syzbot

 sign-in | mailing list | source | docs
🐞 Open [1501]
Subsystems
🐞 Fixed [6533]
🐞 Invalid [16698]
Missing Backports [202]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in add_timer_on / run_local_timers (3)

Status: auto-closed as invalid on 2020/06/08 01:04
Subsystems: kernel
[Documentation on labels]
First crash: 1990d, last: 1982d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in add_timer_on / run_local_timers (2) kernel 6 6 2062d 2110d 0/29 auto-closed as invalid on 2020/03/19 13:36
upstream KCSAN: data-race in add_timer_on / run_local_timers kernel 6 3 2125d 2128d 0/29 closed as invalid on 2019/11/19 14:04

Sample crash report:
==================================================================
BUG: KCSAN: data-race in add_timer_on / run_local_timers

write to 0xffff88812c01dbd0 of 8 bytes by interrupt on cpu 1:
 forward_timer_base kernel/time/timer.c:903 [inline]
 add_timer_on+0x293/0x2c0 kernel/time/timer.c:1172
 clocksource_watchdog+0x699/0x7c0 kernel/time/clocksource.c:303
 call_timer_fn+0x58/0x2e0 kernel/time/timer.c:1405
 expire_timers kernel/time/timer.c:1450 [inline]
 __run_timers kernel/time/timer.c:1774 [inline]
 __run_timers kernel/time/timer.c:1741 [inline]
 run_timer_softirq+0xb14/0xbd0 kernel/time/timer.c:1787
 __do_softirq+0x118/0x34a kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0xb5/0xd0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:546 [inline]
 smp_apic_timer_interrupt+0xe2/0x270 arch/x86/kernel/apic/apic.c:1146
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60
 arch_safe_halt arch/x86/include/asm/paravirt.h:144 [inline]
 default_idle+0x21/0x170 arch/x86/kernel/process.c:695
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1b7/0x290 kernel/sched/idle.c:269
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:361
 start_secondary+0x164/0x1b0 arch/x86/kernel/smpboot.c:264
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242

read to 0xffff88812c01dbd0 of 8 bytes by interrupt on cpu 0:
 run_local_timers+0x55/0xd0 kernel/time/timer.c:1801
 update_process_times+0x28/0x70 kernel/time/timer.c:1726
 tick_sched_handle+0x6f/0x100 kernel/time/tick-sched.c:171
 tick_sched_timer+0x54/0xd0 kernel/time/tick-sched.c:1314
 __run_hrtimer kernel/time/hrtimer.c:1517 [inline]
 __hrtimer_run_queues+0x271/0x600 kernel/time/hrtimer.c:1579
 hrtimer_interrupt+0x226/0x490 kernel/time/hrtimer.c:1641
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline]
 smp_apic_timer_interrupt+0xd8/0x270 arch/x86/kernel/apic/apic.c:1144
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60
 arch_safe_halt arch/x86/include/asm/paravirt.h:144 [inline]
 default_idle+0x21/0x170 arch/x86/kernel/process.c:695
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x1b7/0x290 kernel/sched/idle.c:269
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:361
 rest_init+0xe4/0xeb init/main.c:632
 arch_call_rest_init+0x13/0x2b
 start_kernel+0xcc2/0xceb init/main.c:971
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/30 00:58 https://github.com/google/ktsan.git kcsan 40959e34d670 05736b29 .config console log report ci2-upstream-kcsan-gce
2020/03/21 17:05 https://github.com/google/ktsan.git kcsan 40959e34d670 aa6c6a55 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.