KCSAN: data-race in __find_get_block / has_bh_in_lru
12 views
Skip to first unread message
syzbot
Feb 2, 2020, 9:48:13 PM2/2/20
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 245a4300 Merge branch 'rcu/kcsan' into tip/locking/kcsan
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=11789f66e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b9db179318d21f
dashboard link: https://syzkaller.appspot.com/bug?extid=aa6de90d54fa7c0888ad
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aa6de9...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __find_get_block / has_bh_in_lru
write to 0xffff88812c12a1c0 of 8 bytes by task 25221 on cpu 1:
bh_lru_install fs/buffer.c:1279 [inline]
__find_get_block fs/buffer.c:1338 [inline]
__find_get_block+0x62b/0x760 fs/buffer.c:1330
sb_find_get_block include/linux/buffer_head.h:338 [inline]
recently_deleted fs/ext4/ialloc.c:677 [inline]
find_inode_bit.isra.0+0x161/0x300 fs/ext4/ialloc.c:717
__ext4_new_inode+0xd45/0x2f10 fs/ext4/ialloc.c:909
ext4_symlink+0x31c/0x9b0 fs/ext4/namei.c:3275
vfs_symlink fs/namei.c:4131 [inline]
vfs_symlink+0x218/0x310 fs/namei.c:4117
do_symlinkat+0x1a5/0x1e0 fs/namei.c:4158
__do_sys_symlink fs/namei.c:4177 [inline]
__se_sys_symlink fs/namei.c:4175 [inline]
__x64_sys_symlink+0x3f/0x50 fs/namei.c:4175
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff88812c12a1c0 of 8 bytes by task 25262 on cpu 0:
has_bh_in_lru+0x44/0x90 fs/buffer.c:1427
on_each_cpu_cond_mask+0xa3/0x150 kernel/smp.c:695
on_each_cpu_cond+0x44/0x60 kernel/smp.c:721
invalidate_bh_lrus+0x32/0x40 fs/buffer.c:1436
invalidate_bdev+0x69/0x90 fs/block_dev.c:96
__loop_clr_fd+0x250/0x740 drivers/block/loop.c:1140
loop_clr_fd drivers/block/loop.c:1237 [inline]
lo_ioctl+0x24c/0xc80 drivers/block/loop.c:1606
__blkdev_driver_ioctl block/ioctl.c:277 [inline]
blkdev_ioctl+0xbe5/0x1260 block/ioctl.c:582
block_ioctl+0x95/0xc0 fs/block_dev.c:1983
vfs_ioctl fs/ioctl.c:47 [inline]
file_ioctl fs/ioctl.c:545 [inline]
do_vfs_ioctl+0x84f/0xcf0 fs/ioctl.c:732
ksys_ioctl+0xbd/0xe0 fs/ioctl.c:749
__do_sys_ioctl fs/ioctl.c:756 [inline]
__se_sys_ioctl fs/ioctl.c:754 [inline]
__x64_sys_ioctl+0x4c/0x60 fs/ioctl.c:754
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25262 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 245a4300 Merge branch 'rcu/kcsan' into tip/locking/kcsan
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=11789f66e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b9db179318d21f
dashboard link: https://syzkaller.appspot.com/bug?extid=aa6de90d54fa7c0888ad
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+aa6de9...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __find_get_block / has_bh_in_lru
write to 0xffff88812c12a1c0 of 8 bytes by task 25221 on cpu 1:
bh_lru_install fs/buffer.c:1279 [inline]
__find_get_block fs/buffer.c:1338 [inline]
__find_get_block+0x62b/0x760 fs/buffer.c:1330
sb_find_get_block include/linux/buffer_head.h:338 [inline]
recently_deleted fs/ext4/ialloc.c:677 [inline]
find_inode_bit.isra.0+0x161/0x300 fs/ext4/ialloc.c:717
__ext4_new_inode+0xd45/0x2f10 fs/ext4/ialloc.c:909
ext4_symlink+0x31c/0x9b0 fs/ext4/namei.c:3275
vfs_symlink fs/namei.c:4131 [inline]
vfs_symlink+0x218/0x310 fs/namei.c:4117
do_symlinkat+0x1a5/0x1e0 fs/namei.c:4158
__do_sys_symlink fs/namei.c:4177 [inline]
__se_sys_symlink fs/namei.c:4175 [inline]
__x64_sys_symlink+0x3f/0x50 fs/namei.c:4175
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff88812c12a1c0 of 8 bytes by task 25262 on cpu 0:
has_bh_in_lru+0x44/0x90 fs/buffer.c:1427
on_each_cpu_cond_mask+0xa3/0x150 kernel/smp.c:695
on_each_cpu_cond+0x44/0x60 kernel/smp.c:721
invalidate_bh_lrus+0x32/0x40 fs/buffer.c:1436
invalidate_bdev+0x69/0x90 fs/block_dev.c:96
__loop_clr_fd+0x250/0x740 drivers/block/loop.c:1140
loop_clr_fd drivers/block/loop.c:1237 [inline]
lo_ioctl+0x24c/0xc80 drivers/block/loop.c:1606
__blkdev_driver_ioctl block/ioctl.c:277 [inline]
blkdev_ioctl+0xbe5/0x1260 block/ioctl.c:582
block_ioctl+0x95/0xc0 fs/block_dev.c:1983
vfs_ioctl fs/ioctl.c:47 [inline]
file_ioctl fs/ioctl.c:545 [inline]
do_vfs_ioctl+0x84f/0xcf0 fs/ioctl.c:732
ksys_ioctl+0xbd/0xe0 fs/ioctl.c:749
__do_sys_ioctl fs/ioctl.c:756 [inline]
__se_sys_ioctl fs/ioctl.c:754 [inline]
__x64_sys_ioctl+0x4c/0x60 fs/ioctl.c:754
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25262 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 4, 2023, 4:12:26 AM12/4/23
to syzkaller-upst...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 33cc938e65a9 Linux 6.7-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=137df83ce80000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac34c1f29a8029df
dashboard link: https://syzkaller.appspot.com/bug?extid=aa6de90d54fa7c0888ad
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17b31c86e80000
CC: [adilger...@dilger.ca linux...@vger.kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org ty...@mit.edu]
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6a0655688b57/disk-33cc938e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/89a66df4cc89/vmlinux-33cc938e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/621e82bbfa03/bzImage-33cc938e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/8bf46a69705e/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
bh_lru_install fs/buffer.c:1340 [inline]
__find_get_block+0x409/0x890 fs/buffer.c:1403
bdev_getblk+0x35/0x7a0 fs/buffer.c:1423
__getblk include/linux/buffer_head.h:358 [inline]
sb_getblk include/linux/buffer_head.h:364 [inline]
ext4_getblk+0x1c1/0x510 fs/ext4/inode.c:841
ext4_bread+0x2c/0x110 fs/ext4/inode.c:887
__ext4_read_dirblock+0x77/0x5a0 fs/ext4/namei.c:144
htree_dirblock_to_tree+0x102/0x630 fs/ext4/namei.c:1082
ext4_htree_fill_tree+0x429/0x9b0 fs/ext4/namei.c:1219
ext4_dx_readdir fs/ext4/dir.c:597 [inline]
ext4_readdir+0x15b0/0x1ac0 fs/ext4/dir.c:142
iterate_dir+0x128/0x300 fs/readdir.c:106
__do_sys_getdents64 fs/readdir.c:405 [inline]
__se_sys_getdents64+0x88/0x1a0 fs/readdir.c:390
__x64_sys_getdents64+0x43/0x50 fs/readdir.c:390
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
read to 0xffff888237d2a448 of 8 bytes by task 3102 on cpu 0:
has_bh_in_lru+0x35/0x1e0 fs/buffer.c:1510
cpu_needs_drain mm/swap.c:802 [inline]
__lru_add_drain_all+0x254/0x420 mm/swap.c:889
lru_add_drain_all+0x10/0x20 mm/swap.c:905
invalidate_bdev+0x54/0x70 block/bdev.c:86
ext4_put_super+0x51b/0x7e0 fs/ext4/super.c:1361
generic_shutdown_super+0xdb/0x210 fs/super.c:696
kill_block_super+0x2a/0x60 fs/super.c:1667
ext4_kill_sb+0x44/0x80 fs/ext4/super.c:7330
deactivate_locked_super+0x7a/0x1c0 fs/super.c:484
deactivate_super+0x9b/0xb0 fs/super.c:517
cleanup_mnt+0x272/0x2e0 fs/namespace.c:1256
__cleanup_mnt+0x19/0x20 fs/namespace.c:1263
task_work_run+0x135/0x1a0 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xd6/0xe0 kernel/entry/common.c:171
exit_to_user_mode_prepare+0x6c/0xb0 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:296
do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x0000000000000000 -> 0xffff8881053bbf70
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 3102 Comm: syz-executor.0 Not tainted 6.7.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
==================================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 33cc938e65a9 Linux 6.7-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=137df83ce80000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac34c1f29a8029df
dashboard link: https://syzkaller.appspot.com/bug?extid=aa6de90d54fa7c0888ad
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17b31c86e80000
CC: [adilger...@dilger.ca linux...@vger.kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org ty...@mit.edu]
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6a0655688b57/disk-33cc938e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/89a66df4cc89/vmlinux-33cc938e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/621e82bbfa03/bzImage-33cc938e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/8bf46a69705e/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+aa6de9...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __find_get_block / has_bh_in_lru
read-write to 0xffff888237d2a448 of 8 bytes by task 3114 on cpu 1:
==================================================================
BUG: KCSAN: data-race in __find_get_block / has_bh_in_lru
bh_lru_install fs/buffer.c:1340 [inline]
__find_get_block+0x409/0x890 fs/buffer.c:1403
bdev_getblk+0x35/0x7a0 fs/buffer.c:1423
__getblk include/linux/buffer_head.h:358 [inline]
sb_getblk include/linux/buffer_head.h:364 [inline]
ext4_getblk+0x1c1/0x510 fs/ext4/inode.c:841
ext4_bread+0x2c/0x110 fs/ext4/inode.c:887
__ext4_read_dirblock+0x77/0x5a0 fs/ext4/namei.c:144
htree_dirblock_to_tree+0x102/0x630 fs/ext4/namei.c:1082
ext4_htree_fill_tree+0x429/0x9b0 fs/ext4/namei.c:1219
ext4_dx_readdir fs/ext4/dir.c:597 [inline]
ext4_readdir+0x15b0/0x1ac0 fs/ext4/dir.c:142
iterate_dir+0x128/0x300 fs/readdir.c:106
__do_sys_getdents64 fs/readdir.c:405 [inline]
__se_sys_getdents64+0x88/0x1a0 fs/readdir.c:390
__x64_sys_getdents64+0x43/0x50 fs/readdir.c:390
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
read to 0xffff888237d2a448 of 8 bytes by task 3102 on cpu 0:
has_bh_in_lru+0x35/0x1e0 fs/buffer.c:1510
cpu_needs_drain mm/swap.c:802 [inline]
__lru_add_drain_all+0x254/0x420 mm/swap.c:889
lru_add_drain_all+0x10/0x20 mm/swap.c:905
invalidate_bdev+0x54/0x70 block/bdev.c:86
ext4_put_super+0x51b/0x7e0 fs/ext4/super.c:1361
generic_shutdown_super+0xdb/0x210 fs/super.c:696
kill_block_super+0x2a/0x60 fs/super.c:1667
ext4_kill_sb+0x44/0x80 fs/ext4/super.c:7330
deactivate_locked_super+0x7a/0x1c0 fs/super.c:484
deactivate_super+0x9b/0xb0 fs/super.c:517
cleanup_mnt+0x272/0x2e0 fs/namespace.c:1256
__cleanup_mnt+0x19/0x20 fs/namespace.c:1263
task_work_run+0x135/0x1a0 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xd6/0xe0 kernel/entry/common.c:171
exit_to_user_mode_prepare+0x6c/0xb0 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:296
do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x0000000000000000 -> 0xffff8881053bbf70
Reported by Kernel Concurrency Sanitizer on:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
==================================================================
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages