syzbot

 sign-in | mailing list | source | docs
🐞 Open [1643]
Subsystems
🐞 Fixed [6105]
🐞 Invalid [15284]
Missing Backports [170]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __mod_timer / blk_add_timer (11)

Status: moderation: reported on 2025/03/24 02:05
Subsystems: block
[Documentation on labels]
Reported-by: syzbot+46b780997d6c7011532b@syzkaller.appspotmail.com
First crash: 1d19h, last: 1d19h
Similar bugs (10)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __mod_timer / blk_add_timer (6) block 1 721d 701d 0/28 auto-obsoleted due to no activity on 2023/05/09 08:21
upstream KCSAN: data-race in __mod_timer / blk_add_timer (10) block 1 62d 57d 0/28 auto-obsoleted due to no activity on 2025/03/19 05:59
upstream KCSAN: data-race in __mod_timer / blk_add_timer block 2 1404d 1439d 0/28 auto-closed as invalid on 2021/06/25 00:11
upstream KCSAN: data-race in __mod_timer / blk_add_timer (3) block 8 1179d 1278d 0/28 auto-closed as invalid on 2022/02/04 22:18
upstream KCSAN: data-race in __mod_timer / blk_add_timer (2) block 2 1330d 1360d 0/28 auto-closed as invalid on 2021/09/07 18:24
upstream KCSAN: data-race in __mod_timer / blk_add_timer (4) block 2 1087d 1106d 0/28 auto-closed as invalid on 2022/05/08 11:46
upstream KCSAN: data-race in __mod_timer / blk_add_timer (7) block 2 641d 658d 0/28 auto-obsoleted due to no activity on 2023/07/28 08:54
upstream KCSAN: data-race in __mod_timer / blk_add_timer (5) block 1 943d 943d 0/28 auto-closed as invalid on 2022/09/29 13:43
upstream KCSAN: data-race in __mod_timer / blk_add_timer (9) block 1 284d 284d 0/28 auto-obsoleted due to no activity on 2024/07/19 18:23
upstream KCSAN: data-race in __mod_timer / blk_add_timer (8) block 7 434d 471d 0/28 auto-obsoleted due to no activity on 2024/02/20 17:38

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __mod_timer / blk_add_timer

write to 0xffff888102542d08 of 8 bytes by task 47 on cpu 0:
 __mod_timer+0x56b/0x810 kernel/time/timer.c:1168
 mod_timer+0x1f/0x30 kernel/time/timer.c:1237
 blk_mq_timeout_work+0x185/0x350 block/blk-mq.c:1743
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
 kthread+0x4ae/0x520 kernel/kthread.c:464
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

read to 0xffff888102542d08 of 8 bytes by task 1831 on cpu 1:
 blk_add_timer+0x112/0x190
 blk_mq_start_request+0x185/0x3b0 block/blk-mq.c:1351
 scsi_queue_rq+0x149d/0x19f0 drivers/scsi/scsi_lib.c:1864
 blk_mq_dispatch_rq_list+0x630/0xfa0 block/blk-mq.c:2120
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline]
 blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline]
 __blk_mq_sched_dispatch_requests+0x604/0xd50 block/blk-mq-sched.c:309
 blk_mq_sched_dispatch_requests+0x88/0x120 block/blk-mq-sched.c:331
 blk_mq_run_hw_queue+0x18a/0x230 block/blk-mq.c:2354
 blk_mq_flush_plug_list+0xbd5/0xef0 block/blk-mq.c:2917
 blk_add_rq_to_plug+0xee/0x3d0 block/blk-mq.c:1384
 blk_mq_submit_bio+0xb10/0xf40 block/blk-mq.c:3157
 __submit_bio+0xf2/0x4f0 block/blk-core.c:628
 __submit_bio_noacct_mq block/blk-core.c:715 [inline]
 submit_bio_noacct_nocheck+0x295/0x6e0 block/blk-core.c:744
 submit_bio_noacct+0x6e1/0x930 block/blk-core.c:867
 submit_bio+0x218/0x230 block/blk-core.c:909
 submit_bh_wbc+0x2ed/0x330 fs/buffer.c:2814
 __block_write_full_folio+0x577/0x8c0 fs/buffer.c:1904
 block_write_full_folio+0x293/0x2b0
 write_cache_pages+0x62/0x100 mm/page-writeback.c:2644
 blkdev_writepages+0x59/0x90 block/fops.c:458
 do_writepages+0x1d8/0x480 mm/page-writeback.c:2687
 __writeback_single_inode+0x89/0x850 fs/fs-writeback.c:1680
 writeback_sb_inodes+0x461/0xa30 fs/fs-writeback.c:1976
 __writeback_inodes_wb+0x9a/0x1a0 fs/fs-writeback.c:2047
 wb_writeback+0x274/0x640 fs/fs-writeback.c:2158
 wb_check_start_all fs/fs-writeback.c:2284 [inline]
 wb_do_writeback fs/fs-writeback.c:2310 [inline]
 wb_workfn+0x4ea/0x940 fs/fs-writeback.c:2343
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4db/0xa20 kernel/workqueue.c:3319
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3400
 kthread+0x4ae/0x520 kernel/kthread.c:464
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

value changed: 0x00000000ffffe077 -> 0x00000000ffffe9bb

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 1831 Comm: kworker/u8:6 Tainted: G        W          6.14.0-rc7-syzkaller-00205-g586de92313fc #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: writeback wb_workfn (flush-8:0)
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/24 02:05 upstream 586de92313fc 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
* Struck through repros no longer work on HEAD.