syzbot

 sign-in | mailing list | source | docs
🐞 Open [977] Subsystems 🐞 Fixed [5215] 🐞 Invalid [12468] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: KCSAN: data-race in find_next_bit and rcu_report_exp_cpu_mult

Status: closed as invalid on 2019/10/04 18:08
Subsystems: kasan
[Documentation on labels]
First crash: 1657d, last: 1657d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in _find_next_bit lib/find_bit.c:39 [inline] and rcu_report_exp_cpu_mult+0x4f/0xa0
BUG: KCSAN: data-race in find_next_bit+0x57/0xe0 lib/find_bit.c:70 and rcu_report_exp_cpu_mult+0x4f/0xa0

write to 0xffffffff85a7f140 of 8 bytes by interrupt on cpu 0:
 rcu_report_exp_cpu_mult+0x4f/0xa0 kernel/rcu/tree_exp.h:244
 rcu_report_exp_rdp+0x6c/0x90 kernel/rcu/tree_exp.h:254
 rcu_exp_handler+0xe5/0x190 kernel/rcu/tree_exp.h:616
 flush_smp_call_function_queue+0x190/0x2a0 kernel/smp.c:248
 generic_smp_call_function_single_interrupt+0x1c/0x49 kernel/smp.c:193
 smp_call_function_single_interrupt+0x71/0x1c0 arch/x86/kernel/smp.c:294
 call_function_single_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:852
 arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline]
 __kcsan_setup_watchpoint+0x272/0x500 kernel/kcsan/core.c:470
 __tsan_read4 kernel/kcsan/kcsan.c:30 [inline]
 __tsan_read4+0x2c/0x30 kernel/kcsan/kcsan.c:30
 tomoyo_path_matches_pattern+0x109/0x160 security/tomoyo/util.c:923
 tomoyo_compare_name_union security/tomoyo/file.c:87 [inline]
 tomoyo_compare_name_union+0x71/0xa0 security/tomoyo/file.c:82
 tomoyo_check_path_acl security/tomoyo/file.c:260 [inline]
 tomoyo_check_path_acl+0x85/0xa0 security/tomoyo/file.c:252
 tomoyo_check_acl+0xf6/0x270 security/tomoyo/domain.c:172
 tomoyo_path_permission security/tomoyo/file.c:586 [inline]
 tomoyo_path_permission+0xe3/0x160 security/tomoyo/file.c:573

read to 0xffffffff85a7f140 of 8 bytes by task 7283 on cpu 1:
 _find_next_bit lib/find_bit.c:39 [inline]
 find_next_bit+0x57/0xe0 lib/find_bit.c:70
 sync_rcu_exp_select_node_cpus+0x28e/0x510 kernel/rcu/tree_exp.h:375
 sync_rcu_exp_select_cpus+0x30c/0x590 kernel/rcu/tree_exp.h:439
 rcu_exp_sel_wait_wake kernel/rcu/tree_exp.h:575 [inline]
 wait_rcu_exp_gp+0x25/0x40 kernel/rcu/tree_exp.h:589
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 7283 Comm: kworker/1:3 Not tainted 5.3.0+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: rcu_gp wait_rcu_exp_gp
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/04 12:09 https://github.com/google/ktsan.git kcsan 6769d3ca0f23 b2f369e5 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.