syzbot

 sign-in | mailing list | source | docs
🐞 Open [1609]
Subsystems
🐞 Fixed [6300]
🐞 Invalid [16051]
Missing Backports [190]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __mem_cgroup_flush_stats / tick_do_update_jiffies64 (2)

Status: moderation: reported on 2025/06/19 00:24
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+794bb8bc31fe2c876f17@syzkaller.appspotmail.com
First crash: 11h24m, last: 11h24m
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __mem_cgroup_flush_stats / tick_do_update_jiffies64 kernel 1 198d 198d 0/29 auto-obsoleted due to no activity on 2025/01/28 07:00

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __mem_cgroup_flush_stats / tick_do_update_jiffies64

read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 __sanitizer_cov_trace_pc+0x5d/0x70 kernel/kcov.c:233
 arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline]
 trace_sock_recv_length_enabled include/trace/events/sock.h:304 [inline]
 sock_recvmsg_nosec+0x6b/0x130 net/socket.c:1021
 ____sys_recvmsg+0x26f/0x280 net/socket.c:2784
 ___sys_recvmsg+0x11f/0x370 net/socket.c:2828
 do_recvmmsg+0x1ef/0x540 net/socket.c:2923
 __sys_recvmmsg net/socket.c:2997 [inline]
 __do_sys_recvmmsg net/socket.c:3020 [inline]
 __se_sys_recvmmsg net/socket.c:3013 [inline]
 __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3013
 x64_sys_call+0x1c6a/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff868099c0 of 8 bytes by task 3448 on cpu 1:
 __mem_cgroup_flush_stats+0x91/0x150 mm/memcontrol.c:611
 flush_memcg_stats_dwork+0x21/0x50 mm/memcontrol.c:649
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000ffffe3b9 -> 0x00000000ffffe3ba

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3448 Comm: kworker/u8:7 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound flush_memcg_stats_dwork
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/19 00:23 upstream 52da431bf03b ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mem_cgroup_flush_stats / tick_do_update_jiffies64
* Struck through repros no longer work on HEAD.