syzbot

 sign-in | mailing list | source | docs
🐞 Open [1141] 🐞 Fixed [4217] 🐞 Invalid [9352] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in __es_shrink / __es_shrink (6)

Status: auto-closed as invalid on 2022/01/22 23:41
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 353d, last: 353d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __es_shrink / __es_shrink (3) 1 840d 840d 0/24 auto-closed as invalid on 2020/09/24 09:46
upstream KCSAN: data-race in __es_shrink / __es_shrink (5) 3 606d 624d 0/24 auto-closed as invalid on 2021/05/15 19:41
upstream KCSAN: data-race in __es_shrink / __es_shrink 1 1134d 1134d 0/24 closed as invalid on 2019/11/19 13:24
upstream KCSAN: data-race in __es_shrink / __es_shrink (4) 15 670d 730d 0/24 auto-closed as invalid on 2021/03/12 08:35
upstream KCSAN: data-race in __es_shrink / __es_shrink (2) 3 981d 1054d 0/24 auto-closed as invalid on 2020/06/09 01:45

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __es_shrink / __es_shrink

read to 0xffff888103648580 of 8 bytes by task 32095 on cpu 1:
 __es_shrink+0x378/0x580 fs/ext4/extents_status.c:1536
 ext4_es_scan+0x7d/0x220 fs/ext4/extents_status.c:1577
 do_shrink_slab+0x2ae/0x600 mm/vmscan.c:773
 shrink_slab+0xea/0x1c0 mm/vmscan.c:933
 shrink_node_memcgs+0x27a/0x410 mm/vmscan.c:3131
 shrink_node+0x8f6/0x1190 mm/vmscan.c:3252
 shrink_zones+0x2c7/0x5b0 mm/vmscan.c:3485
 do_try_to_free_pages+0x193/0x6c0 mm/vmscan.c:3541
 try_to_free_pages+0x3a5/0x8b0 mm/vmscan.c:3776
 __perform_reclaim mm/page_alloc.c:4588 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4609 [inline]
 __alloc_pages_slowpath+0x595/0xa60 mm/page_alloc.c:5007
 __alloc_pages+0x255/0x330 mm/page_alloc.c:5382
 alloc_pages+0x382/0x3d0
 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline]
 pte_alloc_one+0x29/0xb0 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x2f/0x200 mm/memory.c:464
 copy_pte_range+0x12c3/0x1730 mm/memory.c:1024
 copy_pmd_range mm/memory.c:1159 [inline]
 copy_pud_range mm/memory.c:1196 [inline]
 copy_p4d_range mm/memory.c:1220 [inline]
 copy_page_range+0x5ea/0x8f0 mm/memory.c:1293
 dup_mmap+0x6eb/0xa60 kernel/fork.c:609
 dup_mm+0x7c/0x210 kernel/fork.c:1450
 copy_mm kernel/fork.c:1502 [inline]
 copy_process+0x1531/0x2fd0 kernel/fork.c:2191
 kernel_clone+0x15c/0x6a0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0xc6/0xf0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

write to 0xffff888103648580 of 8 bytes by task 27685 on cpu 0:
 __es_shrink+0x3a6/0x580
 ext4_es_scan+0x7d/0x220 fs/ext4/extents_status.c:1577
 do_shrink_slab+0x2ae/0x600 mm/vmscan.c:773
 shrink_slab+0xea/0x1c0 mm/vmscan.c:933
 shrink_node_memcgs+0x27a/0x410 mm/vmscan.c:3131
 shrink_node+0x8f6/0x1190 mm/vmscan.c:3252
 shrink_zones+0x2c7/0x5b0 mm/vmscan.c:3485
 do_try_to_free_pages+0x193/0x6c0 mm/vmscan.c:3541
 try_to_free_pages+0x3a5/0x8b0 mm/vmscan.c:3776
 __perform_reclaim mm/page_alloc.c:4588 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4609 [inline]
 __alloc_pages_slowpath+0x595/0xa60 mm/page_alloc.c:5007
 __alloc_pages+0x255/0x330 mm/page_alloc.c:5382
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 kmem_getpages+0x1a/0xd0 mm/slab.c:1377
 cache_grow_begin+0x4c/0x1a0 mm/slab.c:2593
 fallback_alloc+0x124/0x1e0 mm/slab.c:3140
 __do_cache_alloc mm/slab.c:3282 [inline]
 slab_alloc mm/slab.c:3316 [inline]
 kmem_cache_alloc+0x174/0x320 mm/slab.c:3507
 vm_area_dup kernel/fork.c:356 [inline]
 dup_mmap+0x40e/0xa60 kernel/fork.c:551
 dup_mm+0x7c/0x210 kernel/fork.c:1450
 copy_mm kernel/fork.c:1502 [inline]
 copy_process+0x1531/0x2fd0 kernel/fork.c:2191
 kernel_clone+0x15c/0x6a0 kernel/fork.c:2582
 __do_sys_clone kernel/fork.c:2699 [inline]
 __se_sys_clone kernel/fork.c:2683 [inline]
 __x64_sys_clone+0xc6/0xf0 kernel/fork.c:2683
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x000000000000010c -> 0x0000000000000107

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 27685 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/12/18 23:33 upstream 9eaa88c7036e 44068e19 .config log report info KCSAN: data-race in __es_shrink / __es_shrink
* Struck through repros no longer work on HEAD.