syzbot

 sign-in | mailing list | source | docs
🐞 Open [1009] Subsystems 🐞 Fixed [5248] 🐞 Invalid [12547] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __mod_timer / blk_add_timer (8)

Status: auto-obsoleted due to no activity on 2024/02/20 17:38
Subsystems: block
[Documentation on labels]
Reported-by: syzbot+a987d71b88b187bf148b@syzkaller.appspotmail.com
First crash: 224d, last: 105d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __mod_timer / blk_add_timer (6) block 1 393d 373d 0/26 auto-obsoleted due to no activity on 2023/05/09 08:21
upstream KCSAN: data-race in __mod_timer / blk_add_timer block 2 1076d 1110d 0/26 auto-closed as invalid on 2021/06/25 00:11
upstream KCSAN: data-race in __mod_timer / blk_add_timer (3) block 8 851d 950d 0/26 auto-closed as invalid on 2022/02/04 22:18
upstream KCSAN: data-race in __mod_timer / blk_add_timer (2) block 2 1001d 1032d 0/26 auto-closed as invalid on 2021/09/07 18:24
upstream KCSAN: data-race in __mod_timer / blk_add_timer (4) block 2 759d 777d 0/26 auto-closed as invalid on 2022/05/08 11:46
upstream KCSAN: data-race in __mod_timer / blk_add_timer (7) block 2 313d 329d 0/26 auto-obsoleted due to no activity on 2023/07/28 08:54
upstream KCSAN: data-race in __mod_timer / blk_add_timer (5) block 1 615d 615d 0/26 auto-closed as invalid on 2022/09/29 13:43

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __mod_timer / blk_add_timer

write to 0xffff888101300f10 of 8 bytes by task 1000 on cpu 0:
 __mod_timer+0x5ca/0x860 kernel/time/timer.c:1121
 mod_timer+0x1f/0x30 kernel/time/timer.c:1190
 blk_add_timer+0x17e/0x190 block/blk-timeout.c:164
 blk_mq_start_request+0x140/0x300 block/blk-mq.c:1261
 loop_queue_rq+0x44/0x650 drivers/block/loop.c:1847
 __blk_mq_issue_directly block/blk-mq.c:2591 [inline]
 blk_mq_request_issue_directly+0x1d0/0x330 block/blk-mq.c:2676
 blk_mq_plug_issue_direct+0x156/0x520 block/blk-mq.c:2697
 blk_mq_flush_plug_list+0x2a7/0xdb0 block/blk-mq.c:2806
 __blk_flush_plug+0x210/0x260 block/blk-core.c:1166
 blk_finish_plug+0x47/0x60 block/blk-core.c:1190
 blkdev_writepages+0x63/0x90 block/fops.c:428
 do_writepages+0x1c2/0x340 mm/page-writeback.c:2553
 filemap_fdatawrite_wbc+0xdb/0xf0 mm/filemap.c:388
 __filemap_fdatawrite_range mm/filemap.c:421 [inline]
 __filemap_fdatawrite mm/filemap.c:427 [inline]
 filemap_flush+0x95/0xc0 mm/filemap.c:454
 sync_blockdev_nowait+0x36/0x50 block/bdev.c:189
 sync_filesystem+0xe0/0x180 fs/sync.c:60
 generic_shutdown_super+0x42/0x210 fs/super.c:625
 kill_block_super+0x2a/0x60 fs/super.c:1680
 deactivate_locked_super+0x7a/0x1c0 fs/super.c:477
 deactivate_super+0x9b/0xb0 fs/super.c:510
 cleanup_mnt+0x272/0x2e0 fs/namespace.c:1267
 __cleanup_mnt+0x19/0x20 fs/namespace.c:1274
 task_work_run+0x135/0x1a0 kernel/task_work.c:180
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:108 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline]
 syscall_exit_to_user_mode+0xbc/0x130 kernel/entry/common.c:212
 do_syscall_64+0x65/0x120 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

read to 0xffff888101300f10 of 8 bytes by task 44 on cpu 1:
 blk_add_timer+0x112/0x190
 blk_mq_start_request+0x140/0x300 block/blk-mq.c:1261
 loop_queue_rq+0x44/0x650 drivers/block/loop.c:1847
 blk_mq_dispatch_rq_list+0x2d9/0x1090 block/blk-mq.c:2050
 __blk_mq_sched_dispatch_requests+0xc30/0xd20 block/blk-mq-sched.c:315
 blk_mq_sched_dispatch_requests+0x93/0x100 block/blk-mq-sched.c:333
 blk_mq_run_work_fn+0x65/0xe0 block/blk-mq.c:2435
 process_one_work kernel/workqueue.c:2633 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
 worker_thread+0x525/0x730 kernel/workqueue.c:2787
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

value changed: 0x0000000100034ef7 -> 0x00000001000351b7

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 44 Comm: kworker/1:1H Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: kblockd blk_mq_run_work_fn
==================================================================

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/16 17:37 upstream 052d534373b7 2a7bcc7f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
2023/12/17 19:43 upstream 0e389834672c 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
2023/11/23 13:29 upstream 9b6de136b5f0 fc59b78e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
2023/11/16 19:43 upstream 7475e51b8796 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
2023/11/05 19:33 upstream 1c41041124bd 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
2023/10/22 03:00 upstream 45d3291c5201 361b23dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
2023/09/20 10:27 upstream 2cf0f7156238 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
* Struck through repros no longer work on HEAD.