syzbot


KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru (5)

Status: moderation: reported on 2024/06/25 18:23
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+fd3d1af0dd39b0e4fed1@syzkaller.appspotmail.com
First crash: 17d, last: 1d03h
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru (4) ext4 80 74d 219d 0/27 auto-obsoleted due to no activity on 2024/06/03 21:44
upstream KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru (3) fs 1 511d 511d 0/27 auto-obsoleted due to no activity on 2023/04/01 03:15
upstream KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru fs 14 1619d 1686d 0/27 auto-closed as invalid on 2020/04/15 20:03
upstream KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru (2) ext4 exfat 213 555d 1015d 0/27 auto-obsoleted due to no activity on 2023/02/08 20:39

Sample crash report:
loop1: detected capacity change from 0 to 164
==================================================================
BUG: KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru

write to 0xffff888237c2b990 of 8 bytes by task 10907 on cpu 0:
 __invalidate_bh_lrus fs/buffer.c:1511 [inline]
 invalidate_bh_lru+0x8b/0xf0 fs/buffer.c:1523
 csd_do_func kernel/smp.c:133 [inline]
 smp_call_function_many_cond+0x690/0xc20 kernel/smp.c:846
 on_each_cpu_cond_mask+0x3c/0x90 kernel/smp.c:1023
 on_each_cpu_cond include/linux/smp.h:105 [inline]
 invalidate_bh_lrus+0x2a/0x30 fs/buffer.c:1542
 invalidate_bdev+0x42/0x70 block/bdev.c:99
 loop_set_status+0x114/0x550 drivers/block/loop.c:1300
 lo_ioctl+0x892/0x1330
 blkdev_ioctl+0x35f/0x450 block/ioctl.c:676
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xd3/0x150 fs/ioctl.c:893
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:893
 x64_sys_call+0x1581/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888237c2b990 of 8 bytes by task 10911 on cpu 1:
 has_bh_in_lru+0x35/0x1f0 fs/buffer.c:1533
 smp_call_function_many_cond+0x2d5/0xc20 kernel/smp.c:808
 on_each_cpu_cond_mask+0x3c/0x90 kernel/smp.c:1023
 on_each_cpu_cond include/linux/smp.h:105 [inline]
 invalidate_bh_lrus+0x2a/0x30 fs/buffer.c:1542
 kill_bdev block/bdev.c:89 [inline]
 set_blocksize+0x283/0x2b0 block/bdev.c:172
 sb_set_blocksize+0x2c/0xb0 block/bdev.c:181
 isofs_fill_super+0xa2a/0x12a0 fs/isofs/inode.c:824
 get_tree_bdev+0x253/0x2e0 fs/super.c:1624
 isofs_get_tree+0x1c/0x30 fs/isofs/inode.c:1534
 vfs_get_tree+0x56/0x1d0 fs/super.c:1789
 do_new_mount+0x227/0x690 fs/namespace.c:3352
 path_mount+0x49b/0xb30 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount+0x27f/0x2d0 fs/namespace.c:3875
 __x64_sys_mount+0x67/0x80 fs/namespace.c:3875
 x64_sys_call+0x25c9/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff8881048cfa90 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 10911 Comm: syz.1.2455 Tainted: G        W          6.10.0-rc7-syzkaller-00139-g8a18fda0febb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/12 08:18 upstream 8a18fda0febb eaeb5c15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru
2024/06/25 18:22 upstream 55027e689933 04bd2a30 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in has_bh_in_lru / invalidate_bh_lru
* Struck through repros no longer work on HEAD.