syzbot

 sign-in | mailing list | source | docs
🐞 Open [1163] 🐞 Fixed [4320] 🐞 Invalid [9662] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in futex_wait / hrtimer_wakeup

Status: auto-closed as invalid on 2021/05/17 11:26
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 721d, last: 692d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in futex_wait / hrtimer_wakeup (2) 1 538d 538d 0/24 auto-closed as invalid on 2021/09/19 05:49
upstream KCSAN: data-race in futex_wait / hrtimer_wakeup (4) 1 260d 260d 0/24 auto-closed as invalid on 2022/06/24 14:54
upstream KCSAN: data-race in futex_wait / hrtimer_wakeup (3) 1 341d 341d 0/24 auto-closed as invalid on 2022/04/04 11:03

Sample crash report:
==================================================================
BUG: KCSAN: data-race in futex_wait / hrtimer_wakeup

write to 0xffffc90003babea0 of 8 bytes by interrupt on cpu 1:
 hrtimer_wakeup+0x25/0x50 kernel/time/hrtimer.c:1771
 __run_hrtimer+0x163/0x460 kernel/time/hrtimer.c:1519
 __hrtimer_run_queues kernel/time/hrtimer.c:1583 [inline]
 hrtimer_interrupt+0x36e/0xa30 kernel/time/hrtimer.c:1645
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1089 [inline]
 __sysvec_apic_timer_interrupt+0x6f/0x200 arch/x86/kernel/apic/apic.c:1106
 sysvec_apic_timer_interrupt+0x69/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
 check_access kernel/kcsan/core.c:629 [inline]
 __tsan_read8+0x15a/0x180 kernel/kcsan/core.c:840
 __mod_memcg_lruvec_state+0x22/0x260 mm/memcontrol.c:810
 __mod_lruvec_state mm/memcontrol.c:851 [inline]
 __mod_lruvec_page_state+0xce/0x110 mm/memcontrol.c:869
 page_add_file_rmap+0x29d/0x2e0 mm/rmap.c:1245
 do_set_pte+0x26b/0x480 mm/memory.c:3758
 finish_fault+0x3de/0x490 mm/memory.c:3820
 do_read_fault+0x324/0x530 mm/memory.c:3943
 do_fault mm/memory.c:4067 [inline]
 handle_pte_fault mm/memory.c:4318 [inline]
 __handle_mm_fault mm/memory.c:4453 [inline]
 handle_mm_fault+0x1019/0x1840 mm/memory.c:4551
 faultin_page mm/gup.c:850 [inline]
 __get_user_pages+0xa47/0x1000 mm/gup.c:1069
 populate_vma_page_range mm/gup.c:1402 [inline]
 __mm_populate+0x24d/0x380 mm/gup.c:1450
 mm_populate include/linux/mm.h:2570 [inline]
 do_shmat+0x727/0x940 ipc/shm.c:1567
 __do_sys_shmat ipc/shm.c:1594 [inline]
 __se_sys_shmat ipc/shm.c:1589 [inline]
 __x64_sys_shmat+0x58/0xa0 ipc/shm.c:1589
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffc90003babea0 of 8 bytes by task 11183 on cpu 0:
 futex_wait+0x1f6/0x3d0 kernel/futex.c:2716
 futex_wait_restart+0xb4/0xe0 kernel/futex.c:2760
 __do_sys_restart_syscall+0x2a/0x30 kernel/signal.c:2913
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 11183 Comm: syz-executor.0 Not tainted 5.12.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-kcsan-gce 2021/03/14 21:20 upstream 75013c6c52d8 cc1cff8f .config console log report info KCSAN: data-race in futex_wait / hrtimer_wakeup
ci2-upstream-kcsan-gce 2021/02/13 10:20 upstream c6d8570e4d64 98682e5e .config console log report info KCSAN: data-race in futex_wait / hrtimer_wakeup
* Struck through repros no longer work on HEAD.