[moderation] [mm?] KCSAN: data-race in shmem_file_splice_read / shmem_setattr (4)
7 views
Skip to first unread message
syzbot
Dec 9, 2023, 7:08:25 PM12/9/23
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 090472ed9c92 Merge tag 'usb-6.7-rc3' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=123f6194e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=8c1151391aefc0c3
dashboard link: https://syzkaller.appspot.com/bug?extid=1b3d0067094b15e58bbf
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [ak...@linux-foundation.org hu...@google.com linux-...@vger.kernel.org linu...@kvack.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1a174462946c/disk-090472ed.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5b721db2846b/vmlinux-090472ed.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7267027fa885/bzImage-090472ed.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1b3d00...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in shmem_file_splice_read / shmem_setattr
write to 0xffff88813e06a700 of 8 bytes by task 25586 on cpu 1:
i_size_write include/linux/fs.h:932 [inline]
shmem_setattr+0x6fb/0x830 mm/shmem.c:1168
notify_change+0x866/0x8e0 fs/attr.c:499
do_truncate+0x116/0x150 fs/open.c:66
do_sys_ftruncate+0x2ba/0x3b0 fs/open.c:194
__do_sys_ftruncate fs/open.c:205 [inline]
__se_sys_ftruncate fs/open.c:203 [inline]
__x64_sys_ftruncate+0x33/0x40 fs/open.c:203
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
read to 0xffff88813e06a700 of 8 bytes by task 25582 on cpu 0:
i_size_read include/linux/fs.h:910 [inline]
shmem_file_splice_read+0x1dd/0x600 mm/shmem.c:2975
vfs_splice_read fs/splice.c:993 [inline]
splice_direct_to_actor+0x28c/0x690 fs/splice.c:1069
do_splice_direct+0x10d/0x190 fs/splice.c:1194
do_sendfile+0x3c4/0x980 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1316 [inline]
__se_sys_sendfile64 fs/read_write.c:1308 [inline]
__x64_sys_sendfile64+0xbd/0x150 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x00000000000004f7 -> 0x000000000000000d
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25582 Comm: syz-executor.5 Not tainted 6.7.0-rc2-syzkaller-00242-g090472ed9c92 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 090472ed9c92 Merge tag 'usb-6.7-rc3' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=123f6194e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=8c1151391aefc0c3
dashboard link: https://syzkaller.appspot.com/bug?extid=1b3d0067094b15e58bbf
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [ak...@linux-foundation.org hu...@google.com linux-...@vger.kernel.org linu...@kvack.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1a174462946c/disk-090472ed.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5b721db2846b/vmlinux-090472ed.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7267027fa885/bzImage-090472ed.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1b3d00...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in shmem_file_splice_read / shmem_setattr
write to 0xffff88813e06a700 of 8 bytes by task 25586 on cpu 1:
i_size_write include/linux/fs.h:932 [inline]
shmem_setattr+0x6fb/0x830 mm/shmem.c:1168
notify_change+0x866/0x8e0 fs/attr.c:499
do_truncate+0x116/0x150 fs/open.c:66
do_sys_ftruncate+0x2ba/0x3b0 fs/open.c:194
__do_sys_ftruncate fs/open.c:205 [inline]
__se_sys_ftruncate fs/open.c:203 [inline]
__x64_sys_ftruncate+0x33/0x40 fs/open.c:203
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
read to 0xffff88813e06a700 of 8 bytes by task 25582 on cpu 0:
i_size_read include/linux/fs.h:910 [inline]
shmem_file_splice_read+0x1dd/0x600 mm/shmem.c:2975
vfs_splice_read fs/splice.c:993 [inline]
splice_direct_to_actor+0x28c/0x690 fs/splice.c:1069
do_splice_direct+0x10d/0x190 fs/splice.c:1194
do_sendfile+0x3c4/0x980 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1316 [inline]
__se_sys_sendfile64 fs/read_write.c:1308 [inline]
__x64_sys_sendfile64+0xbd/0x150 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x00000000000004f7 -> 0x000000000000000d
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25582 Comm: syz-executor.5 Not tainted 6.7.0-rc2-syzkaller-00242-g090472ed9c92 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jan 24, 2024, 4:39:16 PM1/24/24
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages