syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12499] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear (3)

Status: fixed on 2022/03/08 16:11
Subsystems: block
[Documentation on labels]
Reported-by: syzbot+4f8bfd804b4a1f95b8f6@syzkaller.appspotmail.com
Fix commit: 9f8b93a7df4d sbitmap: silence data race warning
First crash: 917d, last: 906d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear (3) 5 (6) 2021/10/25 16:47
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear (2) block 4 1259d 1234d 0/26 auto-closed as invalid on 2020/12/21 11:46
upstream KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear block 36 1541d 1644d 0/26 auto-closed as invalid on 2020/04/14 03:40

Sample crash report:
==================================================================
BUG: KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear

write to 0xffffe8ffffc14e1c of 4 bytes by interrupt on cpu 1:
 sbitmap_queue_clear+0xca/0xf0 lib/sbitmap.c:606
 blk_mq_put_tag+0x82/0x90
 __blk_mq_free_request+0x114/0x180 block/blk-mq.c:507
 blk_mq_free_request+0x2c8/0x340 block/blk-mq.c:541
 __blk_mq_end_request+0x214/0x230 block/blk-mq.c:565
 blk_mq_end_request+0x37/0x50 block/blk-mq.c:574
 lo_complete_rq+0xca/0x170 drivers/block/loop.c:541
 blk_complete_reqs block/blk-mq.c:584 [inline]
 blk_done_softirq+0x69/0x90 block/blk-mq.c:589
 __do_softirq+0x12c/0x26e kernel/softirq.c:558
 run_ksoftirqd+0x13/0x20 kernel/softirq.c:920
 smpboot_thread_fn+0x22f/0x330 kernel/smpboot.c:164
 kthread+0x262/0x280 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30

write to 0xffffe8ffffc14e1c of 4 bytes by interrupt on cpu 0:
 sbitmap_queue_clear+0xca/0xf0 lib/sbitmap.c:606
 blk_mq_put_tag+0x82/0x90
 __blk_mq_free_request+0x114/0x180 block/blk-mq.c:507
 blk_mq_free_request+0x2c8/0x340 block/blk-mq.c:541
 __blk_mq_end_request+0x214/0x230 block/blk-mq.c:565
 blk_mq_end_request+0x37/0x50 block/blk-mq.c:574
 lo_complete_rq+0xca/0x170 drivers/block/loop.c:541
 blk_complete_reqs block/blk-mq.c:584 [inline]
 blk_done_softirq+0x69/0x90 block/blk-mq.c:589
 __do_softirq+0x12c/0x26e kernel/softirq.c:558
 run_ksoftirqd+0x13/0x20 kernel/softirq.c:920
 smpboot_thread_fn+0x22f/0x330 kernel/smpboot.c:164
 kthread+0x262/0x280 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30

value changed: 0x00000004 -> 0x00000007

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10 Comm: ksoftirqd/0 Not tainted 5.15.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
sd 0:0:1:0: tag#5981 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5981 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#5981 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#5981 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#5981 CDB[20]: ba
sd 0:0:1:0: tag#5982 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5982 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#5982 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#5982 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#5982 CDB[20]: ba
scsi_io_completion_action: 2 callbacks suppressed
sd 0:0:1:0: tag#5973 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5973 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#5973 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#5973 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#5973 CDB[20]: ba
sd 0:0:1:0: tag#5974 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5974 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#5974 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#5974 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#5974 CDB[20]: ba
sd 0:0:1:0: tag#5975 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5975 CDB: Change Definition
sd 0:0:1:0: tag#5975 CDB[00]: 40 00 d3 e0 fc 0a c4 ba 00 c3 8c 57 48 90 c9 07
sd 0:0:1:0: tag#5975 CDB[10]: f4 6d 4b 25 f1 10 3b 93 d2 f4 54 c1 8c 4d 14 63
sd 0:0:1:0: tag#5975 CDB[20]: 3c c1 26 ce cd c5 01 14 ca 41 fb e3 a3 8a 91 fc
sd 0:0:1:0: tag#5975 CDB[30]: 94 34 8d 56 24 5e df 49 1e 79 86 9d 9e 4b e7 d8
sd 0:0:1:0: tag#5975 CDB[40]: 84 95 94 6c 6b 3b 52 46 33 6e 9f 7a c3 fb 85 29
sd 0:0:1:0: tag#5975 CDB[50]: c7 bb b7 aa 4b 56 8d 2d 6f 78 e6 44 db e9 e3 5e
sd 0:0:1:0: tag#5975 CDB[60]: fc f3 7f 18 24 93 22 b2 71 61 3b d8 87 dd e3 8c
sd 0:0:1:0: tag#5975 CDB[70]: 74 97 4f 2c c7
sd 0:0:1:0: tag#5976 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5976 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#5976 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#5976 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#5976 CDB[20]: ba
sd 0:0:1:0: tag#5970 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5970 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#5970 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#5970 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#5970 CDB[20]: ba
sd 0:0:1:0: tag#5973 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
sd 0:0:1:0: tag#5973 CDB: opcode=0xe5 (vendor)
sd 0:0:1:0: tag#5973 CDB[00]: e5 f4 32 73 2f 4e 09 6d 26 e2 c7 35 d1 35 12 1c
sd 0:0:1:0: tag#5973 CDB[10]: 92 1b da 40 b8 58 5b a8 d4 7d 34 f3 90 4c f1 2d
sd 0:0:1:0: tag#5973 CDB[20]: ba

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/10/31 17:27 upstream 180eca540ae0 098b5d53 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear
2021/10/28 06:48 upstream 1fc596a56b33 be531bb4 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear
2021/10/27 19:52 upstream d25f27432f80 be531bb4 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear
2021/10/21 03:34 upstream 2f111a6fd5b5 f111d03b .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear
2021/10/20 11:40 upstream d9abdee5fd5a 418a00eb .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear
* Struck through repros no longer work on HEAD.