syzbot

 sign-in | mailing list | source | docs
🐞 Open [1256]
Subsystems
🐞 Fixed [5698]
🐞 Invalid [13885]
Missing Backports [96]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __delete_from_swap_cache / folio_mapping (4)

Status: auto-obsoleted due to no activity on 2024/09/17 23:01
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+d4866c171a234211e4a7@syzkaller.appspotmail.com
First crash: 123d, last: 53d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __delete_from_swap_cache / folio_mapping mm 2 290d 299d 0/28 auto-obsoleted due to no activity on 2024/01/24 15:33
upstream KCSAN: data-race in __delete_from_swap_cache / folio_mapping (2) mm 2 235d 248d 0/28 auto-obsoleted due to no activity on 2024/03/19 16:43
upstream KCSAN: data-race in __delete_from_swap_cache / folio_mapping (3) mm 1 187d 186d 0/28 auto-obsoleted due to no activity on 2024/05/06 15:11

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __delete_from_swap_cache / folio_mapping

write to 0xffffea0005008c28 of 8 bytes by task 9672 on cpu 1:
 __delete_from_swap_cache+0x1f0/0x290 mm/swap_state.c:163
 delete_from_swap_cache+0x72/0xe0 mm/swap_state.c:243
 folio_free_swap+0x19f/0x1c0 mm/swapfile.c:1631
 free_swap_cache mm/swap_state.c:293 [inline]
 free_pages_and_swap_cache+0x1f7/0x410 mm/swap_state.c:325
 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu+0x2cf/0x440 mm/mmu_gather.c:373
 tlb_finish_mmu+0x8c/0x100 mm/mmu_gather.c:465
 zap_page_range_single+0x27e/0x2f0 mm/memory.c:1934
 madvise_dontneed_single_vma mm/madvise.c:846 [inline]
 madvise_dontneed_free mm/madvise.c:927 [inline]
 madvise_vma_behavior mm/madvise.c:1046 [inline]
 madvise_walk_vmas mm/madvise.c:1271 [inline]
 do_madvise+0xfaa/0x2620 mm/madvise.c:1467
 __do_sys_madvise mm/madvise.c:1484 [inline]
 __se_sys_madvise mm/madvise.c:1482 [inline]
 __x64_sys_madvise+0x61/0x70 mm/madvise.c:1482
 x64_sys_call+0x2320/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:29
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffea0005008c28 of 8 bytes by task 9673 on cpu 0:
 folio_mapping+0xd2/0x110 mm/util.c:813
 folio_evictable mm/internal.h:370 [inline]
 lru_add_fn+0x89/0x440 mm/swap.c:183
 folio_batch_move_lru+0x15f/0x230 mm/swap.c:215
 folio_batch_add_and_move mm/swap.c:231 [inline]
 folio_add_lru+0x13e/0x1f0 mm/swap.c:526
 folio_putback_lru mm/vmscan.c:838 [inline]
 reclaim_folio_list+0x145/0x1e0 mm/vmscan.c:2144
 reclaim_pages+0x215/0x270 mm/vmscan.c:2176
 madvise_cold_or_pageout_pte_range+0xe49/0xec0 mm/madvise.c:550
 walk_pmd_range mm/pagewalk.c:104 [inline]
 walk_pud_range mm/pagewalk.c:176 [inline]
 walk_p4d_range mm/pagewalk.c:209 [inline]
 walk_pgd_range+0x807/0xee0 mm/pagewalk.c:244
 __walk_page_range+0xc5/0x330 mm/pagewalk.c:346
 walk_page_range+0x395/0x4e0 mm/pagewalk.c:472
 madvise_pageout_page_range mm/madvise.c:609 [inline]
 madvise_pageout mm/madvise.c:636 [inline]
 madvise_vma_behavior mm/madvise.c:1042 [inline]
 madvise_walk_vmas mm/madvise.c:1271 [inline]
 do_madvise+0x1a3e/0x2620 mm/madvise.c:1467
 __do_sys_madvise mm/madvise.c:1484 [inline]
 __se_sys_madvise mm/madvise.c:1482 [inline]
 __x64_sys_madvise+0x61/0x70 mm/madvise.c:1482
 x64_sys_call+0x2320/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:29
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000339 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 9673 Comm: syz.1.1915 Not tainted 6.11.0-rc3-syzkaller-00010-g6b4aa469f049 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
==================================================================

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/13 23:00 upstream 6b4aa469f049 f21a18ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
2024/07/21 08:30 upstream 3c3ff7be9729 b88348e9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
2024/07/19 22:18 upstream 4305ca0087dd 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
2024/07/11 11:24 upstream 9d9a2f29aefd c699c2eb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
2024/06/27 08:31 upstream afcd48134c58 6ef39602 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
2024/06/10 06:59 upstream 83a7eefedc9b 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
2024/06/08 04:40 upstream 96e09b8f8166 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
2024/06/04 14:06 upstream 2ab795141095 11f2afa5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __delete_from_swap_cache / folio_mapping
* Struck through repros no longer work on HEAD.