syzbot


KCSAN: data-race in hrtimer_interrupt / print_tickdevice.isra.0

Status: closed as invalid on 2020/06/18 14:24
Subsystems: kernel
[Documentation on labels]
First crash: 1491d, last: 1402d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in hrtimer_interrupt / print_tickdevice.isra.0

write to 0xffff88812c119398 of 8 bytes by interrupt on cpu 1:
 hrtimer_interrupt+0xa7/0x490 kernel/time/hrtimer.c:1625
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 [inline]
 smp_apic_timer_interrupt+0xd8/0x270 arch/x86/kernel/apic/apic.c:1138
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
 clear_page_erms+0x7/0x10 arch/x86/lib/clear_page_64.S:48
 clear_page arch/x86/include/asm/page_64.h:49 [inline]
 clear_highpage include/linux/highmem.h:214 [inline]
 kernel_init_free_pages+0x61/0xa0 mm/page_alloc.c:1170
 prep_new_page+0xa2/0xb0 mm/page_alloc.c:2210
 get_page_from_freelist+0x14d2/0x17c0 mm/page_alloc.c:3753
 __alloc_pages_nodemask+0x158/0x300 mm/page_alloc.c:4803
 __alloc_pages include/linux/gfp.h:504 [inline]
 __alloc_pages_node include/linux/gfp.h:517 [inline]
 alloc_pages_vma+0x29b/0x390 mm/mempolicy.c:2239
 do_huge_pmd_anonymous_page+0x2af/0x11a0 mm/huge_memory.c:772
 create_huge_pmd mm/memory.c:4097 [inline]
 __handle_mm_fault+0x1f5b/0x2da0 mm/memory.c:4316
 handle_mm_fault+0x21c/0x540 mm/memory.c:4382
 do_user_addr_fault arch/x86/mm/fault.c:1464 [inline]
 do_page_fault+0x48a/0xa96 arch/x86/mm/fault.c:1535
 page_fault+0x34/0x40 arch/x86/entry/entry_64.S:1203
 copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:90
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:74 [inline]
 _copy_to_user+0x8f/0xb0 lib/usercopy.c:30
 copy_to_user include/linux/uaccess.h:152 [inline]
 bpf_verifier_vlog+0x127/0x1f0 kernel/bpf/verifier.c:280
 verbose+0xf6/0x150 kernel/bpf/verifier.c:313
 print_verification_stats kernel/bpf/verifier.c:10331 [inline]
 bpf_check+0x15e9/0x5a42 kernel/bpf/verifier.c:10796
 bpf_prog_load+0x9bf/0xe80 kernel/bpf/syscall.c:2115
 __do_sys_bpf+0x1a10/0x3100 kernel/bpf/syscall.c:3703
 __se_sys_bpf kernel/bpf/syscall.c:3661 [inline]
 __x64_sys_bpf+0x47/0x60 kernel/bpf/syscall.c:3661
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88812c119398 of 8 bytes by task 10818 on cpu 0:
 print_tickdevice.isra.0+0x14a/0x3c0 kernel/time/timer_list.c:219
 timer_list_show+0x85/0x140 kernel/time/timer_list.c:316
 traverse fs/seq_file.c:105 [inline]
 traverse+0xec/0x3f0 fs/seq_file.c:84
 seq_read+0x5b0/0x940 fs/seq_file.c:166
 pde_read fs/proc/inode.c:292 [inline]
 proc_reg_read+0x17f/0x1b0 fs/proc/inode.c:304
 do_loop_readv_writev fs/read_write.c:715 [inline]
 do_loop_readv_writev fs/read_write.c:702 [inline]
 do_iter_read+0x33f/0x3a0 fs/read_write.c:936
 vfs_readv+0x9c/0xf0 fs/read_write.c:1054
 kernel_readv fs/splice.c:365 [inline]
 default_file_splice_read+0x361/0x630 fs/splice.c:422
 do_splice_to+0xc7/0x100 fs/splice.c:892
 splice_direct_to_actor+0x1b9/0x540 fs/splice.c:971
 do_splice_direct+0x152/0x1d0 fs/splice.c:1080
 do_sendfile+0x380/0x800 fs/read_write.c:1521
 __do_sys_sendfile64 fs/read_write.c:1576 [inline]
 __se_sys_sendfile64 fs/read_write.c:1568 [inline]
 __x64_sys_sendfile64+0xb8/0x140 fs/read_write.c:1568
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10818 Comm: syz-executor.2 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/26 02:35 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 8ca3b7d2 .config console log report ci2-upstream-kcsan-gce
2020/04/26 19:48 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 0ce7569e .config console log report ci2-upstream-kcsan-gce
2020/02/26 10:21 https://github.com/google/ktsan.git kcsan 766d004d1b85 4f588111 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.