syzbot


KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (2)

Status: auto-closed as invalid on 2021/10/20 23:01
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 448d, last: 448d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (4) 1 226d 226d 0/24 auto-closed as invalid on 2022/05/30 23:43
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter (3) 1 300d 300d 0/24 auto-closed as invalid on 2022/03/17 21:55
upstream KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter 2 487d 508d 0/24 auto-closed as invalid on 2021/09/11 16:58

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter

write to 0xffffea00053dc508 of 8 bytes by task 32217 on cpu 0:
 __list_add include/linux/list.h:71 [inline]
 list_add include/linux/list.h:86 [inline]
 add_page_to_lru_list include/linux/mm_inline.h:88 [inline]
 __pagevec_lru_add_fn+0x392/0x490 mm/swap.c:1021
 __pagevec_lru_add+0x189/0x240 mm/swap.c:1039
 lru_cache_add mm/swap.c:453 [inline]
 lru_cache_add_inactive_or_unevictable+0x156/0x270 mm/swap.c:484
 wp_page_copy+0x803/0x10a0 mm/memory.c:3061
 do_wp_page+0x5a8/0xba0
 handle_pte_fault mm/memory.c:4576 [inline]
 __handle_mm_fault mm/memory.c:4693 [inline]
 handle_mm_fault+0x96e/0x1580 mm/memory.c:4791
 do_user_addr_fault+0x609/0xbe0 arch/x86/mm/fault.c:1390
 handle_page_fault arch/x86/mm/fault.c:1475 [inline]
 exc_page_fault+0x91/0x220 arch/x86/mm/fault.c:1531
 asm_exc_page_fault+0x1e/0x30

read to 0xffffea00053dc508 of 8 bytes by task 32216 on cpu 1:
 page_is_pfmemalloc include/linux/mm.h:1679 [inline]
 __skb_fill_page_desc include/linux/skbuff.h:2189 [inline]
 skb_fill_page_desc include/linux/skbuff.h:2210 [inline]
 __zerocopy_sg_from_iter+0x668/0x830 net/core/datagram.c:680
 skb_zerocopy_iter_stream+0xfe/0x360 net/core/skbuff.c:1362
 tcp_sendmsg_locked+0xb9c/0x24c0 net/ipv4/tcp.c:1381
 tcp_sendmsg+0x2c/0x40 net/ipv4/tcp.c:1461
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:821
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmmsg+0x388/0x520 net/socket.c:2549
 __do_sys_sendmmsg net/socket.c:2578 [inline]
 __se_sys_sendmmsg net/socket.c:2575 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2575
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000000000000 -> 0xffffea00054cb408

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 32216 Comm: syz-executor.4 Tainted: G        W         5.15.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/09/15 22:58 upstream 80be5998ad63 07e953c1 .config log report info KCSAN: data-race in __pagevec_lru_add_fn / __zerocopy_sg_from_iter
* Struck through repros no longer work on HEAD.