syzbot

 sign-in | mailing list | source | docs
🐞 Open [1217]
Subsystems
🐞 Fixed [5619]
🐞 Invalid [13498]
Missing Backports [100]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in mlock_folio / need_mlock_drain (6)

Status: moderation: reported on 2024/07/15 10:41
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+8c752dc4d5931f95802c@syzkaller.appspotmail.com
First crash: 54d, last: 8d11h
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in mlock_folio / need_mlock_drain (5) mm 1 93d 93d 0/27 auto-obsoleted due to no activity on 2024/07/11 10:01
upstream KCSAN: data-race in mlock_folio / need_mlock_drain (2) mm 1 387d 387d 0/27 auto-obsoleted due to no activity on 2023/09/21 20:14
upstream KCSAN: data-race in mlock_folio / need_mlock_drain (3) mm 1 256d 256d 0/27 auto-obsoleted due to no activity on 2024/01/30 08:30
upstream KCSAN: data-race in mlock_folio / need_mlock_drain (4) mm 1 137d 137d 0/27 auto-obsoleted due to no activity on 2024/05/28 09:55
upstream KCSAN: data-race in mlock_folio / need_mlock_drain mm 2 424d 425d 0/27 auto-obsoleted due to no activity on 2023/08/15 13:37

Sample crash report:
EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
==================================================================
BUG: KCSAN: data-race in mlock_folio / need_mlock_drain

read-write to 0xffff888237d2b370 of 1 bytes by task 3557 on cpu 1:
 folio_batch_add include/linux/pagevec.h:77 [inline]
 mlock_folio+0x136/0x210 mm/mlock.c:257
 mlock_vma_folio mm/internal.h:895 [inline]
 __folio_add_file_rmap mm/rmap.c:1470 [inline]
 folio_add_file_rmap_ptes+0x1c2/0x1d0 mm/rmap.c:1487
 set_pte_range+0x206/0x430 mm/memory.c:4804
 filemap_map_order0_folio mm/filemap.c:3594 [inline]
 filemap_map_pages+0x643/0x9f0 mm/filemap.c:3644
 do_fault_around mm/memory.c:5019 [inline]
 do_read_fault mm/memory.c:5052 [inline]
 do_fault mm/memory.c:5191 [inline]
 do_pte_missing mm/memory.c:3947 [inline]
 handle_pte_fault mm/memory.c:5521 [inline]
 __handle_mm_fault mm/memory.c:5664 [inline]
 handle_mm_fault+0x1130/0x2a30 mm/memory.c:5832
 faultin_page mm/gup.c:1194 [inline]
 __get_user_pages+0x499/0x10d0 mm/gup.c:1493
 populate_vma_page_range mm/gup.c:1932 [inline]
 __mm_populate+0x25b/0x3b0 mm/gup.c:2035
 mm_populate include/linux/mm.h:3426 [inline]
 __do_sys_mlockall mm/mlock.c:766 [inline]
 __se_sys_mlockall+0x2c5/0x370 mm/mlock.c:742
 __x64_sys_mlockall+0x1f/0x30 mm/mlock.c:742
 x64_sys_call+0x1e3a/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:152
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888237d2b370 of 1 bytes by task 3260 on cpu 0:
 folio_batch_count include/linux/pagevec.h:56 [inline]
 need_mlock_drain+0x30/0x50 mm/mlock.c:235
 cpu_needs_drain mm/swap.c:824 [inline]
 __lru_add_drain_all+0x235/0x410 mm/swap.c:912
 lru_add_drain_all+0x10/0x20 mm/swap.c:928
 invalidate_bdev+0x47/0x70 block/bdev.c:100
 ext4_put_super+0x571/0x840 fs/ext4/super.c:1348
 generic_shutdown_super+0xde/0x210 fs/super.c:642
 kill_block_super+0x2a/0x70 fs/super.c:1696
 ext4_kill_sb+0x44/0x80 fs/ext4/super.c:7289
 deactivate_locked_super+0x7d/0x1c0 fs/super.c:473
 deactivate_super+0x9f/0xb0 fs/super.c:506
 cleanup_mnt+0x268/0x2e0 fs/namespace.c:1373
 __cleanup_mnt+0x19/0x20 fs/namespace.c:1380
 task_work_run+0x13a/0x1a0 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xbe/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3260 Comm: syz-executor Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
==================================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/30 11:57 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mlock_folio / need_mlock_drain
2024/08/01 11:27 upstream 21b136cc63d2 1e9c4cf3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mlock_folio / need_mlock_drain
2024/07/29 09:22 upstream 8400291e289e 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mlock_folio / need_mlock_drain
2024/07/28 14:19 upstream 5437f30d3458 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mlock_folio / need_mlock_drain
2024/07/15 10:40 upstream 0c3836482481 c605e6a2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mlock_folio / need_mlock_drain
* Struck through repros no longer work on HEAD.