[moderation] [kernel?] KCSAN: data-race in __mem_cgroup_flush_stats / tick_do_update_jiffies64 (2)
3 views
Skip to first unread message
syzbot
Jun 18, 2025, 8:24:22 PM6/18/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 52da431bf03b Merge tag 'libnvdimm-fixes-6.16-rc3' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=157f35d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=25d7df3a6a1d1ea6
dashboard link: https://syzkaller.appspot.com/bug?extid=794bb8bc31fe2c876f17
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
CC: [anna-...@linutronix.de fred...@kernel.org linux-...@vger.kernel.org mi...@kernel.org tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6cf1b0066c08/disk-52da431b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a3e72711158a/vmlinux-52da431b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a403ba239c60/bzImage-52da431b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+794bb8...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __mem_cgroup_flush_stats / tick_do_update_jiffies64
read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0:
tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
__run_hrtimer kernel/time/hrtimer.c:1761 [inline]
__hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1825
hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1887
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
__sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1056
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
__sanitizer_cov_trace_pc+0x5d/0x70 kernel/kcov.c:233
arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline]
trace_sock_recv_length_enabled include/trace/events/sock.h:304 [inline]
sock_recvmsg_nosec+0x6b/0x130 net/socket.c:1021
____sys_recvmsg+0x26f/0x280 net/socket.c:2784
___sys_recvmsg+0x11f/0x370 net/socket.c:2828
do_recvmmsg+0x1ef/0x540 net/socket.c:2923
__sys_recvmmsg net/socket.c:2997 [inline]
__do_sys_recvmmsg net/socket.c:3020 [inline]
__se_sys_recvmmsg net/socket.c:3013 [inline]
__x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3013
x64_sys_call+0x1c6a/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:300
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff868099c0 of 8 bytes by task 3448 on cpu 1:
__mem_cgroup_flush_stats+0x91/0x150 mm/memcontrol.c:611
flush_memcg_stats_dwork+0x21/0x50 mm/memcontrol.c:649
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3321
worker_thread+0x582/0x770 kernel/workqueue.c:3402
kthread+0x486/0x510 kernel/kthread.c:464
ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0x00000000ffffe3b9 -> 0x00000000ffffe3ba
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3448 Comm: kworker/u8:7 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound flush_memcg_stats_dwork
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 52da431bf03b Merge tag 'libnvdimm-fixes-6.16-rc3' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=157f35d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=25d7df3a6a1d1ea6
dashboard link: https://syzkaller.appspot.com/bug?extid=794bb8bc31fe2c876f17
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
CC: [anna-...@linutronix.de fred...@kernel.org linux-...@vger.kernel.org mi...@kernel.org tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6cf1b0066c08/disk-52da431b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a3e72711158a/vmlinux-52da431b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a403ba239c60/bzImage-52da431b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+794bb8...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __mem_cgroup_flush_stats / tick_do_update_jiffies64
read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0:
tick_do_update_jiffies64+0x113/0x1c0 kernel/time/tick-sched.c:118
tick_sched_do_timer kernel/time/tick-sched.c:232 [inline]
tick_nohz_handler+0x7f/0x2d0 kernel/time/tick-sched.c:290
__run_hrtimer kernel/time/hrtimer.c:1761 [inline]
__hrtimer_run_queues+0x20f/0x5a0 kernel/time/hrtimer.c:1825
hrtimer_interrupt+0x21a/0x460 kernel/time/hrtimer.c:1887
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
__sysvec_apic_timer_interrupt+0x5f/0x1d0 arch/x86/kernel/apic/apic.c:1056
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0x6f/0x80 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
__sanitizer_cov_trace_pc+0x5d/0x70 kernel/kcov.c:233
arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline]
trace_sock_recv_length_enabled include/trace/events/sock.h:304 [inline]
sock_recvmsg_nosec+0x6b/0x130 net/socket.c:1021
____sys_recvmsg+0x26f/0x280 net/socket.c:2784
___sys_recvmsg+0x11f/0x370 net/socket.c:2828
do_recvmmsg+0x1ef/0x540 net/socket.c:2923
__sys_recvmmsg net/socket.c:2997 [inline]
__do_sys_recvmmsg net/socket.c:3020 [inline]
__se_sys_recvmmsg net/socket.c:3013 [inline]
__x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3013
x64_sys_call+0x1c6a/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:300
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff868099c0 of 8 bytes by task 3448 on cpu 1:
__mem_cgroup_flush_stats+0x91/0x150 mm/memcontrol.c:611
flush_memcg_stats_dwork+0x21/0x50 mm/memcontrol.c:649
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3321
worker_thread+0x582/0x770 kernel/workqueue.c:3402
kthread+0x486/0x510 kernel/kthread.c:464
ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0x00000000ffffe3b9 -> 0x00000000ffffe3ba
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3448 Comm: kworker/u8:7 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound flush_memcg_stats_dwork
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 13, 2025, 8:24:17 PM8/13/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages