syzbot

 sign-in | mailing list | source | docs
🐞 Open [1452]
Subsystems
🐞 Fixed [6740]
🐞 Invalid [17346]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu (3)

Status: auto-closed as invalid on 2021/11/02 20:29
Subsystems: kernel
[Documentation on labels]
First crash: 1529d, last: 1512d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu (4) kernel 6 4 1418d 1456d 0/29 auto-closed as invalid on 2022/02/04 19:38
upstream KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu kernel 6 1 1847d 1847d 0/29 auto-closed as invalid on 2020/12/02 11:50
upstream KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu (2) kernel 6 8 1565d 1574d 0/29 auto-closed as invalid on 2021/09/10 01:57

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu

write to 0xffff88813f53e850 of 8 bytes by interrupt on cpu 0:
 percpu_ref_call_confirm_rcu lib/percpu-refcount.c:156 [inline]
 percpu_ref_switch_to_atomic_rcu+0x188/0x360 lib/percpu-refcount.c:205
 rcu_do_batch kernel/rcu/tree.c:2508 [inline]
 rcu_core+0xbd5/0xd90 kernel/rcu/tree.c:2743
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2756
 __do_softirq+0x12c/0x26e kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu kernel/softirq.c:636 [inline]
 irq_exit_rcu+0x4e/0xa0 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20
 wait_task_continued kernel/exit.c:1234 [inline]
 wait_consider_task+0x13e1/0x1a10 kernel/exit.c:1380
 do_wait_thread kernel/exit.c:1397 [inline]
 do_wait+0x182/0x640 kernel/exit.c:1514
 kernel_wait4+0x14b/0x1b0 kernel/exit.c:1677
 __do_sys_wait4 kernel/exit.c:1705 [inline]
 __se_sys_wait4 kernel/exit.c:1701 [inline]
 __x64_sys_wait4+0x90/0x120 kernel/exit.c:1701
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff88813f53e850 of 8 bytes by task 24627 on cpu 1:
 __percpu_ref_switch_mode+0xf6/0x3c0 lib/percpu-refcount.c:275
 percpu_ref_resurrect+0xc2/0x110 lib/percpu-refcount.c:473
 io_refs_resurrect fs/io_uring.c:1199 [inline]
 io_ctx_quiesce fs/io_uring.c:10762 [inline]
 __io_uring_register fs/io_uring.c:10790 [inline]
 __do_sys_io_uring_register+0x124b/0x21a0 fs/io_uring.c:10928
 __se_sys_io_uring_register fs/io_uring.c:10908 [inline]
 __x64_sys_io_uring_register+0x4f/0x60 fs/io_uring.c:10908
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0xffffffff818d5b40 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 24627 Comm: syz-executor.5 Not tainted 5.15.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/09/28 20:26 upstream d33bec7b3dfa d82cb927 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu
2021/09/20 20:06 upstream e4e737bb5c17 3d9c9a2a .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu
2021/09/11 06:01 upstream e99f23c5bf59 3ce60af8 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __percpu_ref_switch_mode / percpu_ref_switch_to_atomic_rcu
* Struck through repros no longer work on HEAD.