syzbot

 sign-in | mailing list | source | docs
🐞 Open [1269] Subsystems 🐞 Fixed [5427] 🐞 Invalid [12860] Missing Backports [106] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

KCSAN: data-race in io_worker_handle_work / io_wq_worker_cancel (3)

Status: upstream: reported on 2024/06/13 17:18
Subsystems: io-uring
[Documentation on labels]
Reported-by: syzbot+90b0e38244e035ec327c@syzkaller.appspotmail.com
First crash: 12d, last: 7d15h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [io-uring?] KCSAN: data-race in io_worker_handle_work / io_wq_worker_cancel (3) 0 (1) 2024/06/13 17:18
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in io_worker_handle_work / io_wq_worker_cancel io-uring 1 597d 597d 0/27 auto-obsoleted due to no activity on 2022/12/11 07:07
upstream KCSAN: data-race in io_worker_handle_work / io_wq_worker_cancel (2) io-uring 1 450d 450d 0/27 auto-obsoleted due to no activity on 2023/05/07 12:48

Sample crash report:
==================================================================
BUG: KCSAN: data-race in io_worker_handle_work / io_wq_worker_cancel

read-write to 0xffff88812bfb34e0 of 4 bytes by task 18615 on cpu 1:
 __io_wq_worker_cancel io_uring/io-wq.c:993 [inline]
 io_wq_worker_cancel+0x70/0x140 io_uring/io-wq.c:1010
 io_wq_for_each_worker+0x116/0x200 io_uring/io-wq.c:874
 io_wq_cancel_running_work io_uring/io-wq.c:1080 [inline]
 io_wq_cancel_cb+0x10d/0x190 io_uring/io-wq.c:1111
 io_async_cancel_one io_uring/cancel.c:87 [inline]
 __io_async_cancel+0x176/0x270 io_uring/cancel.c:187
 __io_sync_cancel io_uring/cancel.c:261 [inline]
 io_sync_cancel+0x3e6/0x6d0 io_uring/cancel.c:301
 __io_uring_register io_uring/register.c:543 [inline]
 __do_sys_io_uring_register io_uring/register.c:616 [inline]
 __se_sys_io_uring_register+0x504/0x1190 io_uring/register.c:577
 __x64_sys_io_uring_register+0x55/0x70 io_uring/register.c:577
 x64_sys_call+0x2c2/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88812bfb34e0 of 4 bytes by task 18613 on cpu 0:
 io_get_work_hash io_uring/io-wq.c:454 [inline]
 io_worker_handle_work+0x41a/0x9a0 io_uring/io-wq.c:591
 io_wq_worker+0x286/0x820 io_uring/io-wq.c:651
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

value changed: 0x00000000 -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 18613 Comm: iou-wrk-18610 Tainted: G        W          6.10.0-rc4-syzkaller-00033-g14d7c92f8df9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/18 10:37 upstream 14d7c92f8df9 ce6011bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in io_worker_handle_work / io_wq_worker_cancel
2024/06/13 16:16 upstream 2ccbdf43d5e7 a9616ff5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in io_worker_handle_work / io_wq_worker_cancel
* Struck through repros no longer work on HEAD.