syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6010]
🐞 Invalid [14806]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched (4)

Status: auto-closed as invalid on 2021/12/05 20:22
Subsystems: block
[Documentation on labels]
First crash: 1300d, last: 1185d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched (5) block 1 1099d 1099d 0/28 auto-closed as invalid on 2022/03/01 13:18
upstream KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched (2) block 8 1571d 1642d 0/28 auto-closed as invalid on 2020/11/14 12:11
upstream KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched (6) block 3 1022d 1064d 0/28 auto-closed as invalid on 2022/05/17 13:43
upstream KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched block 2 1679d 1684d 0/28 auto-closed as invalid on 2020/07/30 00:43
upstream KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched (3) block 28 1338d 1513d 0/28 auto-closed as invalid on 2021/07/05 21:10

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched

write to 0xffff888101faf410 of 8 bytes by task 52 on cpu 1:
 INIT_LIST_HEAD include/linux/list.h:36 [inline]
 list_splice_init include/linux/list.h:483 [inline]
 __blk_mq_sched_dispatch_requests+0x137/0x290 block/blk-mq-sched.c:308
 blk_mq_sched_dispatch_requests+0x9f/0x110 block/blk-mq-sched.c:360
 __blk_mq_run_hw_queue+0xbc/0x140 block/blk-mq.c:1492
 __blk_mq_delay_run_hw_queue+0x163/0x2f0 block/blk-mq.c:1569
 blk_mq_run_hw_queue+0x22c/0x250 block/blk-mq.c:1622
 blk_mq_run_hw_queues+0x1d1/0x230 block/blk-mq.c:1685
 blk_mq_requeue_work+0x3ff/0x440 block/blk-mq.c:805
 process_one_work+0x402/0x910 kernel/workqueue.c:2297
 worker_thread+0x636/0xae0 kernel/workqueue.c:2444
 kthread+0x262/0x280 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30

read to 0xffff888101faf410 of 8 bytes by task 10629 on cpu 0:
 list_empty_careful include/linux/list.h:319 [inline]
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:140 [inline]
 blk_mq_do_dispatch_sched+0x167/0x640 block/blk-mq-sched.c:214
 __blk_mq_sched_dispatch_requests+0x1eb/0x290
 blk_mq_sched_dispatch_requests+0x9f/0x110 block/blk-mq-sched.c:360
 __blk_mq_run_hw_queue+0xbc/0x140 block/blk-mq.c:1492
 __blk_mq_delay_run_hw_queue+0x163/0x2f0 block/blk-mq.c:1569
 blk_mq_run_hw_queue+0x22c/0x250 block/blk-mq.c:1622
 blk_mq_sched_insert_requests+0x12b/0x1f0 block/blk-mq-sched.c:513
 blk_mq_flush_plug_list+0x302/0x3d0 block/blk-mq.c:1947
 blk_flush_plug_list+0x235/0x260 block/blk-core.c:1726
 blk_finish_plug+0x44/0x60 block/blk-core.c:1743
 __iomap_dio_rw+0xca7/0x1010 fs/iomap/direct-io.c:570
 iomap_dio_rw+0x30/0x70 fs/iomap/direct-io.c:649
 ext4_dio_write_iter fs/ext4/file.c:568 [inline]
 ext4_file_write_iter+0xa59/0x11f0 fs/ext4/file.c:678
 call_write_iter include/linux/fs.h:2163 [inline]
 do_iter_readv_writev+0x2de/0x380 fs/read_write.c:729
 do_iter_write+0x192/0x5c0 fs/read_write.c:855
 vfs_iter_write+0x4c/0x70 fs/read_write.c:896
 iter_file_splice_write+0x43a/0x790 fs/splice.c:689
 do_splice_from fs/splice.c:767 [inline]
 direct_splice_actor+0x80/0xa0 fs/splice.c:936
 splice_direct_to_actor+0x345/0x650 fs/splice.c:891
 do_splice_direct+0x106/0x190 fs/splice.c:979
 do_sendfile+0x63e/0xbb0 fs/read_write.c:1249
 __do_sys_sendfile64 fs/read_write.c:1314 [inline]
 __se_sys_sendfile64 fs/read_write.c:1300 [inline]
 __x64_sys_sendfile64+0x102/0x140 fs/read_write.c:1300
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0xffff888101d9f448 -> 0xffff888101faf408

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10629 Comm: syz-executor.2 Tainted: G        W         5.15.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/10/31 20:14 upstream 180eca540ae0 098b5d53 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/09/29 01:00 upstream d33bec7b3dfa d82cb927 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/09/25 20:15 upstream 85736168463d 8cac236e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/09/20 01:29 upstream 20621d2f27a0 70b76c1d .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/08/17 11:59 upstream a2824f19e606 33c26cb7 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/08/10 18:59 upstream 9a73fa375d58 6972b106 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/07/24 01:51 upstream 8baef6386baa bc5f1d88 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/07/14 21:32 upstream 8096acd7442e 94e0b707 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
2021/07/08 06:54 upstream 3dbdb38e2869 1aade754 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __blk_mq_sched_dispatch_requests / blk_mq_do_dispatch_sched
* Struck through repros no longer work on HEAD.