comments 5 (5) 2023/06/05 14:26
[patch 01/20] posix-timers: Prevent RT livelock in itimer_delete() 7 (7) 2023/06/05 10:59
[patch 20/20] posix-timers: Polish coding style in a few places 2 (2) 2023/06/01 13:50
[patch 19/20] posix-timers: Remove pointless comments 2 (2) 2023/06/01 13:48
[patch 17/20] posix-timers: Clarify posix_timer_rearm() comment 2 (2) 2023/06/01 12:52
[patch 16/20] posix-timers: Comment SIGEV_THREAD_ID properly 2 (2) 2023/06/01 12:47
[patch 15/20] posix-timers: Add proper comments in do_timer_create() 2 (2) 2023/06/01 12:43
[patch 14/20] posix-timers: Document nanosleep() details 2 (2) 2023/06/01 12:30
[patch 13/20] posix-timers: Document sys_clock_settime() permissions in place 2 (2) 2023/06/01 11:22
[patch 12/20] posix-timers: Document sys_clock_getoverrun() 2 (2) 2023/06/01 11:06
[patch 11/20] posix-timers: Document common_clock_get() correctly 2 (2) 2023/06/01 11:00
[patch 10/20] posix-timers: Document sys_clock_getres() correctly 2 (2) 2023/06/01 10:44
[patch 09/20] posix-timers: Split release_posix_timers() 2 (2) 2023/06/01 10:25
[patch 08/20] posix-timers: Remove pointless irqsafe from hash_lock 2 (2) 2023/06/01 10:12
[patch 07/20] posix-timers: Set k_itimer::it_signal to NULL on exit() 2 (2) 2023/06/01 10:09
[patch 06/20] posix-timers: Annotate concurrent access to k_itimer::it_signal 2 (2) 2023/05/09 11:04
[patch 05/20] posix-timers: Add comments about timer lookup 2 (2) 2023/05/09 10:58
[patch 04/20] posix-timers: Cleanup comments about timer ID tracking 2 (2) 2023/05/09 09:58
[patch 03/20] posix-timers: Clarify timer_wait_running() comment 2 (2) 2023/05/09 09:50
[syzbot] [kernel?] KCSAN: data-race in do_timer_create / do_timer_create (8) 2 (3) 2023/04/21 22:36
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in do_timer_create / do_timer_create kernel 1 1078d 1078d 0/26 auto-closed as invalid on 2021/06/14 21:07
upstream KCSAN: data-race in do_timer_create / do_timer_create (3) kernel 2 905d 910d 0/26 auto-closed as invalid on 2021/12/05 03:50
upstream KCSAN: data-race in do_timer_create / do_timer_create (2) kernel 1 1035d 1035d 0/26 auto-closed as invalid on 2021/07/28 07:48
upstream KCSAN: data-race in do_timer_create / do_timer_create (6) kernel 1 575d 575d 0/26 auto-obsoleted due to no activity on 2022/10/31 13:32
upstream KCSAN: data-race in do_timer_create / do_timer_create (7) kernel 1 532d 532d 0/26 auto-obsoleted due to no activity on 2022/12/12 21:42
upstream KCSAN: data-race in do_timer_create / do_timer_create (5) kernel 10 629d 734d 0/26 auto-closed as invalid on 2022/09/07 15:06
upstream KCSAN: data-race in do_timer_create / do_timer_create (4) kernel 18 773d 860d 0/26 auto-closed as invalid on 2022/04/16 01:14

Sample crash report:
==================================================================
BUG: KCSAN: data-race in do_timer_create / do_timer_create

write to 0xffff88810462d704 of 4 bytes by task 5587 on cpu 1:
 do_timer_create+0x2fd/0xa30 kernel/time/posix-timers.c:516
 __se_sys_timer_create kernel/time/posix-timers.c:577 [inline]
 __x64_sys_timer_create+0xbb/0xe0 kernel/time/posix-timers.c:577
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff88810462d704 of 4 bytes by task 5586 on cpu 0:
 posix_timer_add kernel/time/posix-timers.c:143 [inline]
 do_timer_create+0x19f/0xa30 kernel/time/posix-timers.c:516
 __se_sys_timer_create kernel/time/posix-timers.c:577 [inline]
 __x64_sys_timer_create+0xbb/0xe0 kernel/time/posix-timers.c:577
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000012 -> 0x0000001d

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 5586 Comm: syz-executor.5 Not tainted 6.4.0-rc2-syzkaller-00338-ge2065b8c1b01 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
==================================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/22 05:08 upstream e2065b8c1b01 4bce1a3e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/04/18 09:53 upstream 6a8f57ae2eb0 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/04/15 20:09 upstream 7a934f4bd7d6 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/04/05 13:40 upstream 76f598ba7d8e 831373d3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/03/30 16:30 upstream ffe78bbd5121 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/03/19 07:16 upstream 534293368afa 7939252e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/02/20 11:40 upstream c9c3395d5e3d bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/02/17 07:32 upstream 3ac88fa4605e 851bc19a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
2023/01/09 19:25 upstream 1fe4fd6f5cad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_timer_create / do_timer_create
* Struck through repros no longer work on HEAD.