syzbot

 sign-in | mailing list | source | docs
🐞 Open [1645]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __es_shrink / __es_shrink (6)

Status: auto-closed as invalid on 2022/01/22 23:41
Subsystems: ext4
[Documentation on labels]
First crash: 1136d, last: 1136d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __es_shrink / __es_shrink (3) ext4 1 1623d 1623d 0/28 auto-closed as invalid on 2020/09/24 09:46
upstream KCSAN: data-race in __es_shrink / __es_shrink (7) ext4 1 601d 601d 0/28 auto-obsoleted due to no activity on 2023/07/12 12:07
upstream KCSAN: data-race in __es_shrink / __es_shrink (5) ext4 3 1389d 1407d 0/28 auto-closed as invalid on 2021/05/15 19:41
upstream KCSAN: data-race in __es_shrink / __es_shrink ext4 1 1917d 1917d 0/28 closed as invalid on 2019/11/19 13:24
upstream KCSAN: data-race in __es_shrink / __es_shrink (4) ext4 15 1453d 1513d 0/28 auto-closed as invalid on 2021/03/12 08:35
upstream KCSAN: data-race in __es_shrink / __es_shrink (2) ext4 3 1764d 1837d 0/28 auto-closed as invalid on 2020/06/09 01:45

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __es_shrink / __es_shrink

read to 0xffff888103648580 of 8 bytes by task 32095 on cpu 1:
 __es_shrink+0x378/0x580 fs/ext4/extents_status.c:1536
 ext4_es_scan+0x7d/0x220 fs/ext4/extents_status.c:1577
 do_shrink_slab+0x2ae/0x600 mm/vmscan.c:773
 shrink_slab+0xea/0x1c0 mm/vmscan.c:933
 shrink_node_memcgs+0x27a/0x410 mm/vmscan.c:3131
 shrink_node+0x8f6/0x1190 mm/vmscan.c:3252
 shrink_zones+0x2c7/0x5b0 mm/vmscan.c:3485
 do_try_to_free_pages+0x193/0x6c0 mm/vmscan.c:3541
 try_to_free_pages+0x3a5/0x8b0 mm/vmscan.c:3776
 __perform_reclaim mm/page_alloc.c:4588 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4609 [inline]
 __alloc_pages_slowpath+0x595/0xa60 mm/page_alloc.c:5007
 __alloc_pages+0x255/0x330 mm/page_alloc.c:5382
 alloc_pages+0x382/0x3d0
 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline]
 pte_alloc_one+0x29/0xb0 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x2f/0x200 mm/memory.c:464
 copy_pte_range+0x12c3/0x1730 mm/memory.c:1024
 copy_pmd_range mm/memory.c:1159 [inline]
 copy_pud_range mm/memory.c:1196 [inline]
 copy_p4d_range mm/memory.c:1220 [inline]
 copy_page_range+0x5ea/0x8f0 mm/memory.c:1293
 dup_mmap+0x6eb/0xa60 kernel/fork.c:609
 dup_mm+0x7c/0x210 kernel/fork.c:1450
 copy_mm kernel/fork.c:1502 [inline]
 copy_process+0x1531/0x2fd0 kernel/fork.c:2191
 kernel_clone+0x15c/0x6a0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0xc6/0xf0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

write to 0xffff888103648580 of 8 bytes by task 27685 on cpu 0:
 __es_shrink+0x3a6/0x580
 ext4_es_scan+0x7d/0x220 fs/ext4/extents_status.c:1577
 do_shrink_slab+0x2ae/0x600 mm/vmscan.c:773
 shrink_slab+0xea/0x1c0 mm/vmscan.c:933
 shrink_node_memcgs+0x27a/0x410 mm/vmscan.c:3131
 shrink_node+0x8f6/0x1190 mm/vmscan.c:3252
 shrink_zones+0x2c7/0x5b0 mm/vmscan.c:3485
 do_try_to_free_pages+0x193/0x6c0 mm/vmscan.c:3541
 try_to_free_pages+0x3a5/0x8b0 mm/vmscan.c:3776
 __perform_reclaim mm/page_alloc.c:4588 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4609 [inline]
 __alloc_pages_slowpath+0x595/0xa60 mm/page_alloc.c:5007
 __alloc_pages+0x255/0x330 mm/page_alloc.c:5382
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 kmem_getpages+0x1a/0xd0 mm/slab.c:1377
 cache_grow_begin+0x4c/0x1a0 mm/slab.c:2593
 fallback_alloc+0x124/0x1e0 mm/slab.c:3140
 __do_cache_alloc mm/slab.c:3282 [inline]
 slab_alloc mm/slab.c:3316 [inline]
 kmem_cache_alloc+0x174/0x320 mm/slab.c:3507
 vm_area_dup kernel/fork.c:356 [inline]
 dup_mmap+0x40e/0xa60 kernel/fork.c:551
 dup_mm+0x7c/0x210 kernel/fork.c:1450
 copy_mm kernel/fork.c:1502 [inline]
 copy_process+0x1531/0x2fd0 kernel/fork.c:2191
 kernel_clone+0x15c/0x6a0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0xc6/0xf0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x000000000000010c -> 0x0000000000000107

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 27685 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/12/18 23:33 upstream 9eaa88c7036e 44068e19 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __es_shrink / __es_shrink
* Struck through repros no longer work on HEAD.