syzbot

 sign-in | mailing list | source | docs
🐞 Open [963] 🐞 Fixed [3805] 🐞 Invalid [8174] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in rq_qos_wait / rq_qos_wake_function (4)
Status: auto-closed as invalid on 2021/02/02 13:45
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 533d, last: 512d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in rq_qos_wait / rq_qos_wake_function 3 826d 880d 0/22 auto-closed as invalid on 2020/04/29 11:38
upstream KCSAN: data-race in rq_qos_wait / rq_qos_wake_function (3) 2 582d 614d 0/22 auto-closed as invalid on 2020/11/24 15:14
upstream KCSAN: data-race in rq_qos_wait / rq_qos_wake_function (5) 2 429d 440d 0/22 auto-closed as invalid on 2021/04/26 21:26
upstream KCSAN: data-race in rq_qos_wait / rq_qos_wake_function (2) 1 730d 730d 0/22 closed as invalid on 2020/06/18 14:13

Sample crash report:
==================================================================
BUG: KCSAN: data-race in rq_qos_wait / rq_qos_wake_function

write to 0xffff8881023c1b90 of 8 bytes by interrupt on cpu 1:
 __list_del include/linux/list.h:112 [inline]
 __list_del_entry include/linux/list.h:135 [inline]
 list_del_init include/linux/list.h:204 [inline]
 rq_qos_wake_function+0x85/0xe0 block/blk-rq-qos.c:228
 __wake_up_common+0xbc/0x130 kernel/sched/wait.c:108
 __wake_up_common_lock kernel/sched/wait.c:138 [inline]
 __wake_up+0x80/0xc0 kernel/sched/wait.c:157
 wbt_rqw_done+0x17d/0x260 block/blk-wbt.c:165
 __wbt_done block/blk-wbt.c:178 [inline]
 wbt_done+0xcf/0x1c0 block/blk-wbt.c:199
 __rq_qos_done+0x3b/0x70 block/blk-rq-qos.c:45
 rq_qos_done block/blk-rq-qos.h:153 [inline]
 blk_mq_free_request+0x270/0x330 block/blk-mq.c:529
 __blk_mq_end_request+0x214/0x230 block/blk-mq.c:557
 blk_mq_end_request+0x37/0x50 block/blk-mq.c:566
 lo_complete_rq+0xca/0x180 drivers/block/loop.c:497
 blk_done_softirq+0x145/0x190 block/blk-mq.c:588
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:343
 run_ksoftirqd+0x13/0x20 kernel/softirq.c:650
 smpboot_thread_fn+0x34f/0x520 kernel/smpboot.c:165
 kthread+0x1fd/0x220 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

read to 0xffff8881023c1b90 of 8 bytes by task 8456 on cpu 0:
 list_is_singular include/linux/list.h:360 [inline]
 wq_has_single_sleeper include/linux/wait.h:142 [inline]
 rq_qos_wait+0x122/0x210 block/blk-rq-qos.c:270
 __wbt_wait block/blk-wbt.c:518 [inline]
 wbt_wait+0x1bb/0x2b0 block/blk-wbt.c:583
 __rq_qos_throttle+0x39/0x70 block/blk-rq-qos.c:72
 rq_qos_throttle block/blk-rq-qos.h:182 [inline]
 blk_mq_submit_bio+0x229/0x1000 block/blk-mq.c:2158
 __submit_bio_noacct_mq block/blk-core.c:1027 [inline]
 submit_bio_noacct+0x75d/0x910 block/blk-core.c:1060
 submit_bio+0x1f3/0x350 block/blk-core.c:1130
 submit_bh_wbc+0x392/0x3d0 fs/buffer.c:3054
 __block_write_full_page+0x618/0x9e0 fs/buffer.c:1810
 block_write_full_page+0x250/0x280 fs/buffer.c:2980
 blkdev_writepage+0x20/0x30 fs/block_dev.c:616
 __writepage+0x32/0xc0 mm/page-writeback.c:2311
 write_cache_pages+0x4bc/0x7f0 mm/page-writeback.c:2246
 generic_writepages+0x64/0xa0 mm/page-writeback.c:2337
 blkdev_writepages+0x19/0x20 fs/block_dev.c:1725
 do_writepages+0x7b/0x150 mm/page-writeback.c:2352
 __filemap_fdatawrite_range+0x19d/0x1d0 mm/filemap.c:422
 __filemap_fdatawrite mm/filemap.c:430 [inline]
 filemap_flush+0x1f/0x30 mm/filemap.c:457
 __sync_blockdev+0x69/0x70 fs/block_dev.c:504
 __sync_filesystem fs/sync.c:40 [inline]
 sync_filesystem+0xcb/0x160 fs/sync.c:64
 generic_shutdown_super+0x3c/0x1f0 fs/super.c:448
 kill_block_super+0x4a/0x90 fs/super.c:1393
 deactivate_locked_super+0x6a/0xb0 fs/super.c:335
 deactivate_super+0x85/0x90 fs/super.c:366
 cleanup_mnt+0x277/0x2e0 fs/namespace.c:1118
 __cleanup_mnt+0x15/0x20 fs/namespace.c:1125
 task_work_run+0x8e/0x110 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x16b/0x1a0 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8456 Comm: syz-executor.4 Not tainted 5.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2020/12/29 13:38 upstream dea8dcf2a9fa 80910769 .config log report info
ci2-upstream-kcsan-gce 2020/12/14 23:39 upstream fab0fca1da5c 97183ed7 .config log report info
ci2-upstream-kcsan-gce 2020/12/08 15:21 upstream cd796ed33450 9af51e31 .config log report info