syzbot


KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (4)

Status: auto-closed as invalid on 2022/05/30 23:43
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 216d, last: 216d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (3) 1 290d 290d 0/24 auto-closed as invalid on 2022/03/17 21:55
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter 2 477d 498d 0/24 auto-closed as invalid on 2021/09/11 16:58
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (2) 1 438d 438d 0/24 auto-closed as invalid on 2021/10/20 23:01

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter

write to 0xffffea0004b2a4c8 of 8 bytes by task 5629 on cpu 0:
 __list_add include/linux/list.h:73 [inline]
 list_add include/linux/list.h:88 [inline]
 lruvec_add_folio include/linux/mm_inline.h:103 [inline]
 __pagevec_lru_add_fn+0x446/0x520 mm/swap.c:1042
 __pagevec_lru_add+0x1c6/0x320 mm/swap.c:1060
 folio_add_lru+0x112/0x160 mm/swap.c:467
 lru_cache_add+0x3b/0xe0 mm/folio-compat.c:109
 lru_cache_add_inactive_or_unevictable+0x44/0x60 mm/swap.c:488
 wp_page_copy+0x795/0x12a0 mm/memory.c:3076
 do_wp_page+0x641/0xd00
 handle_pte_fault mm/memory.c:4645 [inline]
 __handle_mm_fault mm/memory.c:4763 [inline]
 handle_mm_fault+0x897/0xa40 mm/memory.c:4861
 do_user_addr_fault+0x4cd/0x940 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1484 [inline]
 exc_page_fault+0x60/0x160 arch/x86/mm/fault.c:1540
 asm_exc_page_fault+0x1e/0x30

read to 0xffffea0004b2a4c8 of 8 bytes by task 5628 on cpu 1:
 page_is_pfmemalloc include/linux/mm.h:1788 [inline]
 __skb_fill_page_desc include/linux/skbuff.h:2410 [inline]
 skb_fill_page_desc include/linux/skbuff.h:2431 [inline]
 __zerocopy_sg_from_iter+0x679/0x9b0 net/core/datagram.c:681
 skb_zerocopy_iter_stream+0xfd/0x350 net/core/skbuff.c:1362
 tcp_sendmsg_locked+0xfcc/0x1fd0 net/ipv4/tcp.c:1371
 tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1449
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x38f/0x500 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmmsg+0x27c/0x4a0 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000000000000 -> 0xffffea000499e1c8

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 5628 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/04/25 23:34 upstream af2d861d4cd2 152baedd .config log report info KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter
* Struck through repros no longer work on HEAD.