lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000000000000817cf10620e20d33@google.com>
Date: Fri, 30 Aug 2024 01:05:21 -0700
From: syzbot <syzbot+e099d407346c45275ce9@...kaller.appspotmail.com>
To: akpm@...ux-foundation.org, cgroups@...r.kernel.org, hannes@...xchg.org, 
	linux-kernel@...r.kernel.org, linux-mm@...ck.org, mhocko@...nel.org, 
	muchun.song@...ux.dev, roman.gushchin@...ux.dev, shakeel.butt@...ux.dev, 
	syzkaller-bugs@...glegroups.com
Subject: [syzbot] [cgroups?] [mm?] KCSAN: data-race in mem_cgroup_iter / mem_cgroup_iter

Hello,

syzbot found the following issue on:

HEAD commit:    20371ba12063 Merge tag 'drm-fixes-2024-08-30' of https://g..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=107a8463980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6fafac02e339cc84
dashboard link: https://syzkaller.appspot.com/bug?extid=e099d407346c45275ce9
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4a8763df1c20/disk-20371ba1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f9678a905383/vmlinux-20371ba1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ef6e49adc393/bzImage-20371ba1.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e099d407346c45275ce9@...kaller.appspotmail.com

==================================================================
BUG: KCSAN: data-race in mem_cgroup_iter / mem_cgroup_iter

read-write to 0xffff888114b82668 of 4 bytes by task 5527 on cpu 1:
 mem_cgroup_iter+0x28e/0x380 mm/memcontrol.c:1080
 shrink_node_memcgs mm/vmscan.c:5924 [inline]
 shrink_node+0x74a/0x1d40 mm/vmscan.c:5948
 shrink_zones mm/vmscan.c:6192 [inline]
 do_try_to_free_pages+0x3c6/0xc50 mm/vmscan.c:6254
 try_to_free_mem_cgroup_pages+0x1f3/0x4f0 mm/vmscan.c:6586
 try_charge_memcg+0x2bc/0x810 mm/memcontrol.c:2210
 try_charge mm/memcontrol-v1.h:20 [inline]
 charge_memcg mm/memcontrol.c:4439 [inline]
 mem_cgroup_swapin_charge_folio+0x107/0x1a0 mm/memcontrol.c:4524
 __read_swap_cache_async+0x2b7/0x520 mm/swap_state.c:516
 swap_cluster_readahead+0x276/0x3f0 mm/swap_state.c:680
 swapin_readahead+0xe4/0x760 mm/swap_state.c:882
 do_swap_page+0x3da/0x1ef0 mm/memory.c:4119
 handle_pte_fault mm/memory.c:5524 [inline]
 __handle_mm_fault mm/memory.c:5664 [inline]
 handle_mm_fault+0x8cb/0x2a30 mm/memory.c:5832
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x3b9/0x650 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

read to 0xffff888114b82668 of 4 bytes by task 5528 on cpu 0:
 mem_cgroup_iter+0xba/0x380 mm/memcontrol.c:1018
 shrink_node_memcgs mm/vmscan.c:5869 [inline]
 shrink_node+0x458/0x1d40 mm/vmscan.c:5948
 shrink_zones mm/vmscan.c:6192 [inline]
 do_try_to_free_pages+0x3c6/0xc50 mm/vmscan.c:6254
 try_to_free_mem_cgroup_pages+0x1f3/0x4f0 mm/vmscan.c:6586
 try_charge_memcg+0x2bc/0x810 mm/memcontrol.c:2210
 try_charge mm/memcontrol-v1.h:20 [inline]
 charge_memcg mm/memcontrol.c:4439 [inline]
 mem_cgroup_swapin_charge_folio+0x107/0x1a0 mm/memcontrol.c:4524
 __read_swap_cache_async+0x2b7/0x520 mm/swap_state.c:516
 swap_cluster_readahead+0x276/0x3f0 mm/swap_state.c:680
 swapin_readahead+0xe4/0x760 mm/swap_state.c:882
 do_swap_page+0x3da/0x1ef0 mm/memory.c:4119
 handle_pte_fault mm/memory.c:5524 [inline]
 __handle_mm_fault mm/memory.c:5664 [inline]
 handle_mm_fault+0x8cb/0x2a30 mm/memory.c:5832
 do_user_addr_fault arch/x86/mm/fault.c:1389 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x296/0x650 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
 __get_user_8+0x11/0x20 arch/x86/lib/getuser.S:94
 fetch_robust_entry kernel/futex/core.c:783 [inline]
 exit_robust_list+0x31/0x280 kernel/futex/core.c:811
 futex_cleanup kernel/futex/core.c:1043 [inline]
 futex_exit_release+0xe3/0x130 kernel/futex/core.c:1144
 exit_mm_release+0x1a/0x30 kernel/fork.c:1637
 exit_mm+0x38/0x190 kernel/exit.c:544
 do_exit+0x55e/0x1720 kernel/exit.c:869
 do_group_exit+0x102/0x150 kernel/exit.c:1031
 get_signal+0xf2f/0x1080 kernel/signal.c:2917
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000522 -> 0x00000528

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5528 Comm: syz.3.488 Not tainted 6.11.0-rc5-syzkaller-00176-g20371ba12063 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
==================================================================
syz.3.488 (5528) used greatest stack depth: 9096 bytes left


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ