syzbot

 sign-in | mailing list | source | docs
🐞 Open [1222]
Subsystems
🐞 Fixed [5630]
🐞 Invalid [13644]
Missing Backports [100]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64 (2)

Status: moderation: reported on 2024/08/30 11:59
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+ced4d9a8cadb5ef3adae@syzkaller.appspotmail.com
First crash: 15d, last: 9h05m
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64 kernel 334 54d 280d 0/28 auto-obsoleted due to no activity on 2024/08/19 05:50

Sample crash report:
==================================================================
BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64

read-write to 0xffffffff866079c0 of 8 bytes by interrupt on cpu 0:
 tick_do_update_jiffies64+0x112/0x1b0 kernel/time/tick-sched.c:118
 tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
 tick_nohz_handler+0x7c/0x2d0 kernel/time/tick-sched.c:290
 __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
 __hrtimer_run_queues+0x20d/0x5e0 kernel/time/hrtimer.c:1753
 hrtimer_interrupt+0x210/0x7b0 kernel/time/hrtimer.c:1815
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x5c/0x1a0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 __sanitizer_cov_trace_pc+0x0/0x70
 kernfs_should_drain_open_files+0x71/0xb0 fs/kernfs/file.c:786
 kernfs_drain+0x94/0x1e0 fs/kernfs/dir.c:494
 __kernfs_remove+0x251/0x480 fs/kernfs/dir.c:1486
 kernfs_remove+0x4e/0x70 fs/kernfs/dir.c:1528
 sysfs_remove_dir+0x7e/0xa0 fs/sysfs/dir.c:101
 __kobject_del+0x9d/0x1a0 lib/kobject.c:604
 kobject_del+0x2e/0x50 lib/kobject.c:627
 device_del+0x70f/0x780 drivers/base/core.c:3891
 netdev_unregister_kobject+0x10c/0x120 net/core/net-sysfs.c:2108
 unregister_netdevice_many_notify+0xd21/0x1110 net/core/dev.c:11386
 unregister_netdevice_many+0x19/0x20 net/core/dev.c:11414
 cleanup_net+0x417/0x840 net/core/net_namespace.c:635
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3312
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3393
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

read to 0xffffffff866079c0 of 8 bytes by task 5155 on cpu 1:
 mem_cgroup_flush_stats_ratelimited+0x29/0x100 mm/memcontrol.c:605
 count_shadow_nodes+0x6b/0x230 mm/workingset.c:693
 do_shrink_slab+0x5a/0x680 mm/shrinker.c:382
 shrink_slab_memcg mm/shrinker.c:548 [inline]
 shrink_slab+0x4ea/0x850 mm/shrinker.c:626
 shrink_node_memcgs mm/vmscan.c:5890 [inline]
 shrink_node+0x64f/0x1d40 mm/vmscan.c:5928
 shrink_zones mm/vmscan.c:6172 [inline]
 do_try_to_free_pages+0x3c6/0xc50 mm/vmscan.c:6234
 try_to_free_mem_cgroup_pages+0x1f3/0x4f0 mm/vmscan.c:6566
 try_charge_memcg+0x2bc/0x810 mm/memcontrol.c:2210
 obj_cgroup_charge_pages+0xbd/0x1a0 mm/memcontrol.c:2660
 __memcg_kmem_charge_page+0x9d/0x170 mm/memcontrol.c:2687
 __alloc_pages_noprof+0x1bc/0x360 mm/page_alloc.c:4719
 alloc_pages_mpol_noprof+0xb1/0x1e0 mm/mempolicy.c:2263
 alloc_pages_noprof+0xe1/0x100 mm/mempolicy.c:2343
 vm_area_alloc_pages mm/vmalloc.c:3587 [inline]
 __vmalloc_area_node mm/vmalloc.c:3656 [inline]
 __vmalloc_node_range_noprof+0x736/0xec0 mm/vmalloc.c:3837
 __kvmalloc_node_noprof+0x121/0x170 mm/util.c:675
 ip_set_alloc+0x1f/0x30 net/netfilter/ipset/ip_set_core.c:256
 hash_netiface_create+0x273/0x730 net/netfilter/ipset/ip_set_hash_gen.h:1568
 ip_set_create+0x359/0x8a0 net/netfilter/ipset/ip_set_core.c:1104
 nfnetlink_rcv_msg+0x4a9/0x570 net/netfilter/nfnetlink.c:302
 netlink_rcv_skb+0x12c/0x230 net/netlink/af_netlink.c:2550
 nfnetlink_rcv+0x16c/0x15e0 net/netfilter/nfnetlink.c:667
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0x599/0x670 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x5cc/0x6e0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x140/0x180 net/socket.c:745
 ____sys_sendmsg+0x312/0x410 net/socket.c:2597
 ___sys_sendmsg net/socket.c:2651 [inline]
 __sys_sendmsg+0x1e9/0x280 net/socket.c:2680
 __do_sys_sendmsg net/socket.c:2689 [inline]
 __se_sys_sendmsg net/socket.c:2687 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2687
 x64_sys_call+0x2689/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffa39f -> 0x00000000ffffa3a0

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5155 Comm: +}[@ Not tainted 6.11.0-rc7-syzkaller-00135-gb7718454f937 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
==================================================================

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/14 12:46 upstream b7718454f937 c7e35043 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/09/08 00:22 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/09/07 06:52 upstream b31c44928842 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/09/07 02:31 upstream b831f83e40a2 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/09/07 02:26 upstream b831f83e40a2 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/09/06 13:45 upstream b831f83e40a2 464ac2ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/09/02 09:21 upstream c9f016e72b5c 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/09/01 09:29 upstream e8784b0aef62 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/08/31 12:29 upstream 1934261d8974 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
2024/08/30 11:58 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
* Struck through repros no longer work on HEAD.