syzbot

 sign-in | mailing list | source | docs
🐞 Open [1033] 🐞 Fixed [3928] 🐞 Invalid [8535] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in complete_signal / exit_signals (3)

Status: auto-closed as invalid on 2021/03/05 20:46
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 578d, last: 566d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in complete_signal / exit_signals 1 798d 798d 0/23 closed as invalid on 2020/06/18 14:13
upstream KCSAN: data-race in complete_signal / exit_signals (2) 1 762d 762d 0/23 auto-closed as invalid on 2020/08/22 00:27
upstream KCSAN: data-race in complete_signal / exit_signals (4) 1 448d 448d 0/23 auto-closed as invalid on 2021/07/01 12:39

Sample crash report:
==================================================================
BUG: KCSAN: data-race in complete_signal / exit_signals

write to 0xffff88800a3f702c of 4 bytes by task 13006 on cpu 1:
 exit_signals+0x10d/0x540 kernel/signal.c:2865
 do_exit+0x1b4/0x1690 kernel/exit.c:781
 do_group_exit+0x17d/0x180 kernel/exit.c:922
 __do_sys_exit_group+0xb/0x10 kernel/exit.c:933
 __se_sys_exit_group+0x5/0x10 kernel/exit.c:931
 __x64_sys_exit_group+0x16/0x20 kernel/exit.c:931
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88800a3f702c of 4 bytes by interrupt on cpu 0:
 wants_signal kernel/signal.c:978 [inline]
 complete_signal+0x7c/0x600 kernel/signal.c:1001
 send_sigqueue+0x268/0x430 kernel/signal.c:1881
 posix_timer_event kernel/time/posix-timers.c:354 [inline]
 posix_timer_fn+0xe8/0x210 kernel/time/posix-timers.c:380
 __run_hrtimer+0x163/0x460 kernel/time/hrtimer.c:1519
 __hrtimer_run_queues kernel/time/hrtimer.c:1583 [inline]
 hrtimer_interrupt+0x36e/0xa30 kernel/time/hrtimer.c:1645
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1085 [inline]
 __sysvec_apic_timer_interrupt+0x6f/0x200 arch/x86/kernel/apic/apic.c:1102
 asm_call_irq_on_stack+0xf/0x20
 __run_sysvec_on_irqstack arch/x86/include/asm/irq_stack.h:37 [inline]
 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:89 [inline]
 sysvec_apic_timer_interrupt+0x52/0x90 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:629
 native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline]
 arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x32/0x50 kernel/locking/spinlock.c:191
 spin_unlock_irqrestore include/linux/spinlock.h:409 [inline]
 do_notify_parent_cldstop+0x25e/0x290 kernel/signal.c:2073
 get_signal+0x10ee/0x14e0 kernel/signal.c:2607
 arch_do_signal_or_restart+0x2a/0x270 arch/x86/kernel/signal.c:811
 handle_signal_work kernel/entry/common.c:147 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x11a/0x1b0 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 13052 Comm: syz-executor.0 Not tainted 5.11.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/01/29 20:46 upstream bec4c2968fce fc9fd31e .config log report info KCSAN: data-race in complete_signal / exit_signals
ci2-upstream-kcsan-gce 2021/01/17 12:59 upstream 0da0a8a0a0e1 813be542 .config log report info