syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __xa_clear_mark / sync_inodes_sb

Status: auto-closed as invalid on 2020/08/04 19:16
Subsystems: fs mm
[Documentation on labels]
First crash: 1388d, last: 1388d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __xa_clear_mark / sync_inodes_sb (2) fs mm 2 1263d 1228d 0/26 auto-closed as invalid on 2020/12/21 11:51
upstream KCSAN: data-race in __xa_clear_mark / sync_inodes_sb (3) mm fs 1 1206d 1206d 0/26 auto-closed as invalid on 2021/02/02 10:35

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __xa_clear_mark / sync_inodes_sb

write to 0xffff88811ea1c6ac of 4 bytes by interrupt on cpu 1:
 xa_mark_clear lib/xarray.c:75 [inline]
 xas_clear_mark lib/xarray.c:918 [inline]
 __xa_clear_mark+0x325/0x350 lib/xarray.c:1726
 test_clear_page_writeback+0x28d/0x480 mm/page-writeback.c:2741
 end_page_writeback+0xa7/0x110 mm/filemap.c:1314
 ext4_finish_bio+0x429/0x490 fs/ext4/page-io.c:146
 ext4_end_bio+0x1b0/0x2e0 fs/ext4/page-io.c:367
 bio_endio+0x34c/0x490 block/bio.c:1445
 req_bio_endio block/blk-core.c:261 [inline]
 blk_update_request+0x535/0xbd0 block/blk-core.c:1569
 scsi_end_request+0x43/0x3e0 drivers/scsi/scsi_lib.c:558
 scsi_io_completion+0x105/0xf40 drivers/scsi/scsi_lib.c:934
 scsi_finish_command+0x277/0x2c0 drivers/scsi/scsi.c:214
 scsi_softirq_done+0x271/0x400 drivers/scsi/scsi_lib.c:1460
 blk_done_softirq+0x1a5/0x200 block/blk-softirq.c:37
 __do_softirq+0x198/0x360 kernel/softirq.c:292
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x5d/0x80 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:387 [inline]
 __irq_exit_rcu+0x115/0x120 kernel/softirq.c:417
 common_interrupt+0x14e/0x1e0 arch/x86/kernel/irq.c:239
 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:587
 arch_local_irq_enable arch/x86/include/asm/paravirt.h:775 [inline]
 preempt_schedule_irq+0x4b/0x90 kernel/sched/core.c:4435
 idtentry_exit_cond_resched+0x30/0x40 arch/x86/entry/common.c:621
 idtentry_exit_cond_rcu+0x2e/0x30 arch/x86/entry/common.c:668
 sysvec_apic_timer_interrupt+0xc6/0xd0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:596
 arch_local_irq_restore arch/x86/include/asm/paravirt.h:765 [inline]
 kcsan_setup_watchpoint+0x47c/0x4d0 kernel/kcsan/core.c:542
 mem_cgroup_enter_user_fault include/linux/memcontrol.h:539 [inline]
 handle_mm_fault+0x116/0x1930 mm/memory.c:4389
 do_user_addr_fault+0x393/0x810 arch/x86/mm/fault.c:1295
 handle_page_fault arch/x86/mm/fault.c:1365 [inline]
 exc_page_fault+0xb8/0x330 arch/x86/mm/fault.c:1418
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:565

read to 0xffff88811ea1c6ac of 4 bytes by task 8852 on cpu 0:
 xa_marked include/linux/xarray.h:416 [inline]
 mapping_tagged include/linux/fs.h:523 [inline]
 wait_sb_inodes fs/fs-writeback.c:2415 [inline]
 sync_inodes_sb+0x30e/0x450 fs/fs-writeback.c:2558
 __sync_filesystem fs/sync.c:34 [inline]
 sync_filesystem+0xe4/0x160 fs/sync.c:67
 ovl_sync_fs+0x74/0x90 fs/overlayfs/super.c:281
 __sync_filesystem fs/sync.c:39 [inline]
 sync_filesystem+0x112/0x160 fs/sync.c:67
 generic_shutdown_super+0x42/0x210 fs/super.c:448
 kill_anon_super+0x23/0x40 fs/super.c:1108
 deactivate_locked_super+0x6a/0xb0 fs/super.c:335
 deactivate_super+0x85/0x90 fs/super.c:366
 cleanup_mnt+0x277/0x2e0 fs/namespace.c:1118
 __cleanup_mnt+0x15/0x20 fs/namespace.c:1125
 task_work_run+0x8e/0x110 kernel/task_work.c:123
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop arch/x86/entry/common.c:216 [inline]
 __prepare_exit_to_usermode+0x1c6/0x230 arch/x86/entry/common.c:246
 __syscall_return_slowpath+0x47/0x60 arch/x86/entry/common.c:329
 do_syscall_64+0x5d/0xb0 arch/x86/entry/common.c:368
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8852 Comm: syz-executor.2 Not tainted 5.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/30 19:13 upstream 7c30b859a947 917afeaa .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.