KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from

KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter
Status: auto-closed as invalid on 2021/09/11 16:58
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 93d, last: 72d

Sample crash report:

==================================================================
BUG: KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter

write to 0xffffea0004e5ff88 of 8 bytes by task 14756 on cpu 1:
 __list_add include/linux/list.h:71 [inline]
 list_add include/linux/list.h:86 [inline]
 add_page_to_lru_list include/linux/mm_inline.h:88 [inline]
 __pagevec_lru_add_fn+0x38c/0x490 mm/swap.c:1043
 __pagevec_lru_add+0x189/0x240 mm/swap.c:1061
 lru_add_drain_cpu+0x6d/0x270 mm/swap.c:619
 lru_add_drain+0x28/0x40 mm/swap.c:724
 exit_mmap+0x208/0x460 mm/mmap.c:3196
 __mmput+0x27/0x1c0 kernel/fork.c:1101
 mmput+0x3d/0x50 kernel/fork.c:1122
 exit_mm+0x2f7/0x3f0 kernel/exit.c:501
 do_exit+0x402/0x1530 kernel/exit.c:812
 do_group_exit+0xce/0x1a0 kernel/exit.c:922
 get_signal+0xfa3/0x15e0 kernel/signal.c:2808
 arch_do_signal_or_restart+0x2a/0x220 arch/x86/kernel/signal.c:865
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x109/0x190 kernel/entry/common.c:209
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x49/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffea0004e5ff88 of 8 bytes by task 14755 on cpu 0:
 page_is_pfmemalloc include/linux/mm.h:1678 [inline]
 __skb_fill_page_desc include/linux/skbuff.h:2184 [inline]
 skb_fill_page_desc include/linux/skbuff.h:2205 [inline]
 __zerocopy_sg_from_iter+0x658/0x820 net/core/datagram.c:680
 skb_zerocopy_iter_stream+0xfe/0x360 net/core/skbuff.c:1358
 tcp_sendmsg_locked+0xb6c/0x24b0 net/ipv4/tcp.c:1381
 tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1461
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:821
 sock_sendmsg_nosec net/socket.c:703 [inline]
 sock_sendmsg net/socket.c:723 [inline]
 ____sys_sendmsg+0x360/0x4d0 net/socket.c:2392
 ___sys_sendmsg net/socket.c:2446 [inline]
 __sys_sendmmsg+0x315/0x4b0 net/socket.c:2532
 __do_sys_sendmmsg net/socket.c:2561 [inline]
 __se_sys_sendmmsg net/socket.c:2558 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2558
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000000000000 -> 0xffffea0004e5f988

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14755 Comm: syz-executor.2 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-upstream-kcsan-gce	2021/08/07 16:54	upstream	c9194f32bfd9	6972b106	.config	log	report			info	KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter
ci2-upstream-kcsan-gce	2021/07/17 16:32	upstream	d980cc0620ae	f115ae98	.config	log	report			info	KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter