From: Jan Kara <jack@suse.cz>
To: Hao Sun <sunhao.th@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-kernel@vger.kernel.org, jack@suse.com,
linux-ext4@vger.kernel.org, tytso@mit.edu
Subject: Re: More KCSAN data-race Reports
Date: Mon, 12 Apr 2021 13:31:58 +0200 [thread overview]
Message-ID: <20210412113158.GA4679@quack2.suse.cz> (raw)
In-Reply-To: <CACkBjsYuWeJNYTGUhBVszgiUVOrMdEZ=qcmDtEk97BEtm4ggSA@mail.gmail.com>
On Mon 12-04-21 18:42:58, Hao Sun wrote:
> Jan Kara <jack@suse.cz> 于2021年4月12日周一 下午5:02写道:
> >
> > Hello,
> >
> > On Sun 11-04-21 11:42:05, Hao Sun wrote:
> > > Since the last KCSAN report[1], I found two more KCSAN reports that
> > > Syzbot had not reported.
> > > Not sure if they are valid bugs, I hope the stack information in
> > > reports can help you locate the problem.
> > > Kernel config can be found in the attachment.
> >
> > Do we have symbolic decoding of the traces below? Because involved
> > functions are really big so it's difficult to guess what KCSAN is
> > complaining about... At least I wasn't able to guess it after looking into
> > the stacktraces for a while.
> >
> Sorry, the log processing module of Fuzzer still has some logic bugs,
> only some of the symbolized reports are stored in the disk.
> Interestingly, however, the read-write end that causes data racing in
> both reports are in the same location (fs/jbd2/commit.c:443), and this
> information should help locate the problem.
>
> Partial symbolized report 1:
> ==================================================================
> BUG: KCSAN: data-race in ext4_mark_iloc_dirty / jbd2_journal_commit_transaction
> read-write to 0xffff88804451d800 of 8 bytes by task 4821 on cpu 1:
> jbd2_journal_commit_transaction+0x222/0x3200 fs/jbd2/commit.c:443
> kjournald2+0x253/0x470 fs/jbd2/journal.c:213
> kthread+0x1f0/0x220 kernel/kthread.c:292
> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
OK, that is:
journal->j_flags |= JBD2_FULL_COMMIT_ONGOING;
So likely this is a complaint about j_flags update vs j_flags check race
(we check for JBD2_ABORT flag) all around the code.
So again this is harmless unless the compiler plays some devilish tricks
and doesn't store bogus intermediate values in j_flags during RMW
operations. Not sure how to deal with this one. Just putting data_race()
here doesn't seem right - if the compiler does something unexpected, we are
indeed in trouble. Maybe using bitops for j_flags would be beneficial for
other reasons as well as silencing KCSAN. But it needs more thought.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
prev parent reply other threads:[~2021-04-12 11:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-11 3:42 More KCSAN data-race Reports Hao Sun
2021-04-12 9:02 ` Jan Kara
2021-04-12 10:42 ` Hao Sun
2021-04-12 11:31 ` Jan Kara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210412113158.GA4679@quack2.suse.cz \
--to=jack@suse.cz \
--cc=jack@suse.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sunhao.th@gmail.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.