[moderation] [cgroups?] [mm?] KCSAN: data-race in mem_cgroup_update_tree / mem_cgroup_update_tree
7 views
Skip to first unread message
syzbot
Jan 16, 2024, 2:02:22 AM1/16/24
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 052d534373b7 Merge tag 'exfat-for-6.8-rc1' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15e20debe80000
kernel config: https://syzkaller.appspot.com/x/.config?x=adb08aaa4585df88
dashboard link: https://syzkaller.appspot.com/bug?extid=2020c4484c2d61b83c32
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [ak...@linux-foundation.org cgr...@vger.kernel.org han...@cmpxchg.org linux-...@vger.kernel.org linu...@kvack.org mho...@kernel.org muchu...@linux.dev roman.g...@linux.dev shak...@google.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/475d9c925209/disk-052d5343.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1aa974d3b699/vmlinux-052d5343.xz
kernel image: https://storage.googleapis.com/syzbot-assets/046680ef4c9b/bzImage-052d5343.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2020c4...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in mem_cgroup_update_tree / mem_cgroup_update_tree
write to 0xffff88813dab4d90 of 1 bytes by task 14046 on cpu 1:
__mem_cgroup_remove_exceeded mm/memcontrol.c:459 [inline]
mem_cgroup_update_tree+0x1e3/0x290 mm/memcontrol.c:516
memcg_check_events mm/memcontrol.c:1036 [inline]
uncharge_batch+0x2ec/0x390 mm/memcontrol.c:7394
__mem_cgroup_uncharge+0x70/0x90 mm/memcontrol.c:7470
mem_cgroup_uncharge include/linux/memcontrol.h:712 [inline]
destroy_large_folio+0x25/0x60 mm/page_alloc.c:602
__folio_put_large+0x75/0x80 mm/swap.c:119
__folio_put+0x60/0x70 mm/swap.c:127
folio_put include/linux/mm.h:1494 [inline]
io_mem_free io_uring/io_uring.c:2669 [inline]
io_rings_free+0x28f/0x4e0 io_uring/io_uring.c:2765
io_ring_ctx_free+0x41a/0x590 io_uring/io_uring.c:2885
io_ring_exit_work+0x4c8/0x4f0 io_uring/io_uring.c:3098
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
read to 0xffff88813dab4d90 of 1 bytes by task 14019 on cpu 0:
mem_cgroup_update_tree+0x152/0x290 mm/memcontrol.c:510
memcg_check_events mm/memcontrol.c:1036 [inline]
uncharge_batch+0x2ec/0x390 mm/memcontrol.c:7394
__mem_cgroup_uncharge+0x70/0x90 mm/memcontrol.c:7470
mem_cgroup_uncharge include/linux/memcontrol.h:712 [inline]
destroy_large_folio+0x25/0x60 mm/page_alloc.c:602
__folio_put_large+0x75/0x80 mm/swap.c:119
__folio_put+0x60/0x70 mm/swap.c:127
folio_put include/linux/mm.h:1494 [inline]
io_mem_free io_uring/io_uring.c:2669 [inline]
io_rings_free+0x28f/0x4e0 io_uring/io_uring.c:2765
io_ring_ctx_free+0x41a/0x590 io_uring/io_uring.c:2885
io_ring_exit_work+0x4c8/0x4f0 io_uring/io_uring.c:3098
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
value changed: 0x01 -> 0x00
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14019 Comm: kworker/u4:2 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound io_ring_exit_work
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 052d534373b7 Merge tag 'exfat-for-6.8-rc1' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15e20debe80000
kernel config: https://syzkaller.appspot.com/x/.config?x=adb08aaa4585df88
dashboard link: https://syzkaller.appspot.com/bug?extid=2020c4484c2d61b83c32
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [ak...@linux-foundation.org cgr...@vger.kernel.org han...@cmpxchg.org linux-...@vger.kernel.org linu...@kvack.org mho...@kernel.org muchu...@linux.dev roman.g...@linux.dev shak...@google.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/475d9c925209/disk-052d5343.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1aa974d3b699/vmlinux-052d5343.xz
kernel image: https://storage.googleapis.com/syzbot-assets/046680ef4c9b/bzImage-052d5343.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2020c4...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in mem_cgroup_update_tree / mem_cgroup_update_tree
write to 0xffff88813dab4d90 of 1 bytes by task 14046 on cpu 1:
__mem_cgroup_remove_exceeded mm/memcontrol.c:459 [inline]
mem_cgroup_update_tree+0x1e3/0x290 mm/memcontrol.c:516
memcg_check_events mm/memcontrol.c:1036 [inline]
uncharge_batch+0x2ec/0x390 mm/memcontrol.c:7394
__mem_cgroup_uncharge+0x70/0x90 mm/memcontrol.c:7470
mem_cgroup_uncharge include/linux/memcontrol.h:712 [inline]
destroy_large_folio+0x25/0x60 mm/page_alloc.c:602
__folio_put_large+0x75/0x80 mm/swap.c:119
__folio_put+0x60/0x70 mm/swap.c:127
folio_put include/linux/mm.h:1494 [inline]
io_mem_free io_uring/io_uring.c:2669 [inline]
io_rings_free+0x28f/0x4e0 io_uring/io_uring.c:2765
io_ring_ctx_free+0x41a/0x590 io_uring/io_uring.c:2885
io_ring_exit_work+0x4c8/0x4f0 io_uring/io_uring.c:3098
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
read to 0xffff88813dab4d90 of 1 bytes by task 14019 on cpu 0:
mem_cgroup_update_tree+0x152/0x290 mm/memcontrol.c:510
memcg_check_events mm/memcontrol.c:1036 [inline]
uncharge_batch+0x2ec/0x390 mm/memcontrol.c:7394
__mem_cgroup_uncharge+0x70/0x90 mm/memcontrol.c:7470
mem_cgroup_uncharge include/linux/memcontrol.h:712 [inline]
destroy_large_folio+0x25/0x60 mm/page_alloc.c:602
__folio_put_large+0x75/0x80 mm/swap.c:119
__folio_put+0x60/0x70 mm/swap.c:127
folio_put include/linux/mm.h:1494 [inline]
io_mem_free io_uring/io_uring.c:2669 [inline]
io_rings_free+0x28f/0x4e0 io_uring/io_uring.c:2765
io_ring_ctx_free+0x41a/0x590 io_uring/io_uring.c:2885
io_ring_exit_work+0x4c8/0x4f0 io_uring/io_uring.c:3098
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
value changed: 0x01 -> 0x00
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14019 Comm: kworker/u4:2 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound io_ring_exit_work
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Feb 20, 2024, 2:02:15 AM2/20/24
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages