syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in sg_ioctl / sg_rq_end_io (4)

Status: moderation: reported on 2024/03/11 03:15
Subsystems: scsi
[Documentation on labels]
Reported-by: syzbot+b1d221b937727c790159@syzkaller.appspotmail.com
First crash: 47d, last: 19d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in sg_ioctl / sg_rq_end_io scsi 1 951d 951d 0/26 auto-closed as invalid on 2021/10/23 07:44
upstream KCSAN: data-race in sg_ioctl / sg_rq_end_io (3) scsi 1 612d 612d 0/26 auto-closed as invalid on 2022/09/27 16:29
upstream KCSAN: data-race in sg_ioctl / sg_rq_end_io (2) scsi 2 847d 859d 0/26 auto-closed as invalid on 2022/02/04 08:07

Sample crash report:
==================================================================
BUG: KCSAN: data-race in sg_ioctl / sg_rq_end_io

write to 0xffff88813bfae11c of 4 bytes by interrupt on cpu 1:
 sg_rq_end_io+0x154/0x700 drivers/scsi/sg.c:1347
 __blk_mq_end_request+0x308/0x390 block/blk-mq.c:1044
 scsi_end_request+0x2ab/0x4f0 drivers/scsi/scsi_lib.c:666
 scsi_io_completion+0x9f/0x200 drivers/scsi/scsi_lib.c:1069
 scsi_finish_command+0x1be/0x1d0 drivers/scsi/scsi.c:198
 scsi_complete+0x19a/0x1d0 drivers/scsi/scsi_lib.c:1531
 blk_complete_reqs block/blk-mq.c:1129 [inline]
 blk_done_softirq+0x74/0xb0 block/blk-mq.c:1134
 __do_softirq+0xc8/0x285 kernel/softirq.c:554
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:633 [inline]
 irq_exit_rcu+0x3c/0x90 kernel/softirq.c:645
 common_interrupt+0x81/0x90 arch/x86/kernel/irq.c:247
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
 check_access kernel/kcsan/core.c:787 [inline]
 __tsan_read4+0x11e/0x180 kernel/kcsan/core.c:1024
 crc32_body lib/crc32.c:106 [inline]
 crc32_le_generic lib/crc32.c:179 [inline]
 __crc32c_le_base+0xa3/0x520 lib/crc32.c:201
 chksum_update+0x32/0x50 crypto/crc32c_generic.c:88
 crypto_shash_update+0x4a/0x60 crypto/shash.c:70
 jbd2_chksum include/linux/jbd2.h:1801 [inline]
 jbd2_block_tag_csum_set fs/jbd2/commit.c:334 [inline]
 jbd2_journal_commit_transaction+0x1238/0x33d0 fs/jbd2/commit.c:684
 kjournald2+0x243/0x430 fs/jbd2/journal.c:201
 kthread+0x1d1/0x210 kernel/kthread.c:388
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243

read to 0xffff88813bfae11c of 4 bytes by task 27766 on cpu 0:
 sg_fill_request_table drivers/scsi/sg.c:878 [inline]
 sg_ioctl_common drivers/scsi/sg.c:1086 [inline]
 sg_ioctl+0x96b/0x1870 drivers/scsi/sg.c:1160
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:904 [inline]
 __se_sys_ioctl+0xd3/0x150 fs/ioctl.c:890
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:890
 do_syscall_64+0xd3/0x1d0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

value changed: 0x0018e548 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 27766 Comm: syz-executor.2 Tainted: G        W          6.9.0-rc2-syzkaller-00435-g9fe30842a90b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/08 02:59 upstream 9fe30842a90b ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in sg_ioctl / sg_rq_end_io
2024/03/11 03:14 upstream fa4b851b4ad6 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in sg_ioctl / sg_rq_end_io
* Struck through repros no longer work on HEAD.