All of lore.kernel.org
 help / color / mirror / Atom feed
From: syzbot <syzbot+134336b86f728d6e55a0@syzkaller.appspotmail.com>
To: a@unstable.cc, b.a.t.m.a.n@lists.open-mesh.org,
	davem@davemloft.net, elver@google.com,
	linux-kernel@vger.kernel.org, mareklindner@neomailbox.ch,
	netdev@vger.kernel.org, sw@simonwunderlich.de,
	syzkaller-bugs@googlegroups.com
Subject: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult
Date: Mon, 07 Oct 2019 03:01:06 -0700	[thread overview]
Message-ID: <000000000000604e8905944f211f@google.com> (raw)

Hello,

syzbot found the following crash on:

HEAD commit:    b4bd9343 x86, kcsan: Enable KCSAN for x86
git tree:       https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=11edb20d600000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c0906aa620713d80
dashboard link: https://syzkaller.appspot.com/bug?extid=134336b86f728d6e55a0
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+134336b86f728d6e55a0@syzkaller.appspotmail.com

==================================================================
BUG: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult

write to 0xffffffff85a7f140 of 8 bytes by task 7 on cpu 0:
  rcu_report_exp_cpu_mult+0x4f/0xa0 kernel/rcu/tree_exp.h:244
  rcu_report_exp_rdp+0x6c/0x90 kernel/rcu/tree_exp.h:254
  rcu_preempt_deferred_qs_irqrestore+0x3bb/0x580 kernel/rcu/tree_plugin.h:475
  rcu_read_unlock_special+0xec/0x370 kernel/rcu/tree_plugin.h:659
  __rcu_read_unlock+0xcf/0xe0 kernel/rcu/tree_plugin.h:394
  rcu_read_unlock include/linux/rcupdate.h:645 [inline]
  batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:411 [inline]
  batadv_nc_worker+0x13a/0x390 net/batman-adv/network-coding.c:718
  process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
  worker_thread+0xa0/0x800 kernel/workqueue.c:2415
  kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

read to 0xffffffff85a7f140 of 8 bytes by task 7251 on cpu 1:
  _find_next_bit lib/find_bit.c:39 [inline]
  find_next_bit+0x57/0xe0 lib/find_bit.c:70
  sync_rcu_exp_select_node_cpus+0x28e/0x510 kernel/rcu/tree_exp.h:375
  sync_rcu_exp_select_cpus+0x30c/0x590 kernel/rcu/tree_exp.h:439
  rcu_exp_sel_wait_wake kernel/rcu/tree_exp.h:575 [inline]
  wait_rcu_exp_gp+0x25/0x40 kernel/rcu/tree_exp.h:589
  process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
  worker_thread+0xa0/0x800 kernel/workqueue.c:2415
  kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 7251 Comm: kworker/1:4 Not tainted 5.3.0+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Workqueue: rcu_gp wait_rcu_exp_gp
==================================================================


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

             reply	other threads:[~2019-10-07 10:01 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-07 10:01 syzbot [this message]
2019-10-07 10:04 ` KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult Marco Elver
2019-10-07 13:22   ` Paul E. McKenney
2019-10-07 13:34   ` Steven Rostedt
2019-10-07 13:43   ` Boqun Feng
2019-10-08  0:11     ` Joel Fernandes
2019-10-08  2:12       ` Paul E. McKenney
2019-10-08  2:50         ` Boqun Feng
2019-10-08  3:33           ` Paul E. McKenney
2019-10-08  3:58             ` Boqun Feng
2019-10-08  1:47   ` Paul E. McKenney
2020-01-25 10:42   ` [tip: core/rcu] rcu: Use *_ONCE() to protect lockless ->expmask accesses tip-bot2 for Paul E. McKenney

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000604e8905944f211f@google.com \
    --to=syzbot+134336b86f728d6e55a0@syzkaller.appspotmail.com \
    --cc=a@unstable.cc \
    --cc=b.a.t.m.a.n@lists.open-mesh.org \
    --cc=davem@davemloft.net \
    --cc=elver@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mareklindner@neomailbox.ch \
    --cc=netdev@vger.kernel.org \
    --cc=sw@simonwunderlich.de \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.