syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in dd_has_work / deadline_remove_request (5)

Status: auto-closed as invalid on 2021/05/27 11:41
Subsystems: block
[Documentation on labels]
First crash: 1129d, last: 1099d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in dd_has_work / deadline_remove_request block 2 1433d 1436d 0/26 closed as invalid on 2020/06/18 14:13
upstream KCSAN: data-race in dd_has_work / deadline_remove_request (8) block 8 718d 776d 0/26 auto-closed as invalid on 2022/06/12 02:20
upstream KCSAN: data-race in dd_has_work / deadline_remove_request (4) block 1 1175d 1175d 0/26 auto-closed as invalid on 2021/03/12 01:36
upstream KCSAN: data-race in dd_has_work / deadline_remove_request (7) block 8 834d 912d 0/26 auto-closed as invalid on 2022/02/16 12:39
upstream KCSAN: data-race in dd_has_work / deadline_remove_request (2) block 10 1307d 1394d 0/26 auto-closed as invalid on 2020/10/31 03:43
upstream KCSAN: data-race in dd_has_work / deadline_remove_request (3) block 6 1235d 1235d 0/26 auto-closed as invalid on 2021/01/11 08:35
upstream KCSAN: data-race in dd_has_work / deadline_remove_request (6) block 7 1004d 1035d 0/26 auto-closed as invalid on 2021/09/03 05:59

Sample crash report:
loop0: detected capacity change from 0 to 132104
==================================================================
BUG: KCSAN: data-race in dd_has_work / deadline_remove_request

write to 0xffff888100e0ac98 of 8 bytes by task 5344 on cpu 1:
 __list_del include/linux/list.h:112 [inline]
 __list_del_entry include/linux/list.h:135 [inline]
 list_del_init include/linux/list.h:204 [inline]
 deadline_remove_request+0x6a/0x180 block/mq-deadline.c:115
 deadline_move_request block/mq-deadline.c:178 [inline]
 __dd_dispatch_request block/mq-deadline.c:367 [inline]
 dd_dispatch_request+0x34f/0x3d0 block/mq-deadline.c:389
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:146 [inline]
 blk_mq_do_dispatch_sched+0x1df/0x610 block/blk-mq-sched.c:199
 __blk_mq_sched_dispatch_requests+0x21e/0x2c0 block/blk-mq-sched.c:310
 blk_mq_sched_dispatch_requests+0x9f/0x110 block/blk-mq-sched.c:341
 __blk_mq_run_hw_queue+0xbc/0x140 block/blk-mq.c:1488
 __blk_mq_delay_run_hw_queue+0x163/0x2d0 block/blk-mq.c:1565
 blk_mq_run_hw_queue+0x22c/0x250 block/blk-mq.c:1618
 blk_mq_sched_insert_requests+0x13f/0x200 block/blk-mq-sched.c:491
 blk_mq_flush_plug_list+0x2f5/0x3c0 block/blk-mq.c:1942
 blk_flush_plug_list+0x235/0x260 block/blk-core.c:1749
 blk_finish_plug+0x44/0x60 block/blk-core.c:1766
 read_pages+0x2d9/0x530 mm/readahead.c:150
 page_cache_ra_unbounded+0x3a8/0x400 mm/readahead.c:238
 do_page_cache_ra mm/readahead.c:267 [inline]
 force_page_cache_ra+0x236/0x270 mm/readahead.c:298
 page_cache_sync_ra+0xb5/0xd0 mm/readahead.c:572
 page_cache_sync_readahead include/linux/pagemap.h:840 [inline]
 filemap_get_pages mm/filemap.c:2375 [inline]
 filemap_read+0x380/0x1210 mm/filemap.c:2458
 generic_file_read_iter+0x84/0x3e0 mm/filemap.c:2609
 blkdev_read_iter+0xb3/0xc0 fs/block_dev.c:1727
 call_read_iter include/linux/fs.h:1971 [inline]
 new_sync_read fs/read_write.c:415 [inline]
 vfs_read+0x565/0x5d0 fs/read_write.c:496
 ksys_read+0xce/0x180 fs/read_write.c:634
 __do_sys_read fs/read_write.c:644 [inline]
 __se_sys_read fs/read_write.c:642 [inline]
 __x64_sys_read+0x3e/0x50 fs/read_write.c:642
 do_syscall_64+0x34/0x50 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff888100e0ac98 of 8 bytes by task 5335 on cpu 0:
 list_empty_careful include/linux/list.h:319 [inline]
 dd_has_work+0x98/0xe0 block/mq-deadline.c:585
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:135 [inline]
 blk_mq_do_dispatch_sched+0x138/0x610 block/blk-mq-sched.c:199
 __blk_mq_sched_dispatch_requests+0x21e/0x2c0 block/blk-mq-sched.c:310
 blk_mq_sched_dispatch_requests+0x9f/0x110 block/blk-mq-sched.c:341
 __blk_mq_run_hw_queue+0xbc/0x140 block/blk-mq.c:1488
 __blk_mq_delay_run_hw_queue+0x163/0x2d0 block/blk-mq.c:1565
 blk_mq_run_hw_queue+0x22c/0x250 block/blk-mq.c:1618
 blk_mq_sched_insert_requests+0x13f/0x200 block/blk-mq-sched.c:491
 blk_mq_flush_plug_list+0x2f5/0x3c0 block/blk-mq.c:1942
 blk_flush_plug_list+0x235/0x260 block/blk-core.c:1749
 blk_mq_submit_bio+0x6c4/0xde0 block/blk-mq.c:2238
 __submit_bio_noacct_mq block/blk-core.c:1014 [inline]
 submit_bio_noacct+0x6f2/0x7e0 block/blk-core.c:1047
 submit_bio+0x16d/0x2b0 block/blk-core.c:1090
 blk_next_bio block/blk-lib.c:19 [inline]
 __blkdev_issue_zero_pages+0x135/0x2f0 block/blk-lib.c:318
 blkdev_issue_zeroout+0x173/0x2a0 block/blk-lib.c:412
 blkdev_fallocate+0x290/0x2e0 fs/block_dev.c:1806
 vfs_fallocate+0x463/0x660 fs/open.c:311
 ksys_fallocate fs/open.c:334 [inline]
 __do_sys_fallocate fs/open.c:342 [inline]
 __se_sys_fallocate fs/open.c:340 [inline]
 __x64_sys_fallocate+0x75/0xc0 fs/open.c:340
 do_syscall_64+0x34/0x50 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 5335 Comm: syz-executor.3 Not tainted 5.12.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/22 11:35 upstream 16fc44d6387e 33c28d03 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in dd_has_work / deadline_remove_request
2021/03/23 07:45 upstream 84196390620a 8092f30d .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in dd_has_work / deadline_remove_request
* Struck through repros no longer work on HEAD.