Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4595141pxv; Tue, 20 Jul 2021 07:22:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxV1VBe1udcTncDlSBa8tdDwZCCKkNMdHL/ac6HQ6WWEAXvTqEFJ30pT7b7cEcOoGtuJoxf X-Received: by 2002:a50:d64a:: with SMTP id c10mr42269872edj.199.1626790928557; Tue, 20 Jul 2021 07:22:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626790928; cv=none; d=google.com; s=arc-20160816; b=TmebPUPM/L8nMzqDILqUnPf1anzP9mpwC42u3gFWPzG/yxNnDUrnf0qtVI4k9jiSyl tm9UydsqnvgOiMBK3fMKSb1c7XtwLAMIEZbBClxxkexgrfRSh3FUtwTBzI6TGF+KsJwN wE+tlnYrK1RByNPPJNdG8j+kSfpnCXb+z+5yx17d2fi9TIAg3s+lo+Fo0fldi+dTRCLK qYodQQqbFeuojK1Yopp4gn5ekhrhZKXZEB90uSwp9PiCJTr912/TFVv9dYSNWCA+fVhh AQYTYFQVx/4SvPjGmpu6386Kz34uXlJum70y/yZbFr9XR1cLEvc41nqwH+lOX3Qo7Jvd CK6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=42n8AUfejZCoSZP1zlU4yzWCvv9+BKRABgiQJHGXXN0=; b=KU9b/uYCSNB4LrPzFMzbIOc1bd0sK7LlNshyhX6A/H7GwCqVbMXcxa1wvRsV8Dy089 f0rmZ1rJ5Jnlw/B22vs4HLXqPzvBHOsT6kLY2DdUZHBuSnpKL8MScgQirth9K9zW2Rhv 6RtmHOirQwRwdqq90xQ3FUjz6FKsBGz4oK+PkRPVhtGbN3KfwhIFpduQnzO//JVQQT3f Bn/99Qp/g0vgxCpiPFRUem9y/OdmvMWZDy89D7peGqc9IBqoqH/kMt2u4tO4lp1noErN ejc5eF/+wKO7mg6oRd/c5+O3fLbAW0U/IBDiaaKq1aKJnp7v+CQpV3QspO9r3pN7pfa1 T8Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jfU+UKYm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id eo9si20318388ejc.108.2021.07.20.07.21.44; Tue, 20 Jul 2021 07:22:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jfU+UKYm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238428AbhGTNfK (ORCPT + 99 others); Tue, 20 Jul 2021 09:35:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239130AbhGTN3s (ORCPT ); Tue, 20 Jul 2021 09:29:48 -0400 Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30C16C0613DC for ; Tue, 20 Jul 2021 07:10:23 -0700 (PDT) Received: by mail-ot1-x32c.google.com with SMTP id h24-20020a9d64180000b029036edcf8f9a6so21646466otl.3 for ; Tue, 20 Jul 2021 07:10:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=42n8AUfejZCoSZP1zlU4yzWCvv9+BKRABgiQJHGXXN0=; b=jfU+UKYmz7ZvNk8E4yppuybYbg1dMiAKJnrVwSkdJoGooMtIiq5WpmdsljtbN8T2NC DTATs5lbdHXYKG9RmIMZciw98/eVxZGBop+B1OZBRnMHW1sEgzjNSlSE9RUodcaw9JBj EtEzlP3Fe6MB8j/a/skNf1lX8sFLDurmDhdIN2GV7+2qKMcIUX2TiUYbOEiNniV4k8dW nmNQol1INz0pAJ38195XkPMEoCnaYEG7aKowZX74nVEY5N9mFmKPOXqU8F9ULAtIrsqL bzVT90ZIJk/kJ9ifS2Zk9sok7jxa/Q70sxltg4KAWMiOJocYPQGLjyeEE76JmzIVp+qm AG0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=42n8AUfejZCoSZP1zlU4yzWCvv9+BKRABgiQJHGXXN0=; b=RUSIZpCPlSFZX/si8TpKN6Onhk6UbCJpmVuvtp8LsTDxPhW+QRD2qFGUZzT6qZpkGq IxPT8gAWQPUJ3MbF0XSVkHpdudWsnJ634mj2BTBHpgMhOjB7csRaaieauGrOGThJu/UX z2gvMrOt0IUmqZfEUobIwuK8w0UuoQJ5A23epiRNsC/lHdxnWmI88p4MkD2SnRTUE+yn ReBHovJigOSyGq487S4rgi3bzMcf2JxdJcrWB9cjgPjYHK+6Pp/BRVky6qTBH5aqpQik POMH4Syg9mOQxSK9/9SsLAcRCLFnReu93a2iVWesmLs235xSBv0/N2keBiHD5IGrRs3u tVMw== X-Gm-Message-State: AOAM533YUzl1pXjge04td/49mHH9FjA53PPNj1e+j06qwegKWZC29Dkr HhvHv+M0dEsFQFQ20fbYdr6CUIdi8x1zau30IOyFHQ== X-Received: by 2002:a9d:d04:: with SMTP id 4mr23481504oti.251.1626790222226; Tue, 20 Jul 2021 07:10:22 -0700 (PDT) MIME-Version: 1.0 References: <00000000000080403805c6ef586d@google.com> <20210720131851.GE4397@paulmck-ThinkPad-P17-Gen-1> In-Reply-To: <20210720131851.GE4397@paulmck-ThinkPad-P17-Gen-1> From: Marco Elver Date: Tue, 20 Jul 2021 16:10:10 +0200 Message-ID: Subject: Re: [syzbot] KCSAN: data-race in call_rcu / rcu_gp_kthread To: paulmck@kernel.org Cc: syzbot , rcu@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 20 Jul 2021 at 15:18, Paul E. McKenney wrote: [...] > Good catch! And yes, this would be hard to reproduce. > > How about as shown below? Acked-by: Marco Elver I was merely a little surprised syzbot was able to exercise RCU in a way that resulted in a data race your torture runs hadn't found yet (or perhaps it did and missed?). Thanks, -- Marco > Thanx, Paul > > ------------------------------------------------------------------------ > > commit 43e0f01f3b6f510dbe31d02a8f4c909c45deff04 > Author: Paul E. McKenney > Date: Tue Jul 20 06:16:27 2021 -0700 > > rcu: Mark accesses to rcu_state.n_force_qs > > This commit marks accesses to the rcu_state.n_force_qs. These data > races are hard to make happen, but syzkaller was equal to the task. > > Reported-by: syzbot+e08a83a1940ec3846cd5@syzkaller.appspotmail.com > Signed-off-by: Paul E. McKenney > > diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c > index a7379c44a2366..245bca7cdf6ee 100644 > --- a/kernel/rcu/tree.c > +++ b/kernel/rcu/tree.c > @@ -1913,7 +1913,7 @@ static void rcu_gp_fqs(bool first_time) > struct rcu_node *rnp = rcu_get_root(); > > WRITE_ONCE(rcu_state.gp_activity, jiffies); > - rcu_state.n_force_qs++; > + WRITE_ONCE(rcu_state.n_force_qs, rcu_state.n_force_qs + 1); > if (first_time) { > /* Collect dyntick-idle snapshots. */ > force_qs_rnp(dyntick_save_progress_counter); > @@ -2556,7 +2556,7 @@ static void rcu_do_batch(struct rcu_data *rdp) > /* Reset ->qlen_last_fqs_check trigger if enough CBs have drained. */ > if (count == 0 && rdp->qlen_last_fqs_check != 0) { > rdp->qlen_last_fqs_check = 0; > - rdp->n_force_qs_snap = rcu_state.n_force_qs; > + rdp->n_force_qs_snap = READ_ONCE(rcu_state.n_force_qs); > } else if (count < rdp->qlen_last_fqs_check - qhimark) > rdp->qlen_last_fqs_check = count; > > @@ -2904,10 +2904,10 @@ static void __call_rcu_core(struct rcu_data *rdp, struct rcu_head *head, > } else { > /* Give the grace period a kick. */ > rdp->blimit = DEFAULT_MAX_RCU_BLIMIT; > - if (rcu_state.n_force_qs == rdp->n_force_qs_snap && > + if (READ_ONCE(rcu_state.n_force_qs) == rdp->n_force_qs_snap && > rcu_segcblist_first_pend_cb(&rdp->cblist) != head) > rcu_force_quiescent_state(); > - rdp->n_force_qs_snap = rcu_state.n_force_qs; > + rdp->n_force_qs_snap = READ_ONCE(rcu_state.n_force_qs); > rdp->qlen_last_fqs_check = rcu_segcblist_n_cbs(&rdp->cblist); > } > } > @@ -4134,7 +4134,7 @@ int rcutree_prepare_cpu(unsigned int cpu) > /* Set up local state, ensuring consistent view of global state. */ > raw_spin_lock_irqsave_rcu_node(rnp, flags); > rdp->qlen_last_fqs_check = 0; > - rdp->n_force_qs_snap = rcu_state.n_force_qs; > + rdp->n_force_qs_snap = READ_ONCE(rcu_state.n_force_qs); > rdp->blimit = blimit; > rdp->dynticks_nesting = 1; /* CPU not up, no tearing. */ > rcu_dynticks_eqs_online();