[moderation] [ext4?] KCSAN: data-race in pollwake / pollwake (4)
3 views
Skip to first unread message
syzbot
Dec 7, 2023, 7:04:28 PM12/7/23
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bee0e7762ad2 Merge tag 'for-linus-iommufd' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d6743ce80000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac34c1f29a8029df
dashboard link: https://syzkaller.appspot.com/bug?extid=0024ce1f784a1428a2d4
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [adilger...@dilger.ca linux...@vger.kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org ty...@mit.edu]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/233be5f65dd2/disk-bee0e776.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/94423738a289/vmlinux-bee0e776.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0b977463fa9a/bzImage-bee0e776.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0024ce...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in pollwake / pollwake
write to 0xffffc900009bfc30 of 4 bytes by interrupt on cpu 1:
__pollwake fs/select.c:198 [inline]
pollwake+0xbe/0x110 fs/select.c:218
__wake_up_common kernel/sched/wait.c:89 [inline]
__wake_up_common_lock kernel/sched/wait.c:106 [inline]
__wake_up_sync_key+0x50/0x80 kernel/sched/wait.c:173
sock_def_readable+0x70/0x1b0 net/core/sock.c:3338
tcp_data_ready+0x1aa/0x280 net/ipv4/tcp_input.c:5128
tcp_data_queue+0x11c9/0x2d70 net/ipv4/tcp_input.c:5208
tcp_rcv_established+0x8fc/0xef0 net/ipv4/tcp_input.c:6155
tcp_v4_do_rcv+0x2d4/0x630 net/ipv4/tcp_ipv4.c:1906
tcp_v4_rcv+0x1aae/0x1d40 net/ipv4/tcp_ipv4.c:2329
ip_protocol_deliver_rcu+0x356/0x6d0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x13c/0x1a0 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0xec/0x1c0 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:461 [inline]
ip_sublist_rcv_finish net/ipv4/ip_input.c:580 [inline]
ip_list_rcv_finish net/ipv4/ip_input.c:631 [inline]
ip_sublist_rcv+0x4f0/0x5c0 net/ipv4/ip_input.c:639
ip_list_rcv+0x25e/0x290 net/ipv4/ip_input.c:674
__netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]
__netif_receive_skb_list_core+0x356/0x460 net/core/dev.c:5620
__netif_receive_skb_list net/core/dev.c:5672 [inline]
netif_receive_skb_list_internal+0x4e6/0x660 net/core/dev.c:5763
gro_normal_list include/net/gro.h:439 [inline]
napi_complete_done+0x1cb/0x450 net/core/dev.c:6103
virtqueue_napi_complete drivers/net/virtio_net.c:440 [inline]
virtnet_poll+0x7c0/0xae0 drivers/net/virtio_net.c:2158
__napi_poll+0x60/0x3b0 net/core/dev.c:6533
napi_poll net/core/dev.c:6602 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6735
__do_softirq+0xc4/0x279 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0x3b/0x90 kernel/softirq.c:644
common_interrupt+0x7f/0x90 arch/x86/kernel/irq.c:247
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:636
kcsan_setup_watchpoint+0x3fe/0x410 kernel/kcsan/core.c:705
crc32_body lib/crc32.c:110 [inline]
crc32_le_generic lib/crc32.c:179 [inline]
__crc32c_le_base+0x10e/0x520 lib/crc32.c:201
chksum_update+0x32/0x50 crypto/crc32c_generic.c:88
crypto_shash_update+0x46/0x50 crypto/shash.c:74
ext4_chksum fs/ext4/ext4.h:2474 [inline]
ext4_block_bitmap_csum_set+0x13e/0x250 fs/ext4/bitmap.c:91
ext4_mb_mark_context+0x716/0x9b0 fs/ext4/mballoc.c:4019
ext4_mb_clear_bb fs/ext4/mballoc.c:6437 [inline]
ext4_free_blocks+0x7ed/0x1350 fs/ext4/mballoc.c:6615
ext4_remove_blocks fs/ext4/extents.c:2545 [inline]
ext4_ext_rm_leaf fs/ext4/extents.c:2710 [inline]
ext4_ext_remove_space+0x16ba/0x2c80 fs/ext4/extents.c:2958
ext4_ext_truncate+0xc4/0x140 fs/ext4/extents.c:4408
ext4_truncate+0x775/0xb10 fs/ext4/inode.c:4169
ext4_evict_inode+0x8b3/0xdc0 fs/ext4/inode.c:258
evict+0x1aa/0x410 fs/inode.c:666
iput_final fs/inode.c:1777 [inline]
iput+0x42c/0x5b0 fs/inode.c:1803
d_delete_notify include/linux/fsnotify.h:262 [inline]
vfs_rmdir+0x274/0x2f0 fs/namei.c:4202
do_rmdir+0x194/0x320 fs/namei.c:4248
__do_sys_unlinkat fs/namei.c:4424 [inline]
__se_sys_unlinkat fs/namei.c:4418 [inline]
__x64_sys_unlinkat+0xa4/0xb0 fs/namei.c:4418
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
write to 0xffffc900009bfc30 of 4 bytes by task 4104 on cpu 0:
__pollwake fs/select.c:198 [inline]
pollwake+0xbe/0x110 fs/select.c:218
__wake_up_common kernel/sched/wait.c:89 [inline]
__wake_up_common_lock kernel/sched/wait.c:106 [inline]
__wake_up_sync_key+0x50/0x80 kernel/sched/wait.c:173
pipe_write+0x962/0xd20 fs/pipe.c:605
call_write_iter include/linux/fs.h:2020 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x48a/0x790 fs/read_write.c:584
ksys_write+0xeb/0x1a0 fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__x64_sys_write+0x42/0x50 fs/read_write.c:646
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x00000000 -> 0x00000001
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 4104 Comm: syz-fuzzer Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bee0e7762ad2 Merge tag 'for-linus-iommufd' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d6743ce80000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac34c1f29a8029df
dashboard link: https://syzkaller.appspot.com/bug?extid=0024ce1f784a1428a2d4
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [adilger...@dilger.ca linux...@vger.kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org ty...@mit.edu]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/233be5f65dd2/disk-bee0e776.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/94423738a289/vmlinux-bee0e776.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0b977463fa9a/bzImage-bee0e776.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0024ce...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in pollwake / pollwake
write to 0xffffc900009bfc30 of 4 bytes by interrupt on cpu 1:
__pollwake fs/select.c:198 [inline]
pollwake+0xbe/0x110 fs/select.c:218
__wake_up_common kernel/sched/wait.c:89 [inline]
__wake_up_common_lock kernel/sched/wait.c:106 [inline]
__wake_up_sync_key+0x50/0x80 kernel/sched/wait.c:173
sock_def_readable+0x70/0x1b0 net/core/sock.c:3338
tcp_data_ready+0x1aa/0x280 net/ipv4/tcp_input.c:5128
tcp_data_queue+0x11c9/0x2d70 net/ipv4/tcp_input.c:5208
tcp_rcv_established+0x8fc/0xef0 net/ipv4/tcp_input.c:6155
tcp_v4_do_rcv+0x2d4/0x630 net/ipv4/tcp_ipv4.c:1906
tcp_v4_rcv+0x1aae/0x1d40 net/ipv4/tcp_ipv4.c:2329
ip_protocol_deliver_rcu+0x356/0x6d0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x13c/0x1a0 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0xec/0x1c0 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:461 [inline]
ip_sublist_rcv_finish net/ipv4/ip_input.c:580 [inline]
ip_list_rcv_finish net/ipv4/ip_input.c:631 [inline]
ip_sublist_rcv+0x4f0/0x5c0 net/ipv4/ip_input.c:639
ip_list_rcv+0x25e/0x290 net/ipv4/ip_input.c:674
__netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]
__netif_receive_skb_list_core+0x356/0x460 net/core/dev.c:5620
__netif_receive_skb_list net/core/dev.c:5672 [inline]
netif_receive_skb_list_internal+0x4e6/0x660 net/core/dev.c:5763
gro_normal_list include/net/gro.h:439 [inline]
napi_complete_done+0x1cb/0x450 net/core/dev.c:6103
virtqueue_napi_complete drivers/net/virtio_net.c:440 [inline]
virtnet_poll+0x7c0/0xae0 drivers/net/virtio_net.c:2158
__napi_poll+0x60/0x3b0 net/core/dev.c:6533
napi_poll net/core/dev.c:6602 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6735
__do_softirq+0xc4/0x279 kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0x3b/0x90 kernel/softirq.c:644
common_interrupt+0x7f/0x90 arch/x86/kernel/irq.c:247
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:636
kcsan_setup_watchpoint+0x3fe/0x410 kernel/kcsan/core.c:705
crc32_body lib/crc32.c:110 [inline]
crc32_le_generic lib/crc32.c:179 [inline]
__crc32c_le_base+0x10e/0x520 lib/crc32.c:201
chksum_update+0x32/0x50 crypto/crc32c_generic.c:88
crypto_shash_update+0x46/0x50 crypto/shash.c:74
ext4_chksum fs/ext4/ext4.h:2474 [inline]
ext4_block_bitmap_csum_set+0x13e/0x250 fs/ext4/bitmap.c:91
ext4_mb_mark_context+0x716/0x9b0 fs/ext4/mballoc.c:4019
ext4_mb_clear_bb fs/ext4/mballoc.c:6437 [inline]
ext4_free_blocks+0x7ed/0x1350 fs/ext4/mballoc.c:6615
ext4_remove_blocks fs/ext4/extents.c:2545 [inline]
ext4_ext_rm_leaf fs/ext4/extents.c:2710 [inline]
ext4_ext_remove_space+0x16ba/0x2c80 fs/ext4/extents.c:2958
ext4_ext_truncate+0xc4/0x140 fs/ext4/extents.c:4408
ext4_truncate+0x775/0xb10 fs/ext4/inode.c:4169
ext4_evict_inode+0x8b3/0xdc0 fs/ext4/inode.c:258
evict+0x1aa/0x410 fs/inode.c:666
iput_final fs/inode.c:1777 [inline]
iput+0x42c/0x5b0 fs/inode.c:1803
d_delete_notify include/linux/fsnotify.h:262 [inline]
vfs_rmdir+0x274/0x2f0 fs/namei.c:4202
do_rmdir+0x194/0x320 fs/namei.c:4248
__do_sys_unlinkat fs/namei.c:4424 [inline]
__se_sys_unlinkat fs/namei.c:4418 [inline]
__x64_sys_unlinkat+0xa4/0xb0 fs/namei.c:4418
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
write to 0xffffc900009bfc30 of 4 bytes by task 4104 on cpu 0:
__pollwake fs/select.c:198 [inline]
pollwake+0xbe/0x110 fs/select.c:218
__wake_up_common kernel/sched/wait.c:89 [inline]
__wake_up_common_lock kernel/sched/wait.c:106 [inline]
__wake_up_sync_key+0x50/0x80 kernel/sched/wait.c:173
pipe_write+0x962/0xd20 fs/pipe.c:605
call_write_iter include/linux/fs.h:2020 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x48a/0x790 fs/read_write.c:584
ksys_write+0xeb/0x1a0 fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__x64_sys_write+0x42/0x50 fs/read_write.c:646
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x00000000 -> 0x00000001
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 4104 Comm: syz-fuzzer Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages