[syzbot] [kernel?] KCSAN: data-race in next_expiry_recalc / update_process_times (2)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+bf285fcc0a048e028118@syzkaller.appspotmail.com>
To: anna-maria@linutronix.de, frederic@kernel.org,
	 linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	 tglx@linutronix.de
Subject: [syzbot] [kernel?] KCSAN: data-race in next_expiry_recalc / update_process_times (2)
Date: Tue, 13 Aug 2024 13:40:26 -0700	[thread overview]
Message-ID: <000000000000916e55061f969e14@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    6b4aa469f049 Merge tag '6.11-rc3-ksmbd-fixes' of git://git..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=157bd96b980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=31ece081c16313f0
dashboard link: https://syzkaller.appspot.com/bug?extid=bf285fcc0a048e028118
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cf019ab0b1a3/disk-6b4aa469.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b052d8a52fbd/vmlinux-6b4aa469.xz
kernel image: https://storage.googleapis.com/syzbot-assets/07bf313382f0/bzImage-6b4aa469.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bf285fcc0a048e028118@syzkaller.appspotmail.com

==================================================================
BUG: KCSAN: data-race in next_expiry_recalc / update_process_times

write to 0xffff888237c1de58 of 8 bytes by interrupt on cpu 1:
 next_expiry_recalc+0x187/0x1e0 kernel/time/timer.c:1967
 __run_timers kernel/time/timer.c:2414 [inline]
 __run_timer_base+0x2ee/0x640 kernel/time/timer.c:2428
 timer_expire_remote+0x2f/0x40 kernel/time/timer.c:2180
 tmigr_handle_remote_cpu kernel/time/timer_migration.c:930 [inline]
 tmigr_handle_remote_up kernel/time/timer_migration.c:1021 [inline]
 __walk_groups kernel/time/timer_migration.c:533 [inline]
 tmigr_handle_remote+0x4f6/0x940 kernel/time/timer_migration.c:1080
 run_timer_softirq+0x5f/0x70 kernel/time/timer.c:2451
 handle_softirqs+0xc3/0x280 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0x3e/0x90 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x73/0x80 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 syscall_enter_from_user_mode_work include/linux/entry-common.h:165 [inline]
 syscall_enter_from_user_mode include/linux/entry-common.h:198 [inline]
 do_syscall_64+0x9a/0x1c0 arch/x86/entry/common.c:79
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888237c1de58 of 8 bytes by interrupt on cpu 0:
 run_local_timers kernel/time/timer.c:2466 [inline]
 update_process_times+0x8a/0x180 kernel/time/timer.c:2484
 tick_sched_handle kernel/time/tick-sched.c:276 [inline]
 tick_nohz_handler+0x250/0x2d0 kernel/time/tick-sched.c:297
 __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
 __hrtimer_run_queues+0x20d/0x5e0 kernel/time/hrtimer.c:1753
 hrtimer_interrupt+0x210/0x7b0 kernel/time/hrtimer.c:1815
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1a0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
 arch_safe_halt arch/x86/include/asm/irqflags.h:106 [inline]
 acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:111
 acpi_idle_do_entry+0x1d/0x30 drivers/acpi/processor_idle.c:568
 acpi_idle_enter+0x96/0xb0 drivers/acpi/processor_idle.c:702
 cpuidle_enter_state+0xcf/0x270 drivers/cpuidle/cpuidle.c:267
 cpuidle_enter+0x40/0x70 drivers/cpuidle/cpuidle.c:388
 call_cpuidle kernel/sched/idle.c:155 [inline]
 cpuidle_idle_call kernel/sched/idle.c:230 [inline]
 do_idle+0x195/0x230 kernel/sched/idle.c:326
 cpu_startup_entry+0x25/0x30 kernel/sched/idle.c:424
 rest_init+0xef/0xf0 init/main.c:747
 start_kernel+0x581/0x5e0 init/main.c:1103
 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
 x86_64_start_kernel+0x9a/0xa0 arch/x86/kernel/head64.c:488
 common_startup_64+0x12c/0x137

value changed: 0x00000000fffff045 -> 0x00000000fffff048

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
==================================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

next             reply	other threads:[~2024-08-13 20:40 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-13 20:40 syzbot [this message]
2024-08-29 15:43 ` [PATCH] timers: Annotate possible non critical data race of next_expiry Anna-Maria Behnsen
2024-09-01 22:21   ` Frederic Weisbecker
2024-09-03  6:55     ` Anna-Maria Behnsen
2024-09-04  9:13   ` [PATCH v2] " Anna-Maria Behnsen
2024-09-04 10:08   ` [tip: timers/core] " tip-bot2 for Anna-Maria Behnsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000916e55061f969e14@google.com \
    --to=syzbot+bf285fcc0a048e028118@syzkaller.appspotmail.com \
    --cc=anna-maria@linutronix.de \
    --cc=frederic@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.