syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch

Status: closed as invalid on 2020/06/18 14:24
Subsystems: mm fs
[Documentation on labels]
First crash: 1594d, last: 1435d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch (3) fs mm 2 1215d 1229d 0/26 auto-closed as invalid on 2021/01/24 22:24
upstream KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch (7) fs mm 276 5d14h 134d 0/26 moderation: reported on 2023/12/07 10:04
upstream KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch (5) fs mm 3 992d 1026d 0/26 auto-closed as invalid on 2021/09/04 14:56
upstream KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch (4) fs mm 6 1071d 1170d 0/26 auto-closed as invalid on 2021/06/18 08:34
upstream KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch (6) fs mm 17 877d 953d 0/26 auto-closed as invalid on 2021/12/29 06:33
upstream KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch (2) fs mm 3 1293d 1331d 0/26 auto-closed as invalid on 2020/11/08 10:33

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch

write to 0xffff888129a91958 of 8 bytes by interrupt on cpu 1:
 percpu_counter_add_batch+0xbc/0x140 lib/percpu_counter.c:91
 __add_wb_stat include/linux/backing-dev.h:74 [inline]
 inc_wb_stat include/linux/backing-dev.h:79 [inline]
 __wb_writeout_inc mm/page-writeback.c:604 [inline]
 test_clear_page_writeback+0x533/0x7e0 mm/page-writeback.c:2737
 end_page_writeback+0x98/0x180 mm/filemap.c:1317
 end_buffer_async_write+0x22d/0x260 fs/buffer.c:384
 end_bio_bh_io_sync+0x7d/0xa0 fs/buffer.c:3012
 bio_endio+0x2db/0x3e0 block/bio.c:1422
 req_bio_endio block/blk-core.c:245 [inline]
 blk_update_request+0x418/0x7a0 block/blk-core.c:1472
 scsi_end_request+0x6e/0x360 drivers/scsi/scsi_lib.c:575
 scsi_io_completion+0x11e/0xcc0 drivers/scsi/scsi_lib.c:959
 scsi_finish_command+0x283/0x390 drivers/scsi/scsi.c:214
 scsi_softirq_done+0x249/0x270 drivers/scsi/scsi_lib.c:1454
 blk_done_softirq+0x1e6/0x250 block/blk-softirq.c:37
 __do_softirq+0x118/0x34a kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0xb5/0xd0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:546 [inline]
 do_IRQ+0x7b/0x120 arch/x86/kernel/irq.c:263
 ret_from_intr+0x0/0x21
 write_comp_data+0x0/0x70 kernel/kcov.c:197
 tomoyo_domain_quota_is_ok+0x236/0x2b0 security/tomoyo/util.c:1071
 tomoyo_supervisor+0x1d9/0xc90 security/tomoyo/common.c:2089
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_path_permission+0x118/0x150 security/tomoyo/file.c:573
 tomoyo_path_perm+0x215/0x350 security/tomoyo/file.c:838
 tomoyo_inode_getattr+0x23/0x40 security/tomoyo/tomoyo.c:129
 security_inode_getattr+0x97/0xc0 security/security.c:1273
 vfs_getattr+0x2c/0x70 fs/stat.c:117
 vfs_statx+0x104/0x190 fs/stat.c:201
 vfs_lstat include/linux/fs.h:3284 [inline]
 __do_sys_newlstat+0x50/0xb0 fs/stat.c:364
 __se_sys_newlstat fs/stat.c:358 [inline]
 __x64_sys_newlstat+0x37/0x50 fs/stat.c:358
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff888129a91958 of 8 bytes by task 7 on cpu 0:
 __wb_update_bandwidth+0xb0/0x3d0 mm/page-writeback.c:1365
 wb_update_bandwidth+0x93/0xc0 mm/page-writeback.c:1399
 wb_writeback+0x21d/0x6a0 fs/fs-writeback.c:1897
 wb_check_old_data_flush fs/fs-writeback.c:1996 [inline]
 wb_do_writeback fs/fs-writeback.c:2049 [inline]
 wb_workfn+0x796/0x970 fs/fs-writeback.c:2078
 process_one_work+0x424/0x930 kernel/workqueue.c:2268
 worker_thread+0x9a/0x7e0 kernel/workqueue.c:2414
 kthread+0x203/0x230 kernel/kthread.c:268
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: writeback wb_workfn (flush-8:0)
==================================================================

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/15 11:31 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 2d572622 .config console log report ci2-upstream-kcsan-gce
2020/04/28 18:40 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 e3ecea2e .config console log report ci2-upstream-kcsan-gce
2020/04/01 05:50 https://github.com/google/ktsan.git kcsan 40959e34d670 a34e2c33 .config console log report ci2-upstream-kcsan-gce
2020/02/13 00:34 https://github.com/google/ktsan.git kcsan f60f0f543333 84f4fc8a .config console log report ci2-upstream-kcsan-gce
2020/02/08 08:23 https://github.com/google/ktsan.git kcsan 6cccb8ba35bd 06150bf1 .config console log report ci2-upstream-kcsan-gce
2020/01/23 08:32 https://github.com/google/ktsan.git kcsan 245a43005292 3334d684 .config console log report ci2-upstream-kcsan-gce
2020/01/06 07:59 https://github.com/google/ktsan.git kcsan 245a43005292 438e1227 .config console log report ci2-upstream-kcsan-gce
2019/12/10 10:24 https://github.com/google/ktsan.git kcsan ef798c30ba4e 4b83c8fb .config console log report ci2-upstream-kcsan-gce
2019/12/08 12:11 https://github.com/google/ktsan.git kcsan ef798c30ba4e 1508f453 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.