syzbot

 sign-in | mailing list | source | docs
🐞 Open [1490]
Subsystems
🐞 Fixed [6580]
🐞 Invalid [16829]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __writeback_single_inode / xas_clear_mark (2)

Status: auto-closed as invalid on 2020/04/10 19:48
Subsystems: ext4
[Documentation on labels]
First crash: 2120d, last: 2054d
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __writeback_single_inode / xas_clear_mark (4) fs mm 6 1 1813d 1813d 0/29 auto-closed as invalid on 2020/11/02 04:03
upstream KCSAN: data-race in __writeback_single_inode / xas_clear_mark (6) mm fs 6 4 193d 286d 0/29 auto-obsoleted due to no activity on 2025/05/01 12:25
upstream KCSAN: data-race in __writeback_single_inode / xas_clear_mark (7) fs mm 6 5 83d 114d 0/29 auto-obsoleted due to no activity on 2025/08/19 20:24
upstream KCSAN: data-race in __writeback_single_inode / xas_clear_mark (5) mm fs 6 1 403d 403d 0/29 auto-obsoleted due to no activity on 2024/09/12 03:14
upstream KCSAN: data-race in __writeback_single_inode / xas_clear_mark (3) fs mm 6 1 1849d 1849d 0/29 auto-closed as invalid on 2020/09/27 22:17
upstream KCSAN: data-race in __writeback_single_inode / xas_clear_mark ext4 6 3 2143d 2154d 0/29 closed as invalid on 2019/11/19 13:24

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __writeback_single_inode / xas_clear_mark

read to 0xffff888217c39b24 of 4 bytes by task 19938 on cpu 0:
 mapping_tagged include/linux/fs.h:521 [inline]
 __writeback_single_inode+0x367/0x8e0 fs/fs-writeback.c:1502
 writeback_single_inode+0x232/0x310 fs/fs-writeback.c:1565
 sync_inode fs/fs-writeback.c:2602 [inline]
 sync_inode_metadata+0x74/0xa0 fs/fs-writeback.c:2622
 ext4_fsync_nojournal fs/ext4/fsync.c:94 [inline]
 ext4_sync_file+0x4b5/0xaf0 fs/ext4/fsync.c:172
 vfs_fsync_range+0x82/0x150 fs/sync.c:197
 generic_write_sync include/linux/fs.h:2856 [inline]
 ext4_buffered_write_iter+0x222/0x290 fs/ext4/file.c:259
 ext4_file_write_iter+0xf4/0xd40 fs/ext4/file.c:547
 call_write_iter include/linux/fs.h:1902 [inline]
 do_iter_readv_writev+0x487/0x5b0 fs/read_write.c:693
 do_iter_write fs/read_write.c:970 [inline]
 do_iter_write+0x13b/0x3c0 fs/read_write.c:951
 vfs_iter_write+0x5c/0x80 fs/read_write.c:983
 iter_file_splice_write+0x530/0x840 fs/splice.c:760
 do_splice_from fs/splice.c:863 [inline]
 direct_splice_actor+0xa0/0xc0 fs/splice.c:1037
 splice_direct_to_actor+0x22b/0x540 fs/splice.c:992
 do_splice_direct+0x161/0x1e0 fs/splice.c:1080
 do_sendfile+0x384/0x7f0 fs/read_write.c:1464
 __do_sys_sendfile64 fs/read_write.c:1519 [inline]
 __se_sys_sendfile64 fs/read_write.c:1511 [inline]
 __x64_sys_sendfile64+0xbe/0x140 fs/read_write.c:1511
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

write to 0xffff888217c39b24 of 4 bytes by interrupt on cpu 1:
 xa_mark_clear lib/xarray.c:74 [inline]
 xas_clear_mark lib/xarray.c:917 [inline]
 xas_clear_mark+0x171/0x180 lib/xarray.c:898
 __xa_clear_mark+0xd3/0x100 lib/xarray.c:1717
 test_clear_page_writeback+0x44c/0x790 mm/page-writeback.c:2731
 end_page_writeback+0x9e/0x190 mm/filemap.c:1339
 ext4_finish_bio+0x40d/0x520 fs/ext4/page-io.c:148
 ext4_end_bio+0xd2/0x2f0 fs/ext4/page-io.c:370
 bio_endio+0x2fa/0x400 block/bio.c:1821
 req_bio_endio block/blk-core.c:245 [inline]
 blk_update_request+0x427/0x7b0 block/blk-core.c:1464
 scsi_end_request+0x6b/0x360 drivers/scsi/scsi_lib.c:576
 scsi_io_completion+0x11d/0xc80 drivers/scsi/scsi_lib.c:960
 scsi_finish_command+0x283/0x380 drivers/scsi/scsi.c:228
 scsi_softirq_done+0x259/0x280 drivers/scsi/scsi_lib.c:1476
 blk_done_softirq+0x1eb/0x250 block/blk-softirq.c:37
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0xbb/0xe0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 do_IRQ+0x81/0x130 arch/x86/kernel/irq.c:263
 ret_from_intr+0x0/0x21
 arch_local_irq_enable arch/x86/include/asm/paravirt.h:762 [inline]
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
 _raw_spin_unlock_irq+0x4e/0x80 kernel/locking/spinlock.c:199
 spin_unlock_irq include/linux/spinlock.h:388 [inline]
 process_one_work+0x3b5/0x890 kernel/workqueue.c:2237
 worker_thread+0xa0/0x800 kernel/workqueue.c:2410
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 8213 Comm: kworker/u4:5 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
==================================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/31 19:41 https://github.com/google/ktsan.git kcsan 245a43005292 0eb59c27 .config console log report ci2-upstream-kcsan-gce
2019/12/07 21:57 https://github.com/google/ktsan.git kcsan ef798c30ba4e 1508f453 .config console log report ci2-upstream-kcsan-gce
2019/12/06 17:29 https://github.com/google/ktsan.git kcsan ef798c30ba4e 85f26751 .config console log report ci2-upstream-kcsan-gce
2019/12/04 14:48 https://github.com/google/ktsan.git kcsan ef798c30ba4e b2088328 .config console log report ci2-upstream-kcsan-gce
2019/11/26 21:50 https://github.com/google/ktsan.git kcsan ef798c30ba4e 1048481f .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.