KCSAN: data-race in wbt_inflight_cb / wbt

KCSAN: data-race in wbt_inflight_cb / wbt_wait
Status: closed as invalid on 2020/06/18 14:24
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 607d, last: 488d

similar bugs (4):
Kernel	Title	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in wbt_inflight_cb / wbt_wait (4)	1	300d	294d	0/22	auto-closed as invalid on 2021/01/05 03:23
upstream	KCSAN: data-race in wbt_inflight_cb / wbt_wait (2)	1	439d	439d	0/22	auto-closed as invalid on 2020/08/20 00:05
upstream	KCSAN: data-race in wbt_inflight_cb / wbt_wait (3)	2	376d	400d	0/22	auto-closed as invalid on 2020/10/21 20:32
upstream	KCSAN: data-race in wbt_inflight_cb / wbt_wait (5)	2	191d	225d	0/22	auto-closed as invalid on 2021/04/24 12:25

Sample crash report:

==================================================================
BUG: KCSAN: data-race in wbt_inflight_cb / wbt_wait

write to 0xffff88812a51fa40 of 8 bytes by task 10963 on cpu 0:
 wb_timestamp block/blk-wbt.c:89 [inline]
 wb_timestamp block/blk-wbt.c:83 [inline]
 wbt_wait+0x22a/0x260 block/blk-wbt.c:587
 __rq_qos_throttle+0x42/0x70 block/blk-rq-qos.c:72
 rq_qos_throttle block/blk-rq-qos.h:182 [inline]
 blk_mq_make_request+0x297/0xf60 block/blk-mq.c:1998
 generic_make_request block/blk-core.c:1075 [inline]
 generic_make_request+0x196/0x700 block/blk-core.c:1017
 submit_bio+0x8f/0x3a0 block/blk-core.c:1200
 mpage_bio_submit fs/mpage.c:66 [inline]
 mpage_readpages+0x3b4/0x400 fs/mpage.c:410
 fat_readpages+0x32/0x50 fs/fat/inode.c:216
 read_pages+0xa2/0x360 mm/readahead.c:126
 __do_page_cache_readahead+0x358/0x380 mm/readahead.c:212
 ra_submit mm/internal.h:62 [inline]
 ondemand_readahead+0x369/0x730 mm/readahead.c:492
 page_cache_sync_readahead+0x1b0/0x1e0 mm/readahead.c:527
 generic_file_buffered_read mm/filemap.c:2036 [inline]
 generic_file_read_iter+0xf24/0x18c0 mm/filemap.c:2309
 call_read_iter include/linux/fs.h:1901 [inline]
 generic_file_splice_read+0x2df/0x470 fs/splice.c:313
 do_splice_to+0xc7/0x100 fs/splice.c:892
 splice_direct_to_actor+0x1b9/0x540 fs/splice.c:971
 do_splice_direct+0x152/0x1d0 fs/splice.c:1080
 do_sendfile+0x380/0x800 fs/read_write.c:1521
 __do_sys_sendfile64 fs/read_write.c:1582 [inline]
 __se_sys_sendfile64 fs/read_write.c:1568 [inline]
 __x64_sys_sendfile64+0x121/0x140 fs/read_write.c:1568
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88812a51fa40 of 8 bytes by task 10970 on cpu 1:
 get_limit block/blk-wbt.c:482 [inline]
 wbt_inflight_cb+0x1a8/0x220 block/blk-wbt.c:503
 rq_qos_wait+0x26b/0x300 block/blk-rq-qos.c:266
 __wbt_wait block/blk-wbt.c:526 [inline]
 wbt_wait+0x15f/0x260 block/blk-wbt.c:591
 __rq_qos_throttle+0x42/0x70 block/blk-rq-qos.c:72
 rq_qos_throttle block/blk-rq-qos.h:182 [inline]
 blk_mq_make_request+0x297/0xf60 block/blk-mq.c:1998
 generic_make_request block/blk-core.c:1075 [inline]
 generic_make_request+0x196/0x700 block/blk-core.c:1017
 submit_bio+0x8f/0x3a0 block/blk-core.c:1200
 submit_bh_wbc+0x40d/0x460 fs/buffer.c:3063
 submit_bh fs/buffer.c:3069 [inline]
 write_dirty_buffer fs/buffer.c:3137 [inline]
 write_dirty_buffer+0x7d/0xf0 fs/buffer.c:3128
 fat_sync_bhs+0x58/0x13e fs/fat/misc.c:357
 fat_ent_write+0xd0/0xf0 fs/fat/fatent.c:417
 fat_chain_add+0x356/0x410 fs/fat/misc.c:130
 fat_add_cluster+0x91/0xd0 fs/fat/inode.c:113
 __fat_get_block fs/fat/inode.c:155 [inline]
 fat_get_block+0x3c6/0x4f0 fs/fat/inode.c:190
 __block_write_begin_int+0x306/0xf80 fs/buffer.c:2002
 __block_write_begin fs/buffer.c:2052 [inline]
 block_write_begin+0x76/0x200 fs/buffer.c:2111
 cont_write_begin+0x3bd/0x660 fs/buffer.c:2460
 fat_write_begin+0x69/0xc0 fs/fat/inode.c:236
 pagecache_write_begin+0x67/0x90 mm/filemap.c:3121
 cont_expand_zero fs/buffer.c:2387 [inline]
 cont_write_begin+0x176/0x660 fs/buffer.c:2450
 fat_write_begin+0x69/0xc0 fs/fat/inode.c:236
 generic_perform_write+0x13a/0x320 mm/filemap.c:3302
 __generic_file_write_iter+0x240/0x370 mm/filemap.c:3431
 generic_file_write_iter+0x294/0x38e mm/filemap.c:3463
 call_write_iter include/linux/fs.h:1907 [inline]
 new_sync_write+0x303/0x400 fs/read_write.c:484
 __vfs_write+0x9e/0xb0 fs/read_write.c:497
 vfs_write fs/read_write.c:559 [inline]
 vfs_write+0x189/0x380 fs/read_write.c:543
 ksys_write+0xc5/0x1a0 fs/read_write.c:612
 __do_sys_write fs/read_write.c:624 [inline]
 __se_sys_write fs/read_write.c:621 [inline]
 __x64_sys_write+0x49/0x60 fs/read_write.c:621
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 10970 Comm: syz-executor.3 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (6):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report
ci2-upstream-kcsan-gce	2020/05/27 20:15	https://github.com/google/ktsan.git kcsan	7c3cd68e5d38	9072c126	.config	log	report
ci2-upstream-kcsan-gce	2020/05/12 21:34	https://github.com/google/ktsan.git kcsan	7c3cd68e5d38	a44eb8f7	.config	log	report
ci2-upstream-kcsan-gce	2020/03/22 02:23	https://github.com/google/ktsan.git kcsan	40959e34d670	78267cec	.config	log	report
ci2-upstream-kcsan-gce	2020/02/17 00:28	https://github.com/google/ktsan.git kcsan	b12d66a6c34f	1f448cd6	.config	log	report
ci2-upstream-kcsan-gce	2020/02/14 13:52	https://github.com/google/ktsan.git kcsan	b12d66a6c34f	5d7b90f1	.config	log	report
ci2-upstream-kcsan-gce	2020/01/29 22:56	https://github.com/google/ktsan.git kcsan	245a43005292	5ed23f9a	.config	log	report