syzbot

 sign-in | mailing list | source | docs
🐞 Open [1082] 🐞 Fixed [4184] 🐞 Invalid [9310] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in drain_all_stock / obj_cgroup_uncharge_pages (2)

Status: auto-closed as invalid on 2022/01/27 23:42
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 347d, last: 337d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in drain_all_stock / obj_cgroup_uncharge_pages 1 405d 405d 0/24 auto-closed as invalid on 2021/11/21 07:08
upstream KCSAN: data-race in drain_all_stock / obj_cgroup_uncharge_pages (3) 3 233d 269d 0/24 auto-closed as invalid on 2022/05/12 02:32

Sample crash report:
==================================================================
BUG: KCSAN: data-race in drain_all_stock / obj_cgroup_uncharge_pages

write to 0xffff888237c28138 of 4 bytes by interrupt on cpu 0:
 refill_stock mm/memcontrol.c:2215 [inline]
 obj_cgroup_uncharge_pages+0x169/0x240 mm/memcontrol.c:2984
 refill_obj_stock+0x15f/0x220 mm/memcontrol.c:3234
 obj_cgroup_uncharge+0xa/0x10 mm/memcontrol.c:3283
 memcg_slab_free_hook+0xd9/0x150 mm/slab.h:364
 ___cache_free+0x46/0x300 mm/slab.c:3464
 __cache_free mm/slab.c:3453 [inline]
 kmem_cache_free+0x65/0x110 mm/slab.c:3741
 free_task_struct kernel/fork.c:175 [inline]
 free_task kernel/fork.c:469 [inline]
 __delayed_free_task+0x9a/0xb0 kernel/fork.c:1889
 rcu_do_batch kernel/rcu/tree.c:2506 [inline]
 rcu_core+0x7f7/0xeb0 kernel/rcu/tree.c:2741
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2754
 __do_softirq+0x158/0x2de kernel/softirq.c:558
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x2c7/0x2e0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

read to 0xffff888237c28138 of 4 bytes by task 30342 on cpu 1:
 drain_all_stock+0xd5/0x4b0 mm/memcontrol.c:2248
 mem_cgroup_css_offline+0x79/0x210 mm/memcontrol.c:5268
 offline_css kernel/cgroup/cgroup.c:5240 [inline]
 css_killed_work_fn+0x8d/0x210 kernel/cgroup/cgroup.c:5517
 process_one_work+0x3fc/0x980 kernel/workqueue.c:2298
 worker_thread+0x616/0xa70 kernel/workqueue.c:2445
 kthread+0x2c7/0x2e0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

value changed: 0x00000020 -> 0x00000003

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 30342 Comm: kworker/1:3 Not tainted 5.16.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: cgroup_destroy css_killed_work_fn
==================================================================
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/12/23 23:34 upstream 996a18eb796a 6caa12e4 .config log report info KCSAN: data-race in drain_all_stock / obj_cgroup_uncharge_pages
ci2-upstream-kcsan-gce 2021/12/14 07:24 upstream 5472f14a3742 5d14b1ea .config log report info KCSAN: data-race in drain_all_stock / obj_cgroup_uncharge_pages
* Struck through repros no longer work on HEAD.