syzbot

 sign-in | mailing list | source | docs
🐞 Open [978] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12472] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in ktime_get_with_offset / timekeeping_advance (3)

Status: auto-closed as invalid on 2020/06/04 04:21
Subsystems: kernel
[Documentation on labels]
First crash: 1603d, last: 1484d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ktime_get_with_offset / timekeeping_advance (2) kernel 12 1619d 1635d 0/26 closed as invalid on 2019/11/19 14:54
upstream KCSAN: data-race in ktime_get_with_offset / timekeeping_advance kernel 1 1654d 1654d 0/26 closed as invalid on 2019/10/18 14:11

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ktime_get_with_offset / timekeeping_advance

write to 0xffffffff86d972c8 of 280 bytes by interrupt on cpu 1:
 timekeeping_advance+0x88e/0xd80 include/linux/string.h:381
 update_wall_time+0x15/0x20 kernel/time/timekeeping.c:2137
 tick_do_update_jiffies64+0x1e5/0x2a0 kernel/time/tick-sched.c:98
 tick_sched_do_timer+0xc7/0xd0 kernel/time/tick-sched.c:142
 tick_sched_timer+0x3f/0xd0 kernel/time/tick-sched.c:1307
 __run_hrtimer kernel/time/hrtimer.c:1517 [inline]
 __hrtimer_run_queues+0x271/0x600 kernel/time/hrtimer.c:1579
 hrtimer_interrupt+0x226/0x490 kernel/time/hrtimer.c:1641
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline]
 smp_apic_timer_interrupt+0xd8/0x270 arch/x86/kernel/apic/apic.c:1144
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60
 arch_safe_halt arch/x86/include/asm/paravirt.h:144 [inline]
 default_idle+0x21/0x170 arch/x86/kernel/process.c:695
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1b7/0x290 kernel/sched/idle.c:269
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:361
 start_secondary+0x164/0x1b0 arch/x86/kernel/smpboot.c:264
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242

read to 0xffffffff86d972d8 of 8 bytes by interrupt on cpu 0:
 timekeeping_get_delta kernel/time/timekeeping.c:270 [inline]
 timekeeping_get_ns kernel/time/timekeeping.c:374 [inline]
 ktime_get_with_offset+0xea/0x230 kernel/time/timekeeping.c:802
 ktime_get_real include/linux/timekeeping.h:79 [inline]
 __net_timestamp include/linux/skbuff.h:3707 [inline]
 netif_rx_internal+0x12c/0x2b0 net/core/dev.c:4690
 netif_rx+0x41/0x210 net/core/dev.c:4742
 loopback_xmit+0x1cd/0x290 drivers/net/loopback.c:88
 __netdev_start_xmit include/linux/netdevice.h:4510 [inline]
 netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0xeb/0x420 net/core/dev.c:3486
 __dev_queue_xmit+0x14c4/0x1b80 net/core/dev.c:4063
 dev_queue_xmit+0x1e/0x30 net/core/dev.c:4096
 neigh_hh_output include/net/neighbour.h:499 [inline]
 neigh_output include/net/neighbour.h:508 [inline]
 ip_finish_output2+0x87d/0xed0 net/ipv4/ip_output.c:228
 __ip_finish_output net/ipv4/ip_output.c:306 [inline]
 __ip_finish_output+0x22f/0x460 net/ipv4/ip_output.c:288
 ip_finish_output+0x3e/0x160 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xf2/0x240 net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:436 [inline]
 ip_local_out+0x70/0x90 net/ipv4/ip_output.c:125
 __ip_queue_xmit+0x3a6/0xa40 net/ipv4/ip_output.c:530
 ip_queue_xmit+0x3e/0x50 include/net/ip.h:237
 __tcp_transmit_skb+0xe1f/0x1c90 net/ipv4/tcp_output.c:1234
 __tcp_send_ack+0x22c/0x2f0 net/ipv4/tcp_output.c:3771
 tcp_send_ack+0x2d/0x40 net/ipv4/tcp_output.c:3777
 tcp_fin+0x2ad/0x390 net/ipv4/tcp_input.c:4192
 tcp_data_queue+0x13f5/0x2050 net/ipv4/tcp_input.c:4813
 tcp_rcv_state_process+0x723/0x275c net/ipv4/tcp_input.c:6383
 tcp_v4_do_rcv+0x21b/0x4f0 net/ipv4/tcp_ipv4.c:1641
 tcp_v4_rcv+0x1bbf/0x1d80 net/ipv4/tcp_ipv4.c:2001
 ip_protocol_deliver_rcu+0x4b/0x410 net/ipv4/ip_input.c:204
 ip_local_deliver_finish+0xf3/0x120 net/ipv4/ip_input.c:231
 NF_HOOK include/linux/netfilter.h:307 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_local_deliver+0x135/0x220 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:442 [inline]
 ip_rcv_finish+0x124/0x160 net/ipv4/ip_input.c:428
 NF_HOOK include/linux/netfilter.h:307 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_rcv+0x198/0x1b0 net/ipv4/ip_input.c:538
 __netif_receive_skb_one_core+0x9f/0xe0 net/core/dev.c:5198
 __netif_receive_skb+0x33/0xf0 net/core/dev.c:5312
 process_backlog+0x213/0x4c0 net/core/dev.c:6144
 napi_poll net/core/dev.c:6582 [inline]
 net_rx_action+0x3ad/0xac0 net/core/dev.c:6650
 __do_softirq+0x118/0x34a kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082
 do_softirq.part.0+0x66/0x70 kernel/softirq.c:337
 do_softirq kernel/softirq.c:329 [inline]
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:189
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:718 [inline]
 ip_finish_output2+0x40b/0xed0 net/ipv4/ip_output.c:229
 __ip_finish_output net/ipv4/ip_output.c:306 [inline]
 __ip_finish_output+0x22f/0x460 net/ipv4/ip_output.c:288
 ip_finish_output+0x3e/0x160 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xf2/0x240 net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:436 [inline]
 ip_local_out+0x70/0x90 net/ipv4/ip_output.c:125
 __ip_queue_xmit+0x3a6/0xa40 net/ipv4/ip_output.c:530
 ip_queue_xmit+0x3e/0x50 include/net/ip.h:237
 __tcp_transmit_skb+0xe1f/0x1c90 net/ipv4/tcp_output.c:1234
 tcp_transmit_skb net/ipv4/tcp_output.c:1250 [inline]
 tcp_write_xmit+0x5a3/0x31e0 net/ipv4/tcp_output.c:2513
 __tcp_push_pending_frames+0x72/0x1b0 net/ipv4/tcp_output.c:2689
 tcp_send_fin+0xfd/0x700 net/ipv4/tcp_output.c:3235
 tcp_shutdown net/ipv4/tcp.c:2321 [inline]
 tcp_shutdown+0xa6/0xb0 net/ipv4/tcp.c:2306
 inet_shutdown+0x128/0x240 net/ipv4/af_inet.c:879
 kernel_sock_shutdown+0x38/0x50 net/socket.c:3830
 rds_tcp_accept_one+0x3bb/0x710 net/rds/tcp_listen.c:245
 rds_tcp_accept_worker+0x2b/0x50 net/rds/tcp.c:525
 process_one_work+0x424/0x930 kernel/workqueue.c:2264
 worker_thread+0x9a/0x7e0 kernel/workqueue.c:2410
 kthread+0x1cb/0x1f0 kernel/kthread.c:255
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8031 Comm: kworker/u4:5 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_tcp_accept_worker
==================================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/26 04:20 https://github.com/google/ktsan.git kcsan 40959e34d670 e8e6c7d2 .config console log report ci2-upstream-kcsan-gce
2020/02/06 05:57 https://github.com/google/ktsan.git kcsan 245a43005292 662cf49a .config console log report ci2-upstream-kcsan-gce
2020/02/04 05:04 https://github.com/google/ktsan.git kcsan 245a43005292 93e5e335 .config console log report ci2-upstream-kcsan-gce
2020/01/26 11:21 https://github.com/google/ktsan.git kcsan 245a43005292 f4e7270e .config console log report ci2-upstream-kcsan-gce
2019/12/29 16:35 https://github.com/google/ktsan.git kcsan 245a43005292 af6b8ef8 .config console log report ci2-upstream-kcsan-gce
2019/11/28 01:08 https://github.com/google/ktsan.git kcsan ef798c30ba4e 0d63f89c .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.