syzbot

 sign-in | mailing list | source | docs
🐞 Open [974] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12471] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __mod_timer / blk_add_timer (4)

Status: auto-closed as invalid on 2022/05/08 11:46
Subsystems: block
[Documentation on labels]
First crash: 764d, last: 746d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __mod_timer / blk_add_timer (6) block 1 380d 360d 0/26 auto-obsoleted due to no activity on 2023/05/09 08:21
upstream KCSAN: data-race in __mod_timer / blk_add_timer block 2 1063d 1097d 0/26 auto-closed as invalid on 2021/06/25 00:11
upstream KCSAN: data-race in __mod_timer / blk_add_timer (3) block 8 838d 937d 0/26 auto-closed as invalid on 2022/02/04 22:18
upstream KCSAN: data-race in __mod_timer / blk_add_timer (2) block 2 988d 1019d 0/26 auto-closed as invalid on 2021/09/07 18:24
upstream KCSAN: data-race in __mod_timer / blk_add_timer (7) block 2 300d 316d 0/26 auto-obsoleted due to no activity on 2023/07/28 08:54
upstream KCSAN: data-race in __mod_timer / blk_add_timer (5) block 1 602d 602d 0/26 auto-closed as invalid on 2022/09/29 13:43
upstream KCSAN: data-race in __mod_timer / blk_add_timer (8) block 7 92d 130d 0/26 auto-obsoleted due to no activity on 2024/02/20 17:38

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __mod_timer / blk_add_timer

write to 0xffff88810269b2f8 of 8 bytes by task 2022 on cpu 1:
 __mod_timer+0x720/0xc30 kernel/time/timer.c:1052
 mod_timer+0x1b/0x20 kernel/time/timer.c:1108
 blk_add_timer+0x18b/0x1a0 block/blk-timeout.c:164
 blk_mq_start_request+0xf8/0x280 block/blk-mq.c:1148
 loop_queue_rq+0x42/0x5c0 drivers/block/loop.c:1817
 __blk_mq_issue_directly+0x6f/0x420 block/blk-mq.c:2439
 __blk_mq_try_issue_directly+0x25d/0x2c0 block/blk-mq.c:2492
 blk_mq_try_issue_directly block/blk-mq.c:2516 [inline]
 blk_mq_submit_bio+0xb3a/0xfd0 block/blk-mq.c:2861
 __submit_bio+0x131/0x330 block/blk-core.c:666
 __submit_bio_noacct_mq block/blk-core.c:743 [inline]
 submit_bio_noacct_nocheck+0x418/0x4e0 block/blk-core.c:760
 submit_bio_noacct+0x66f/0x7d0 block/blk-core.c:867
 submit_bio+0xf7/0x110
 submit_bh_wbc+0x22a/0x260 fs/buffer.c:3045
 submit_bh+0x1e/0x30 fs/buffer.c:3051
 __ext4_read_bh fs/ext4/super.c:174 [inline]
 ext4_read_bh+0xc7/0x130 fs/ext4/super.c:198
 ext4_read_bh_lock fs/ext4/super.c:210 [inline]
 __ext4_sb_bread_gfp fs/ext4/super.c:242 [inline]
 ext4_sb_bread_unmovable+0xc7/0x160 fs/ext4/super.c:259
 __ext4_fill_super+0x185/0x5a00 fs/ext4/super.c:4430
 ext4_fill_super+0x10b/0x2f0 fs/ext4/super.c:5587
 get_tree_bdev+0x2c2/0x3d0 fs/super.c:1292
 vfs_get_tree+0x4a/0x1a0 fs/super.c:1497
 do_new_mount fs/namespace.c:3040 [inline]
 path_mount+0x11cf/0x1c40 fs/namespace.c:3370
 do_mount fs/namespace.c:3383 [inline]
 __do_sys_mount fs/namespace.c:3591 [inline]
 __se_sys_mount+0x24b/0x2f0 fs/namespace.c:3568
 __x64_sys_mount+0x63/0x70 fs/namespace.c:3568
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff88810269b2f8 of 8 bytes by task 1906 on cpu 0:
 blk_add_timer+0x11f/0x1a0
 blk_mq_start_request+0xf8/0x280 block/blk-mq.c:1148
 loop_queue_rq+0x42/0x5c0 drivers/block/loop.c:1817
 __blk_mq_issue_directly+0x6f/0x420 block/blk-mq.c:2439
 __blk_mq_try_issue_directly+0x25d/0x2c0 block/blk-mq.c:2492
 blk_mq_request_issue_directly block/blk-mq.c:2526 [inline]
 blk_mq_plug_issue_direct+0x16d/0x5e0 block/blk-mq.c:2546
 blk_mq_flush_plug_list+0x27a/0x340 block/blk-mq.c:2638
 __blk_flush_plug+0x25a/0x2b0 block/blk-core.c:1244
 blk_finish_plug+0x44/0x60 block/blk-core.c:1268
 read_pages+0x788/0x7f0 mm/readahead.c:179
 page_cache_ra_unbounded+0x2d3/0x310 mm/readahead.c:261
 do_page_cache_ra mm/readahead.c:291 [inline]
 force_page_cache_ra+0x1c6/0x200 mm/readahead.c:322
 page_cache_sync_ra+0xcc/0xe0 mm/readahead.c:688
 page_cache_sync_readahead include/linux/pagemap.h:1185 [inline]
 filemap_get_pages mm/filemap.c:2598 [inline]
 filemap_read+0x3d5/0xe10 mm/filemap.c:2685
 blkdev_read_iter+0x2cc/0x380 block/fops.c:611
 call_read_iter include/linux/fs.h:2044 [inline]
 new_sync_read fs/read_write.c:401 [inline]
 vfs_read+0x5e2/0x6c0 fs/read_write.c:482
 ksys_read+0xd9/0x190 fs/read_write.c:620
 __do_sys_read fs/read_write.c:630 [inline]
 __se_sys_read fs/read_write.c:628 [inline]
 __x64_sys_read+0x3e/0x50 fs/read_write.c:628
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000000000000 -> 0x00000000ffffb2e7

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 1906 Comm: udevd Not tainted 5.17.0-syzkaller-14079-gbe2d3ecedd99-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/04/03 11:44 upstream be2d3ecedd99 79a2a8fc .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
2022/03/15 16:29 upstream 09688c0166e7 9e8eaa75 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __mod_timer / blk_add_timer
* Struck through repros no longer work on HEAD.