syzbot

 sign-in | mailing list | source | docs
🐞 Open [983] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (3)

Status: auto-closed as invalid on 2022/03/17 21:55
Subsystems: mm
[Documentation on labels]
First crash: 804d, last: 804d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (4) mm 1 730d 730d 0/26 auto-closed as invalid on 2022/05/30 23:43
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter mm 2 991d 1012d 0/26 auto-closed as invalid on 2021/09/11 16:58
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (2) mm 1 952d 952d 0/26 auto-closed as invalid on 2021/10/20 23:01

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter

write to 0xffffea0004ead108 of 8 bytes by task 23672 on cpu 1:
 __list_add include/linux/list.h:73 [inline]
 list_add include/linux/list.h:88 [inline]
 lruvec_add_folio include/linux/mm_inline.h:102 [inline]
 __pagevec_lru_add_fn+0x2ae/0x380 mm/swap.c:1053
 __pagevec_lru_add+0x1c3/0x270 mm/swap.c:1071
 lru_add_drain_cpu+0x6a/0x260 mm/swap.c:613
 lru_add_drain+0x21/0x60 mm/swap.c:717
 unmap_region+0x73/0x1e0 mm/mmap.c:2653
 __do_munmap+0xeb5/0x1310 mm/mmap.c:2890
 do_munmap mm/mmap.c:2901 [inline]
 munmap_vma_range mm/mmap.c:604 [inline]
 mmap_region+0x59a/0x10b0 mm/mmap.c:1748
 do_mmap+0x781/0xc20 mm/mmap.c:1582
 vm_mmap_pgoff+0x117/0x1f0 mm/util.c:519
 ksys_mmap_pgoff+0x265/0x320 mm/mmap.c:1630
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffea0004ead108 of 8 bytes by task 23674 on cpu 0:
 page_is_pfmemalloc include/linux/mm.h:1780 [inline]
 __skb_fill_page_desc include/linux/skbuff.h:2258 [inline]
 skb_fill_page_desc include/linux/skbuff.h:2279 [inline]
 __zerocopy_sg_from_iter+0x698/0x870 net/core/datagram.c:681
 skb_zerocopy_iter_stream+0xfe/0x360 net/core/skbuff.c:1361
 tcp_sendmsg_locked+0xe68/0x25b0 net/ipv4/tcp.c:1366
 tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1444
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000000000000 -> 0xffffea0004ef2bc8

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 23674 Comm: syz-executor.1 Not tainted 5.17.0-rc3-syzkaller-00048-ge3c85076d7a6-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/02/10 21:49 upstream e3c85076d7a6 0b33604d .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter
* Struck through repros no longer work on HEAD.