KCSAN: data-race in futex_wait / hrtimer

KCSAN: data-race in futex_wait / hrtimer_wakeup (2)
Status: auto-closed as invalid on 2021/09/19 05:49
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 65d, last: 65d

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in futex_wait / hrtimer_wakeup				2	219d	248d	0/22	auto-closed as invalid on 2021/05/17 11:26

Sample crash report:

==================================================================
BUG: KCSAN: data-race in futex_wait / hrtimer_wakeup

write to 0xffffc900006dfc18 of 8 bytes by interrupt on cpu 1:
 hrtimer_wakeup+0x25/0x50 kernel/time/hrtimer.c:1789
 __run_hrtimer+0x160/0x480 kernel/time/hrtimer.c:1537
 __hrtimer_run_queues kernel/time/hrtimer.c:1601 [inline]
 hrtimer_interrupt+0x380/0xaf0 kernel/time/hrtimer.c:1663
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1089 [inline]
 __sysvec_apic_timer_interrupt+0x6f/0x1c0 arch/x86/kernel/apic/apic.c:1106
 sysvec_apic_timer_interrupt+0x64/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
 kcsan_setup_watchpoint+0x8b/0x3e0 kernel/kcsan/core.c:437
 zap_pte_range+0x188/0xe00 mm/memory.c:1325
 zap_pmd_range mm/memory.c:1481 [inline]
 zap_pud_range mm/memory.c:1510 [inline]
 zap_p4d_range mm/memory.c:1531 [inline]
 unmap_page_range+0x2dc/0x3d0 mm/memory.c:1552
 unmap_single_vma+0x157/0x210 mm/memory.c:1597
 unmap_vmas+0xc0/0x170 mm/memory.c:1629
 exit_mmap+0x22d/0x460 mm/mmap.c:3201
 __mmput+0x27/0x1c0 kernel/fork.c:1101
 mmput+0x3d/0x50 kernel/fork.c:1122
 register_for_each_vma+0x665/0x890 kernel/events/uprobes.c:1080
 __uprobe_register+0x3f4/0x8a0 kernel/events/uprobes.c:1182
 uprobe_register_refctr+0x29/0x40 kernel/events/uprobes.c:1204
 trace_uprobe_enable kernel/trace/trace_uprobe.c:1065 [inline]
 probe_event_enable+0x2be/0x7d0 kernel/trace/trace_uprobe.c:1134
 trace_uprobe_register+0x88/0x410 kernel/trace/trace_uprobe.c:1461
 perf_trace_event_reg kernel/trace/trace_event_perf.c:129 [inline]
 perf_trace_event_init+0x34e/0x790 kernel/trace/trace_event_perf.c:204
 perf_uprobe_init+0xf5/0x140 kernel/trace/trace_event_perf.c:336
 perf_uprobe_event_init+0xde/0x140 kernel/events/core.c:9875
 perf_try_init_event+0x21a/0x400 kernel/events/core.c:11192
 perf_init_event kernel/events/core.c:11256 [inline]
 perf_event_alloc+0xa60/0x1790 kernel/events/core.c:11547
 __do_sys_perf_event_open kernel/events/core.c:12068 [inline]
 __se_sys_perf_event_open+0x5c7/0x27f0 kernel/events/core.c:11960
 __x64_sys_perf_event_open+0x63/0x70 kernel/events/core.c:11960
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffc900006dfc18 of 8 bytes by task 6342 on cpu 0:
 futex_wait+0x22e/0x430 kernel/futex.c:2712
 do_futex+0x9c1/0x1f10 kernel/futex.c:3730
 __do_sys_futex kernel/futex.c:3807 [inline]
 __se_sys_futex+0xc6/0x370 kernel/futex.c:3788
 __x64_sys_futex+0x74/0x80 kernel/futex.c:3788
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0xffff888130ac6000 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 6342 Comm: syz-fuzzer Not tainted 5.14.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-upstream-kcsan-gce	2021/08/15 05:47	upstream	ba31f97d43be	2489ab88	.config	log	report			info	KCSAN: data-race in futex_wait / hrtimer_wakeup