| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68d63689.050a0220.25d7ab.00d9.GAE@google.com> Date: Thu, 25 Sep 2025 23:45:29 -0700 From: syzbot <syzbot+20dd68d4ba19e8242c26@...kaller.appspotmail.com> To: akpm@...ux-foundation.org, hannes@...xchg.org, jackmanb@...gle.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org, mhocko@...e.com, surenb@...gle.com, syzkaller-bugs@...glegroups.com, vbabka@...e.cz, ziy@...dia.com Subject: [syzbot] [mm?] KCSAN: data-race in try_to_compact_pages / try_to_compact_pages Hello, syzbot found the following issue on: HEAD commit: cec1e6e5d1ab Merge tag 'sched_ext-for-6.17-rc7-fixes' of g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12448f12580000 kernel config: https://syzkaller.appspot.com/x/.config?x=6e0c213d0735f5dd dashboard link: https://syzkaller.appspot.com/bug?extid=20dd68d4ba19e8242c26 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/10b7c8fdfdec/disk-cec1e6e5.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/cbecc36962db/vmlinux-cec1e6e5.xz kernel image: https://storage.googleapis.com/syzbot-assets/214f107d0a3e/bzImage-cec1e6e5.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+20dd68d4ba19e8242c26@...kaller.appspotmail.com ================================================================== BUG: KCSAN: data-race in try_to_compact_pages / try_to_compact_pages read-write to 0xffff88823fffacf0 of 4 bytes by task 6757 on cpu 1: compaction_deferred mm/compaction.c:149 [inline] try_to_compact_pages+0x1be/0x940 mm/compaction.c:2838 __alloc_pages_direct_compact+0x65/0x1d0 mm/page_alloc.c:4066 __alloc_pages_slowpath+0x360/0x5f0 mm/page_alloc.c:4787 __alloc_frozen_pages_noprof+0x270/0x360 mm/page_alloc.c:5161 alloc_pages_mpol+0xb3/0x250 mm/mempolicy.c:2416 alloc_frozen_pages_noprof+0x90/0x110 mm/mempolicy.c:2487 ___kmalloc_large_node+0x52/0x100 mm/slub.c:4317 __kmalloc_large_node_noprof+0x16/0xa0 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kmalloc_noprof+0x2ab/0x3e0 mm/slub.c:4388 kmalloc_noprof include/linux/slab.h:909 [inline] kmalloc_array_noprof include/linux/slab.h:948 [inline] io_vec_realloc io_uring/rsrc.c:1327 [inline] io_import_reg_vec+0x645/0xe80 io_uring/rsrc.c:1520 io_sendmsg_zc+0x91/0x550 io_uring/net.c:1545 __io_issue_sqe+0xfb/0x2e0 io_uring/io_uring.c:1771 io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1794 io_queue_sqe io_uring/io_uring.c:2023 [inline] io_submit_sqe io_uring/io_uring.c:2283 [inline] io_submit_sqes+0x675/0x1060 io_uring/io_uring.c:2396 __do_sys_io_uring_enter io_uring/io_uring.c:3463 [inline] __se_sys_io_uring_enter+0x1c1/0x1b70 io_uring/io_uring.c:3397 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3397 x64_sys_call+0x2de1/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:427 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f write to 0xffff88823fffacf0 of 4 bytes by task 6696 on cpu 0: compaction_deferred mm/compaction.c:150 [inline] try_to_compact_pages+0x207/0x940 mm/compaction.c:2838 __alloc_pages_direct_compact+0x65/0x1d0 mm/page_alloc.c:4066 __alloc_pages_slowpath+0x360/0x5f0 mm/page_alloc.c:4787 __alloc_frozen_pages_noprof+0x270/0x360 mm/page_alloc.c:5161 alloc_pages_mpol+0xb3/0x250 mm/mempolicy.c:2416 alloc_frozen_pages_noprof+0x90/0x110 mm/mempolicy.c:2487 ___kmalloc_large_node+0x52/0x100 mm/slub.c:4317 __kmalloc_large_node_noprof+0x16/0xa0 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kmalloc_noprof+0x2ab/0x3e0 mm/slub.c:4388 kmalloc_noprof include/linux/slab.h:909 [inline] kmalloc_array_noprof include/linux/slab.h:948 [inline] io_vec_realloc io_uring/rsrc.c:1327 [inline] io_import_reg_vec+0x645/0xe80 io_uring/rsrc.c:1520 io_sendmsg_zc+0x91/0x550 io_uring/net.c:1545 __io_issue_sqe+0xfb/0x2e0 io_uring/io_uring.c:1771 io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1794 io_queue_sqe io_uring/io_uring.c:2023 [inline] io_submit_sqe io_uring/io_uring.c:2283 [inline] io_submit_sqes+0x675/0x1060 io_uring/io_uring.c:2396 __do_sys_io_uring_enter io_uring/io_uring.c:3463 [inline] __se_sys_io_uring_enter+0x1c1/0x1b70 io_uring/io_uring.c:3397 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3397 x64_sys_call+0x2de1/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:427 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000005 -> 0x00000004 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 6696 Comm: syz.2.1234 Not tainted syzkaller #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@...glegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
Powered by blists - more mailing lists