| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 07 Oct 2019 03:01:06 -0700
From: syzbot <syzbot+134336b86f728d6e55a0@...kaller.appspotmail.com>
To: a@...table.cc, b.a.t.m.a.n@...ts.open-mesh.org,
davem@...emloft.net, elver@...gle.com,
linux-kernel@...r.kernel.org, mareklindner@...mailbox.ch,
netdev@...r.kernel.org, sw@...onwunderlich.de,
syzkaller-bugs@...glegroups.com
Subject: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult
Hello,
syzbot found the following crash on:
HEAD commit: b4bd9343 x86, kcsan: Enable KCSAN for x86
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=11edb20d600000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0906aa620713d80
dashboard link: https://syzkaller.appspot.com/bug?extid=134336b86f728d6e55a0
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+134336b86f728d6e55a0@...kaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult
write to 0xffffffff85a7f140 of 8 bytes by task 7 on cpu 0:
rcu_report_exp_cpu_mult+0x4f/0xa0 kernel/rcu/tree_exp.h:244
rcu_report_exp_rdp+0x6c/0x90 kernel/rcu/tree_exp.h:254
rcu_preempt_deferred_qs_irqrestore+0x3bb/0x580 kernel/rcu/tree_plugin.h:475
rcu_read_unlock_special+0xec/0x370 kernel/rcu/tree_plugin.h:659
__rcu_read_unlock+0xcf/0xe0 kernel/rcu/tree_plugin.h:394
rcu_read_unlock include/linux/rcupdate.h:645 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:411 [inline]
batadv_nc_worker+0x13a/0x390 net/batman-adv/network-coding.c:718
process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
worker_thread+0xa0/0x800 kernel/workqueue.c:2415
kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
read to 0xffffffff85a7f140 of 8 bytes by task 7251 on cpu 1:
_find_next_bit lib/find_bit.c:39 [inline]
find_next_bit+0x57/0xe0 lib/find_bit.c:70
sync_rcu_exp_select_node_cpus+0x28e/0x510 kernel/rcu/tree_exp.h:375
sync_rcu_exp_select_cpus+0x30c/0x590 kernel/rcu/tree_exp.h:439
rcu_exp_sel_wait_wake kernel/rcu/tree_exp.h:575 [inline]
wait_rcu_exp_gp+0x25/0x40 kernel/rcu/tree_exp.h:589
process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
worker_thread+0xa0/0x800 kernel/workqueue.c:2415
kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 7251 Comm: kworker/1:4 Not tainted 5.3.0+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: rcu_gp wait_rcu_exp_gp
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists