Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4308699ybp; Mon, 7 Oct 2019 06:37:34 -0700 (PDT) X-Google-Smtp-Source: APXvYqzKIApPQA+vuYXnkGWKoV/+Yr9c0OebXhMtvWkKOmvKpbIl1P2V1s2MnZtvDgc4pG5TWCWr X-Received: by 2002:a17:906:4b15:: with SMTP id y21mr23911504eju.112.1570455454144; Mon, 07 Oct 2019 06:37:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570455454; cv=none; d=google.com; s=arc-20160816; b=D4UjwAoCq58dLQUSKFhUxsgqnL25hG5WwUynFabWD0Obxa9oKDjcooye7zAyjkDQAP tRNxw9s2Ea0HiPeJNPkZgch5DIwn2nh0c00faX5w8uZ2pk6vZNSaNJsC9cq2Hs6hfatw PKFh+EqdDFskKL0Y0oMIm1Um5/zWSVPw0ewhK/qcDRAWtWtccIctnf1EKT3kFlthJ4tM sUyKgXxb620XyCSlM8bkPwaKy6MftkNsmpz5MEnEohFGFTMl4BV/qF8YxgLjQAvlCfHD ceKGS+9nTO1erNg6cMB2HS/GwAex3WfTntF90r2BcHos4aS/qB1yIxWI43D+coTEEntX PAog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=AScaNcw5r+IARoQjAJo0fzpzP0ZSJI2lErBbUP4YRq0=; b=zB3RBn+RTBXEYkkz5lJmnr2r7o4nR0kgXHhnpcV8rA5PFFsacAM+iPNOCSGUbRLRea +V4i3I/Wpy5JvU9t7H3h1BFyBd1JN6MHe5knC1Ea3hhnmaZgSVd3skzd/URo2tDByRD8 +8mQPEN3Mt/UTE7XGqjVvV9GGGsnaT6CZFuvWi2APsHPkSqP96e8Ee1byOJAQYA3KTP2 FmPqg3qE+7XI46e/g2MCcDM7s/l26IN3ck2Xm2kuqwZ0bfL0kiMz3KCkK3/rGCe/7zpz oe6U/k/ybmddZrAKGHzsAt60CvdVPUode8uUJkTVfMpCU6ikCdIeJ5waKa2Elxkc3UE2 qHTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f57si8387861edb.165.2019.10.07.06.37.09; Mon, 07 Oct 2019 06:37:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727958AbfJGNe5 (ORCPT + 99 others); Mon, 7 Oct 2019 09:34:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:36120 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726334AbfJGNe5 (ORCPT ); Mon, 7 Oct 2019 09:34:57 -0400 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 636482064A; Mon, 7 Oct 2019 13:34:55 +0000 (UTC) Date: Mon, 7 Oct 2019 09:34:53 -0400 From: Steven Rostedt To: Marco Elver Cc: syzbot , paulmck@kernel.org, josh@joshtriplett.org, mathieu.desnoyers@efficios.com, jiangshanlai@gmail.com, Joel Fernandes , rcu@vger.kernel.org, a@unstable.cc, b.a.t.m.a.n@lists.open-mesh.org, davem@davemloft.net, LKML , mareklindner@neomailbox.ch, netdev@vger.kernel.org, sw@simonwunderlich.de, syzkaller-bugs@googlegroups.com Subject: Re: KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult Message-ID: <20191007093453.2d9852ce@gandalf.local.home> In-Reply-To: References: <000000000000604e8905944f211f@google.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 7 Oct 2019 12:04:16 +0200 Marco Elver wrote: > +RCU maintainers > This might be a data-race in RCU itself. > > > > > write to 0xffffffff85a7f140 of 8 bytes by task 7 on cpu 0: > > rcu_report_exp_cpu_mult+0x4f/0xa0 kernel/rcu/tree_exp.h:244 Here we have: raw_spin_lock_irqsave_rcu_node(rnp, flags); if (!(rnp->expmask & mask)) { raw_spin_unlock_irqrestore_rcu_node(rnp, flags); return; } rnp->expmask &= ~mask; __rcu_report_exp_rnp(rnp, wake, flags); /* Releases rnp->lock. */ > > > > read to 0xffffffff85a7f140 of 8 bytes by task 7251 on cpu 1: > > _find_next_bit lib/find_bit.c:39 [inline] > > find_next_bit+0x57/0xe0 lib/find_bit.c:70 > > sync_rcu_exp_select_node_cpus+0x28e/0x510 kernel/rcu/tree_exp.h:375 and here we have: raw_spin_unlock_irqrestore_rcu_node(rnp, flags); /* IPI the remaining CPUs for expedited quiescent state. */ for_each_leaf_node_cpu_mask(rnp, cpu, rnp->expmask) { The write to rnp->expmask is done under the rnp->lock, but on the read side, that lock is released before the for loop. Should we have something like: unsigned long expmask; [...] expmask = rnp->expmask; raw_spin_unlock_irqrestore_rcu_node(rnp, flags); /* IPI the remaining CPUs for expedited quiescent state. */ for_each_leaf_node_cpu_mask(rnp, cpu, expmask) { ? -- Steve