KCSAN: data-race in wb_timer_fn / wbt

KCSAN: data-race in wb_timer_fn / wbt_issue (4)
Status: auto-closed as invalid on 2021/01/31 06:34
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 305d, last: 305d

similar bugs (3):
Kernel	Title	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in wb_timer_fn / wbt_issue (2)	2	403d	407d	0/22	auto-closed as invalid on 2020/10/24 23:26
upstream	KCSAN: data-race in wb_timer_fn / wbt_issue	1	482d	482d	0/22	auto-closed as invalid on 2020/08/07 08:16
upstream	KCSAN: data-race in wb_timer_fn / wbt_issue (3)	1	340d	325d	0/22	auto-closed as invalid on 2020/12/27 00:57

Sample crash report:

==================================================================
BUG: KCSAN: data-race in wb_timer_fn / wbt_issue

write to 0xffff888102b4cb04 of 4 bytes by interrupt on cpu 0:
 calc_wb_limits block/blk-wbt.c:304 [inline]
 scale_up block/blk-wbt.c:313 [inline]
 wb_timer_fn+0x403/0xa00 block/blk-wbt.c:382
 blk_stat_timer_fn+0x3f4/0x410 block/blk-stat.c:99
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1417
 expire_timers+0x116/0x260 kernel/time/timer.c:1462
 __run_timers+0x338/0x3d0 kernel/time/timer.c:1731
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1744
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x32/0x40 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:420
 sysvec_apic_timer_interrupt+0x74/0x90 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628

read to 0xffff888102b4cb04 of 4 bytes by task 27669 on cpu 1:
 rwb_enabled block/blk-wbt.c:80 [inline]
 wbt_issue+0x20/0xd0 block/blk-wbt.c:599
 __rq_qos_issue+0x3b/0x70 block/blk-rq-qos.c:54
 rq_qos_issue block/blk-rq-qos.h:159 [inline]
 blk_mq_start_request+0xc2/0x220 block/blk-mq.c:748
 null_queue_rq+0x122/0x240 drivers/block/null_blk/main.c:1477
 blk_mq_dispatch_rq_list+0x5f2/0xe50 block/blk-mq.c:1396
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:186 [inline]
 blk_mq_do_dispatch_sched+0x370/0x610 block/blk-mq-sched.c:199
 __blk_mq_sched_dispatch_requests+0x1fd/0x2a0 block/blk-mq-sched.c:310
 blk_mq_sched_dispatch_requests+0x8f/0xf0 block/blk-mq-sched.c:341
 __blk_mq_run_hw_queue block/blk-mq.c:1515 [inline]
 __blk_mq_delay_run_hw_queue+0x1ff/0x410 block/blk-mq.c:1592
 blk_mq_run_hw_queue+0x231/0x260 block/blk-mq.c:1645
 blk_mq_sched_insert_requests+0x144/0x210 block/blk-mq-sched.c:501
 blk_mq_flush_plug_list+0x2f5/0x400 block/blk-mq.c:1915
 blk_flush_plug_list+0x235/0x260 block/blk-core.c:1754
 blk_finish_plug+0x44/0x60 block/blk-core.c:1771
 read_pages+0x3a6/0x6e0 mm/readahead.c:150
 page_cache_ra_unbounded+0x464/0x4c0 mm/readahead.c:238
 ondemand_readahead+0x560/0x780 mm/readahead.c:267
 page_cache_async_ra+0x1aa/0x1d0 mm/readahead.c:607
 page_cache_async_readahead include/linux/pagemap.h:862 [inline]
 do_async_mmap_readahead+0x222/0x250 mm/filemap.c:2760
 filemap_fault+0x109/0xbf0 mm/filemap.c:2815
 __do_fault mm/memory.c:3623 [inline]
 do_read_fault+0x403/0x760 mm/memory.c:4017
 do_fault mm/memory.c:4145 [inline]
 handle_pte_fault mm/memory.c:4385 [inline]
 __handle_mm_fault mm/memory.c:4520 [inline]
 handle_mm_fault+0xff1/0x17b0 mm/memory.c:4618
 faultin_page mm/gup.c:851 [inline]
 __get_user_pages+0xa32/0xff0 mm/gup.c:1070
 populate_vma_page_range mm/gup.c:1403 [inline]
 __mm_populate+0x24d/0x380 mm/gup.c:1451
 mm_populate include/linux/mm.h:2583 [inline]
 vm_mmap_pgoff+0x14c/0x1d0 mm/util.c:524
 ksys_mmap_pgoff+0x2a8/0x380 mm/mmap.c:1634
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 27669 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-upstream-kcsan-gce	2020/12/27 06:28	upstream	f838f8d2b694	821e0b09	.config	log	report			info