KCSAN: data-race in blk_stat_add / blk_stat_timer

KCSAN: data-race in blk_stat_add / blk_stat_timer_fn (6)
Status: auto-closed as invalid on 2021/05/17 11:06
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 137d, last: 127d

similar bugs (5):
Kernel	Title	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in blk_stat_add / blk_stat_timer_fn (5)	12	183d	174d	0/22	auto-closed as invalid on 2021/03/03 15:50
upstream	KCSAN: data-race in blk_stat_add / blk_stat_timer_fn (3)	2	392d	392d	0/22	auto-closed as invalid on 2020/08/07 01:06
upstream	KCSAN: data-race in blk_stat_add / blk_stat_timer_fn (4)	5	303d	328d	0/22	auto-closed as invalid on 2020/11/04 06:43
upstream	KCSAN: data-race in blk_stat_add / blk_stat_timer_fn	10	628d	644d	0/22	closed as invalid on 2019/11/19 14:44
upstream	KCSAN: data-race in blk_stat_add / blk_stat_timer_fn (2)	22	478d	618d	0/22	auto-closed as invalid on 2020/06/16 18:43

Sample crash report:

==================================================================
BUG: KCSAN: data-race in blk_stat_add / blk_stat_timer_fn

write to 0xffffe8ffffd35b78 of 4 bytes by interrupt on cpu 0:
 blk_rq_stat_init block/blk-stat.c:24 [inline]
 blk_stat_timer_fn+0x336/0x410 block/blk-stat.c:95
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1431
 expire_timers+0x116/0x260 kernel/time/timer.c:1476
 __run_timers+0x358/0x3f0 kernel/time/timer.c:1745
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:422
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
 __sanitizer_cov_trace_const_cmp4+0x4/0xa0 kernel/kcov.c:285
 d_is_symlink include/linux/dcache.h:424 [inline]
 do_readlinkat+0xbf/0x200 fs/stat.c:425
 __do_sys_readlink fs/stat.c:450 [inline]
 __se_sys_readlink fs/stat.c:447 [inline]
 __x64_sys_readlink+0x43/0x50 fs/stat.c:447
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffe8ffffd35b78 of 4 bytes by interrupt on cpu 1:
 blk_rq_stat_add block/blk-stat.c:48 [inline]
 blk_stat_add+0x190/0x240 block/blk-stat.c:74
 __blk_mq_end_request+0x142/0x230 block/blk-mq.c:546
 scsi_end_request+0x295/0x460 drivers/scsi/scsi_lib.c:604
 scsi_io_completion+0x104/0x1020 drivers/scsi/scsi_lib.c:970
 scsi_finish_command+0x26e/0x2b0 drivers/scsi/scsi.c:214
 scsi_softirq_done+0xdf/0x440 drivers/scsi/scsi_lib.c:1450
 blk_complete_reqs block/blk-mq.c:576 [inline]
 blk_done_softirq+0x69/0x90 block/blk-mq.c:581
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:422
 common_interrupt+0x80/0x90 arch/x86/kernel/irq.c:240
 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:623
 console_unlock+0x8c9/0xb20 kernel/printk/printk.c:2579
 vprintk_emit+0x131/0x3e0 kernel/printk/printk.c:2098
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2115
 vprintk_func+0x11b/0x120 kernel/printk/printk_safe.c:401
 printk+0x62/0x82 kernel/printk/printk.c:2146
 squashfs_cache_get+0x6d2/0x6e0 fs/squashfs/cache.c:164
 squashfs_read_metadata+0xbb/0x510 fs/squashfs/cache.c:344
 squashfs_lookup+0x358/0x840 fs/squashfs/namei.c:162
 __lookup_slow+0x181/0x250 fs/namei.c:1626
 lookup_slow fs/namei.c:1643 [inline]
 walk_component+0x2a5/0x350 fs/namei.c:1939
 link_path_walk+0x4ba/0x780 fs/namei.c:2262
 path_lookupat+0x7b/0x570 fs/namei.c:2419
 filename_lookup+0xf2/0x380 fs/namei.c:2453
 user_path_at_empty+0x3b/0x50 fs/namei.c:2733
 user_path_at include/linux/namei.h:60 [inline]
 ksys_umount fs/namespace.c:1775 [inline]
 __do_sys_umount fs/namespace.c:1783 [inline]
 __se_sys_umount fs/namespace.c:1781 [inline]
 __x64_sys_umount+0x75/0xd0 fs/namespace.c:1781
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 8397 Comm: syz-executor.2 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-upstream-kcsan-gce	2021/03/25 05:58	upstream	4ee998b0ef8b	607e3baf	.config	log	report			info	KCSAN: data-race in blk_stat_add / blk_stat_timer_fn
ci2-upstream-kcsan-gce	2021/03/14 23:05	upstream	75013c6c52d8	cc1cff8f	.config	log	report			info	KCSAN: data-race in blk_stat_add / blk_stat_timer_fn