syzbot

 sign-in | mailing list | source | docs
🐞 Open [1269] Subsystems 🐞 Fixed [5427] 🐞 Invalid [12860] Missing Backports [106] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

KCSAN: data-race in __futex_wait / hrtimer_wakeup

Status: moderation: reported on 2024/06/07 01:51
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+7e78a9974d48a87903ad@syzkaller.appspotmail.com
First crash: 19d, last: 2d18h

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __futex_wait / hrtimer_wakeup

read-write to 0xffffc9000159fd90 of 8 bytes by interrupt on cpu 0:
 hrtimer_wakeup+0x1c/0x50 kernel/time/hrtimer.c:1921
 __run_hrtimer kernel/time/hrtimer.c:1687 [inline]
 __hrtimer_run_queues+0x20d/0x5e0 kernel/time/hrtimer.c:1751
 hrtimer_interrupt+0x210/0x7b0 kernel/time/hrtimer.c:1813
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1a0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 clear_page_erms+0xd/0x20 arch/x86/lib/clear_page_64.S:50
 clear_page arch/x86/include/asm/page_64.h:53 [inline]
 clear_highpage_kasan_tagged include/linux/highmem.h:248 [inline]
 kernel_init_pages mm/page_alloc.c:1026 [inline]
 post_alloc_hook mm/page_alloc.c:1466 [inline]
 prep_new_page mm/page_alloc.c:1476 [inline]
 alloc_pages_bulk_noprof+0x449/0x6b0 mm/page_alloc.c:4605
 copy_splice_read+0xfa/0x5d0 fs/splice.c:345
 sock_splice_read+0xb2/0xc0 net/socket.c:1106
 do_splice_read fs/splice.c:985 [inline]
 splice_file_to_pipe+0x23d/0x390 fs/splice.c:1295
 do_splice+0xc97/0x1120 fs/splice.c:1379
 __do_splice fs/splice.c:1436 [inline]
 __do_sys_splice fs/splice.c:1652 [inline]
 __se_sys_splice+0x24c/0x390 fs/splice.c:1634
 __x64_sys_splice+0x78/0x90 fs/splice.c:1634
 x64_sys_call+0x297f/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:276
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffc9000159fd90 of 8 bytes by task 26588 on cpu 1:
 __futex_wait+0x17f/0x290 kernel/futex/waitwake.c:675
 futex_wait+0x99/0x1c0 kernel/futex/waitwake.c:697
 do_futex+0x276/0x370 kernel/futex/syscalls.c:102
 __do_sys_futex kernel/futex/syscalls.c:179 [inline]
 __se_sys_futex+0x25d/0x3a0 kernel/futex/syscalls.c:160
 __x64_sys_futex+0x78/0x90 kernel/futex/syscalls.c:160
 x64_sys_call+0x28c1/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:203
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff8881070b4200 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 26588 Comm: syz-executor.1 Tainted: G        W          6.10.0-rc4-syzkaller-00283-g563a50672d8a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/23 08:23 upstream 563a50672d8a edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __futex_wait / hrtimer_wakeup
2024/06/18 21:54 upstream 3d54351c64e8 639d6cdf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __futex_wait / hrtimer_wakeup
2024/06/16 08:28 upstream a3e18a540541 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __futex_wait / hrtimer_wakeup
2024/06/11 05:36 upstream 83a7eefedc9b b7d9eb04 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __futex_wait / hrtimer_wakeup
2024/06/10 02:22 upstream 83a7eefedc9b 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __futex_wait / hrtimer_wakeup
2024/06/07 01:51 upstream d30d0e49da71 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __futex_wait / hrtimer_wakeup
2024/06/07 01:50 upstream d30d0e49da71 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __futex_wait / hrtimer_wakeup
* Struck through repros no longer work on HEAD.