syzbot


KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (7)

Status: auto-obsoleted due to no activity on 2023/11/01 12:19
Subsystems: kernel
[Documentation on labels]
First crash: 147d, last: 147d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (5) bpf net 21 299d 553d 0/26 auto-obsoleted due to no activity on 2023/06/02 17:22
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn net 4 1331d 1341d 0/26 auto-closed as invalid on 2020/08/04 06:35
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (2) net 3 1246d 1280d 0/26 auto-closed as invalid on 2020/10/28 20:02
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (9) kernel 4 4d16h 43d 0/26 moderation: reported on 2024/01/09 18:25
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (4) bpf 12 628d 798d 0/26 auto-closed as invalid on 2022/07/08 11:31
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (3) bpf 12 1052d 1149d 0/26 auto-closed as invalid on 2021/05/17 09:01
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (6) net 7 219d 234d 0/26 auto-obsoleted due to no activity on 2023/08/21 13:19
upstream KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn (8) kernel 6 87d 73d 0/26 auto-obsoleted due to no activity on 2023/12/31 20:24

Sample crash report:
==================================================================
BUG: KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn

read-write to 0xffffffff86eeb29c of 4 bytes by task 2743 on cpu 1:
 pcpu_update_empty_pages mm/percpu.c:602 [inline]
 pcpu_chunk_populated mm/percpu.c:1531 [inline]
 pcpu_balance_populated mm/percpu.c:2090 [inline]
 pcpu_balance_workfn+0x96f/0xa80 mm/percpu.c:2240
 process_one_work kernel/workqueue.c:2630 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
 worker_thread+0x525/0x730 kernel/workqueue.c:2784
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

read to 0xffffffff86eeb29c of 4 bytes by task 3087 on cpu 0:
 pcpu_alloc+0xa59/0x12a0 mm/percpu.c:1870
 __alloc_percpu_gfp+0x26/0x30 mm/percpu.c:1932
 ipip6_tunnel_init+0x82/0x240 net/ipv6/sit.c:1452
 register_netdevice+0x213/0xb20 net/core/dev.c:10067
 register_netdev+0x3b/0x50 net/core/dev.c:10266
 sit_init_net+0x1c0/0x370 net/ipv6/sit.c:1860
 ops_init+0x1fc/0x2c0 net/core/net_namespace.c:136
 setup_net+0x2cd/0x710 net/core/net_namespace.c:339
 copy_net_ns+0x384/0x520 net/core/net_namespace.c:491
 create_new_namespaces+0x228/0x430 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xe4/0x120 kernel/nsproxy.c:228
 ksys_unshare+0x38d/0x6d0 kernel/fork.c:3435
 __do_sys_unshare kernel/fork.c:3506 [inline]
 __se_sys_unshare kernel/fork.c:3504 [inline]
 __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3504
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000001 -> 0x00000004

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 3087 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller-00038-g0e945134b680 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
==================================================================
chnl_net:caif_netlink_parms(): no params data found
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered disabled state
bridge_slave_0: entered allmulticast mode
bridge_slave_0: entered promiscuous mode
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
bridge_slave_1: entered allmulticast mode
bridge_slave_1: entered promiscuous mode
bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
team0: Port device team_slave_0 added
team0: Port device team_slave_1 added
batman_adv: batadv0: Adding interface: batadv_slave_0
batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
batman_adv: batadv0: Adding interface: batadv_slave_1
batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
hsr_slave_0: entered promiscuous mode
hsr_slave_1: entered promiscuous mode
debugfs: Directory 'hsr0' with parent 'hsr' already present!
Cannot create hsr debugfs directory
netdevsim netdevsim0 netdevsim0: renamed from eth0
netdevsim netdevsim0 netdevsim1: renamed from eth1
netdevsim netdevsim0 netdevsim2: renamed from eth2
netdevsim netdevsim0 netdevsim3: renamed from eth3
8021q: adding VLAN 0 to HW filter on device bond0
8021q: adding VLAN 0 to HW filter on device team0
hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
8021q: adding VLAN 0 to HW filter on device batadv0
veth0_vlan: entered promiscuous mode
veth1_vlan: entered promiscuous mode
veth0_macvtap: entered promiscuous mode
veth1_macvtap: entered promiscuous mode
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_1
netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/27 12:15 upstream 0e945134b680 2895a507 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in pcpu_alloc / pcpu_balance_workfn
* Struck through repros no longer work on HEAD.