syzbot

 sign-in | mailing list | source | docs
🐞 Open [1644]
Subsystems
🐞 Fixed [6103]
🐞 Invalid [15271]
Missing Backports [168]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in run_timer_softirq / timer_reduce

Status: auto-closed as invalid on 2020/05/13 11:42
Subsystems: kasan
[Documentation on labels]
First crash: 1896d, last: 1845d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in run_timer_softirq / timer_reduce

write to 0xffff88812c11dbc8 of 8 bytes by interrupt on cpu 1:
 expire_timers kernel/time/timer.c:1446 [inline]
 __run_timers kernel/time/timer.c:1774 [inline]
 __run_timers kernel/time/timer.c:1741 [inline]
 run_timer_softirq+0x440/0xbd0 kernel/time/timer.c:1787
 __do_softirq+0x118/0x34a kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0xb5/0xd0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:546 [inline]
 smp_apic_timer_interrupt+0xe2/0x270 arch/x86/kernel/apic/apic.c:1146
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 is_atomic kernel/kcsan/core.c:213 [inline]
 should_watch kernel/kcsan/core.c:243 [inline]
 check_access kernel/kcsan/core.c:549 [inline]
 __tsan_read8+0x8e/0x100 kernel/kcsan/core.c:686
 compound_head include/linux/page-flags.h:174 [inline]
 PageAnon include/linux/page-flags.h:463 [inline]
 page_remove_rmap+0x56/0x790 mm/rmap.c:1329
 zap_pte_range mm/memory.c:1080 [inline]
 zap_pmd_range mm/memory.c:1184 [inline]
 zap_pud_range mm/memory.c:1213 [inline]
 zap_p4d_range mm/memory.c:1234 [inline]
 unmap_page_range+0xb99/0x1a60 mm/memory.c:1255
 unmap_single_vma+0x13c/0x1f0 mm/memory.c:1300
 unmap_vmas+0xe2/0x1b0 mm/memory.c:1332
 exit_mmap+0x13e/0x2f0 mm/mmap.c:3130
 __mmput kernel/fork.c:1088 [inline]
 mmput+0xe2/0x260 kernel/fork.c:1109
 exit_mm kernel/exit.c:485 [inline]
 do_exit+0x640/0x1880 kernel/exit.c:788
 do_group_exit+0xae/0x1a0 kernel/exit.c:899
 __do_sys_exit_group kernel/exit.c:910 [inline]
 __se_sys_exit_group kernel/exit.c:908 [inline]
 __x64_sys_exit_group+0x2b/0x30 kernel/exit.c:908
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88812c11dbc8 of 8 bytes by task 9003 on cpu 0:
 __mod_timer kernel/time/timer.c:1027 [inline]
 timer_reduce+0x2f9/0x8b0 kernel/time/timer.c:1116
 cgroup_file_notify+0x10a/0x110 kernel/cgroup/cgroup.c:4093
 pids_can_fork+0x16d/0x1b0 kernel/cgroup/pids.c:233
 cgroup_can_fork+0xd5/0x1b0 kernel/cgroup/cgroup.c:5877
 copy_process+0x2545/0x3b10 kernel/fork.c:2190
 _do_fork+0xf7/0x790 kernel/fork.c:2436
 __do_sys_clone kernel/fork.c:2591 [inline]
 __se_sys_clone kernel/fork.c:2572 [inline]
 __x64_sys_clone+0x12e/0x170 kernel/fork.c:2572
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 9003 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/04 11:36 https://github.com/google/ktsan.git kcsan 766d004d1b85 712198ac .config console log report ci2-upstream-kcsan-gce
2020/02/09 22:03 https://github.com/google/ktsan.git kcsan f60f0f543333 35f5e45e .config console log report ci2-upstream-kcsan-gce
2020/01/13 11:19 https://github.com/google/ktsan.git kcsan 245a43005292 99565c1a .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.