syzbot

 sign-in | mailing list | source | docs
🐞 Open [1485]
Subsystems
🐞 Fixed [6612]
🐞 Invalid [16927]
Missing Backports [208]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in wb_timer_fn / wbt_track

Status: auto-closed as invalid on 2020/10/05 04:48
Subsystems: block
[Documentation on labels]
First crash: 1879d, last: 1854d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in wb_timer_fn / wbt_track (2) block 6 9 1700d 1756d 0/29 auto-closed as invalid on 2021/03/09 00:37
upstream KCSAN: data-race in wb_timer_fn / wbt_track (3) block 6 4 1634d 1657d 0/29 auto-closed as invalid on 2021/05/17 09:41

Sample crash report:
==================================================================
BUG: KCSAN: data-race in wb_timer_fn / wbt_track

write to 0xffff88812b023604 of 4 bytes by interrupt on cpu 0:
 calc_wb_limits block/blk-wbt.c:304 [inline]
 scale_up block/blk-wbt.c:313 [inline]
 wb_timer_fn+0x42d/0xa40 block/blk-wbt.c:382
 blk_stat_timer_fn+0x3f4/0x410 block/blk-stat.c:99
 call_timer_fn+0x30/0x2a0 kernel/time/timer.c:1413
 expire_timers+0x116/0x290 kernel/time/timer.c:1458
 __run_timers+0x348/0x3e0 kernel/time/timer.c:1755
 run_timer_softirq+0x2e/0x60 kernel/time/timer.c:1768
 __do_softirq+0x198/0x360 kernel/softirq.c:298
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x5d/0x80 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu+0x115/0x120 kernel/softirq.c:423
 sysvec_apic_timer_interrupt+0xba/0xd0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
 __sanitizer_cov_trace_const_cmp8+0x0/0x90 kernel/kcov.c:286
 __pte_needs_invert arch/x86/include/asm/pgtable-invert.h:18 [inline]
 protnone_mask arch/x86/include/asm/pgtable-invert.h:24 [inline]
 pte_pfn arch/x86/include/asm/pgtable.h:216 [inline]
 vm_normal_page+0x61/0x1d0 mm/memory.c:596
 copy_one_pte mm/memory.c:801 [inline]
 copy_pte_range+0x573/0x1430 mm/memory.c:852
 copy_pmd_range mm/memory.c:903 [inline]
 copy_pud_range mm/memory.c:937 [inline]
 copy_p4d_range mm/memory.c:959 [inline]
 copy_page_range+0x999/0xbc0 mm/memory.c:1021
 dup_mmap+0x76c/0xa20 kernel/fork.c:592
 dup_mm+0x7c/0x210 kernel/fork.c:1354
 copy_mm kernel/fork.c:1410 [inline]
 copy_process+0x1278/0x2dc0 kernel/fork.c:2069
 _do_fork+0x14a/0x6c0 kernel/fork.c:2428
 __do_sys_clone kernel/fork.c:2545 [inline]
 __se_sys_clone kernel/fork.c:2529 [inline]
 __x64_sys_clone+0xc8/0xf0 kernel/fork.c:2529
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88812b023604 of 4 bytes by task 8314 on cpu 1:
 rwb_enabled block/blk-wbt.c:80 [inline]
 bio_to_wbt_flags block/blk-wbt.c:543 [inline]
 wbt_track+0x23/0x130 block/blk-wbt.c:592
 __rq_qos_track+0x50/0x90 block/blk-rq-qos.c:81
 rq_qos_track block/blk-rq-qos.h:189 [inline]
 blk_mq_submit_bio+0x2d0/0x1130 block/blk-mq.c:2181
 __submit_bio_noacct_mq block/blk-core.c:1179 [inline]
 submit_bio_noacct+0x772/0x950 block/blk-core.c:1212
 submit_bio+0x200/0x370 block/blk-core.c:1282
 submit_bio_wait+0x88/0x120 block/bio.c:1151
 blkdev_issue_flush+0xd3/0xf0 block/blk-flush.c:444
 ext4_sync_file+0x3eb/0x6e0 fs/ext4/fsync.c:177
 vfs_fsync_range+0x107/0x120 fs/sync.c:200
 generic_write_sync include/linux/fs.h:2747 [inline]
 ext4_buffered_write_iter+0x369/0x3b0 fs/ext4/file.c:276
 ext4_file_write_iter+0x768/0x1060 include/linux/fs.h:784
 call_write_iter include/linux/fs.h:1882 [inline]
 new_sync_write fs/read_write.c:503 [inline]
 vfs_write+0x665/0x6f0 fs/read_write.c:578
 ksys_write+0xce/0x180 fs/read_write.c:631
 __do_sys_write fs/read_write.c:643 [inline]
 __se_sys_write fs/read_write.c:640 [inline]
 __x64_sys_write+0x3e/0x50 fs/read_write.c:640
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 8314 Comm: rs:main Q:Reg Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/31 04:41 upstream dcc5c6f013d8 d5a3ae1f .config console log report ci2-upstream-kcsan-gce
2020/08/17 09:33 upstream 9123e3a74ec7 5ce13532 .config console log report ci2-upstream-kcsan-gce
2020/08/07 00:45 upstream d6efb3ac3e6c cb436c69 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.