KCSAN: data-race in iomap_dio_bio_actor / iomap_dio_bio_end_io
5 views
Skip to first unread message
syzbot
Feb 9, 2020, 9:38:10 AM2/9/20
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 245a4300 Merge branch 'rcu/kcsan' into tip/locking/kcsan
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=17f3bad9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b9db179318d21f
dashboard link: https://syzkaller.appspot.com/bug?extid=d3a06e754793ab195f01
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [darric...@oracle.com h...@infradead.org linux-...@vger.kernel.org linux-...@vger.kernel.org linu...@vger.kernel.org el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d3a06e...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in iomap_dio_bio_actor / iomap_dio_bio_end_io
read to 0xffff8880a470eb24 of 4 bytes by interrupt on cpu 1:
iomap_dio_bio_end_io+0x4c/0x2b0 fs/iomap/direct-io.c:149
bio_endio+0x2fa/0x400 block/bio.c:1821
req_bio_endio block/blk-core.c:245 [inline]
blk_update_request+0x427/0x7b0 block/blk-core.c:1464
scsi_end_request+0x6b/0x360 drivers/scsi/scsi_lib.c:576
scsi_io_completion+0x11d/0xc80 drivers/scsi/scsi_lib.c:960
scsi_finish_command+0x283/0x380 drivers/scsi/scsi.c:228
scsi_softirq_done+0x259/0x280 drivers/scsi/scsi_lib.c:1476
blk_done_softirq+0x1eb/0x250 block/blk-softirq.c:37
__do_softirq+0x115/0x33f kernel/softirq.c:292
invoke_softirq kernel/softirq.c:373 [inline]
irq_exit+0xbb/0xe0 kernel/softirq.c:413
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
do_IRQ+0x81/0x130 arch/x86/kernel/irq.c:263
ret_from_intr+0x0/0x21
__tsan_read8+0xc8/0x100 kernel/kcsan/core.c:589
ext4_find_goal fs/ext4/indirect.c:253 [inline]
ext4_ind_map_blocks+0x4a6/0x1760 fs/ext4/indirect.c:608
ext4_map_blocks+0x660/0xff0 fs/ext4/inode.c:625
ext4_iomap_alloc fs/ext4/inode.c:3400 [inline]
ext4_iomap_begin+0x27d/0x490 fs/ext4/inode.c:3439
iomap_apply+0xdc/0x6a0 fs/iomap/apply.c:46
iomap_dio_rw+0x67e/0x9a0 fs/iomap/direct-io.c:498
ext4_dio_write_iter fs/ext4/file.c:438 [inline]
ext4_file_write_iter+0xc38/0xd40 fs/ext4/file.c:545
call_write_iter include/linux/fs.h:1902 [inline]
new_sync_write+0x388/0x4a0 fs/read_write.c:483
__vfs_write+0xb1/0xc0 fs/read_write.c:496
vfs_write fs/read_write.c:558 [inline]
vfs_write+0x18a/0x390 fs/read_write.c:542
ksys_write+0xd5/0x1b0 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x4c/0x60 fs/read_write.c:620
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
write to 0xffff8880a470eb24 of 4 bytes by task 25764 on cpu 0:
iomap_dio_bio_actor+0x6dc/0x960 fs/iomap/direct-io.c:293
iomap_dio_actor+0x87/0x3a0 fs/iomap/direct-io.c:382
iomap_apply+0x20d/0x6a0 fs/iomap/apply.c:80
iomap_dio_rw+0x67e/0x9a0 fs/iomap/direct-io.c:498
ext4_dio_write_iter fs/ext4/file.c:438 [inline]
ext4_file_write_iter+0xc38/0xd40 fs/ext4/file.c:545
call_write_iter include/linux/fs.h:1902 [inline]
new_sync_write+0x388/0x4a0 fs/read_write.c:483
__vfs_write+0xb1/0xc0 fs/read_write.c:496
vfs_write fs/read_write.c:558 [inline]
vfs_write+0x18a/0x390 fs/read_write.c:542
ksys_write+0xd5/0x1b0 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x4c/0x60 fs/read_write.c:620
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25764 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 245a4300 Merge branch 'rcu/kcsan' into tip/locking/kcsan
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=17f3bad9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b9db179318d21f
dashboard link: https://syzkaller.appspot.com/bug?extid=d3a06e754793ab195f01
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [darric...@oracle.com h...@infradead.org linux-...@vger.kernel.org linux-...@vger.kernel.org linu...@vger.kernel.org el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d3a06e...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in iomap_dio_bio_actor / iomap_dio_bio_end_io
read to 0xffff8880a470eb24 of 4 bytes by interrupt on cpu 1:
iomap_dio_bio_end_io+0x4c/0x2b0 fs/iomap/direct-io.c:149
bio_endio+0x2fa/0x400 block/bio.c:1821
req_bio_endio block/blk-core.c:245 [inline]
blk_update_request+0x427/0x7b0 block/blk-core.c:1464
scsi_end_request+0x6b/0x360 drivers/scsi/scsi_lib.c:576
scsi_io_completion+0x11d/0xc80 drivers/scsi/scsi_lib.c:960
scsi_finish_command+0x283/0x380 drivers/scsi/scsi.c:228
scsi_softirq_done+0x259/0x280 drivers/scsi/scsi_lib.c:1476
blk_done_softirq+0x1eb/0x250 block/blk-softirq.c:37
__do_softirq+0x115/0x33f kernel/softirq.c:292
invoke_softirq kernel/softirq.c:373 [inline]
irq_exit+0xbb/0xe0 kernel/softirq.c:413
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
do_IRQ+0x81/0x130 arch/x86/kernel/irq.c:263
ret_from_intr+0x0/0x21
__tsan_read8+0xc8/0x100 kernel/kcsan/core.c:589
ext4_find_goal fs/ext4/indirect.c:253 [inline]
ext4_ind_map_blocks+0x4a6/0x1760 fs/ext4/indirect.c:608
ext4_map_blocks+0x660/0xff0 fs/ext4/inode.c:625
ext4_iomap_alloc fs/ext4/inode.c:3400 [inline]
ext4_iomap_begin+0x27d/0x490 fs/ext4/inode.c:3439
iomap_apply+0xdc/0x6a0 fs/iomap/apply.c:46
iomap_dio_rw+0x67e/0x9a0 fs/iomap/direct-io.c:498
ext4_dio_write_iter fs/ext4/file.c:438 [inline]
ext4_file_write_iter+0xc38/0xd40 fs/ext4/file.c:545
call_write_iter include/linux/fs.h:1902 [inline]
new_sync_write+0x388/0x4a0 fs/read_write.c:483
__vfs_write+0xb1/0xc0 fs/read_write.c:496
vfs_write fs/read_write.c:558 [inline]
vfs_write+0x18a/0x390 fs/read_write.c:542
ksys_write+0xd5/0x1b0 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x4c/0x60 fs/read_write.c:620
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
write to 0xffff8880a470eb24 of 4 bytes by task 25764 on cpu 0:
iomap_dio_bio_actor+0x6dc/0x960 fs/iomap/direct-io.c:293
iomap_dio_actor+0x87/0x3a0 fs/iomap/direct-io.c:382
iomap_apply+0x20d/0x6a0 fs/iomap/apply.c:80
iomap_dio_rw+0x67e/0x9a0 fs/iomap/direct-io.c:498
ext4_dio_write_iter fs/ext4/file.c:438 [inline]
ext4_file_write_iter+0xc38/0xd40 fs/ext4/file.c:545
call_write_iter include/linux/fs.h:1902 [inline]
new_sync_write+0x388/0x4a0 fs/read_write.c:483
__vfs_write+0xb1/0xc0 fs/read_write.c:496
vfs_write fs/read_write.c:558 [inline]
vfs_write+0x18a/0x390 fs/read_write.c:542
ksys_write+0xd5/0x1b0 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x4c/0x60 fs/read_write.c:620
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25764 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 16, 2020, 11:26:10 PM4/16/20
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages