[moderation] [ext4?] KCSAN: data-race in xas_find_marked / xas_init_marks (7)
2 views
Skip to first unread message
syzbot
Jun 21, 2026, 11:30:33 PM (17 hours ago) Jun 21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8cd8cf7a07e5 Merge tag 'scsi-misc' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=152222ae580000
kernel config: https://syzkaller.appspot.com/x/.config?x=da1374883fd3c788
dashboard link: https://syzkaller.appspot.com/bug?extid=20c072318ddd5ab4b481
compiler: Debian clang version 22.1.6 (++20260514074242+fc4aad7b5db3-1~exp1~20260514074407.73), Debian LLD 22.1.6
CC: [adilger...@dilger.ca ja...@suse.cz liba...@linux.alibaba.com linux...@vger.kernel.org linux-...@vger.kernel.org oja...@linux.ibm.com rites...@gmail.com ty...@mit.edu yi.z...@huawei.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9308709bb66a/disk-8cd8cf7a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a3bd564d0cb7/vmlinux-8cd8cf7a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3c139da2b0a7/bzImage-8cd8cf7a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+20c072...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in xas_find_marked / xas_init_marks
read-write to 0xffff88811f10dfe0 of 8 bytes by task 14572 on cpu 0:
instrument_read_write include/linux/instrumented.h:56 [inline]
__instrument_read_write_bitop include/asm-generic/bitops/instrumented-non-atomic.h:84 [inline]
___test_and_clear_bit include/asm-generic/bitops/instrumented-non-atomic.h:114 [inline]
node_clear_mark lib/xarray.c:102 [inline]
xas_clear_mark lib/xarray.c:922 [inline]
xas_init_marks+0x18a/0x320 lib/xarray.c:955
xas_store+0x243/0xce0 lib/xarray.c:817
page_cache_delete_batch mm/filemap.c:315 [inline]
delete_from_page_cache_batch+0x324/0x720 mm/filemap.c:337
truncate_inode_pages_range+0x1f3/0x7d0 mm/truncate.c:405
truncate_inode_pages mm/truncate.c:485 [inline]
truncate_pagecache+0x53/0x70 mm/truncate.c:798
ext4_setattr+0xb71/0x1140 fs/ext4/inode.c:6139
notify_change+0x842/0x8c0 fs/attr.c:556
do_truncate fs/open.c:68 [inline]
do_ftruncate+0x344/0x410 fs/open.c:194
ksys_ftruncate fs/open.c:206 [inline]
__do_sys_ftruncate fs/open.c:211 [inline]
__se_sys_ftruncate fs/open.c:209 [inline]
__x64_sys_ftruncate+0x65/0xc0 fs/open.c:209
x64_sys_call+0x2beb/0x3020 arch/x86/include/generated/asm/syscalls_64.h:78
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88811f10dfe0 of 8 bytes by task 5934 on cpu 1:
xas_find_chunk include/linux/xarray.h:1752 [inline]
xas_find_marked+0x211/0x650 lib/xarray.c:1510
find_get_entry mm/filemap.c:2082 [inline]
filemap_get_folios_tag+0xf7/0x400 mm/filemap.c:2349
mpage_prepare_extent_to_map+0x2f8/0xc00 fs/ext4/inode.c:2656
ext4_do_writepages+0x9e5/0x2720 fs/ext4/inode.c:2947
ext4_writepages+0x18f/0x300 fs/ext4/inode.c:3043
do_writepages+0x1b9/0x300 mm/page-writeback.c:2571
__writeback_single_inode+0x7b/0x660 fs/fs-writeback.c:1787
writeback_sb_inodes+0x4d9/0xaa0 fs/fs-writeback.c:2079
wb_writeback+0x20c/0x510 fs/fs-writeback.c:2264
wb_do_writeback fs/fs-writeback.c:2432 [inline]
wb_workfn+0x1a4/0xa50 fs/fs-writeback.c:2477
process_one_work kernel/workqueue.c:3322 [inline]
process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
worker_thread+0x569/0x750 kernel/workqueue.c:3486
kthread+0x221/0x270 kernel/kthread.c:436
ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0xffffffffffffffff -> 0xffffffff80000000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5934 Comm: kworker/u8:10 Tainted: G W syzkaller #0 PREEMPT(lazy)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: writeback wb_workfn (flush-7:2)
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 8cd8cf7a07e5 Merge tag 'scsi-misc' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=152222ae580000
kernel config: https://syzkaller.appspot.com/x/.config?x=da1374883fd3c788
dashboard link: https://syzkaller.appspot.com/bug?extid=20c072318ddd5ab4b481
compiler: Debian clang version 22.1.6 (++20260514074242+fc4aad7b5db3-1~exp1~20260514074407.73), Debian LLD 22.1.6
CC: [adilger...@dilger.ca ja...@suse.cz liba...@linux.alibaba.com linux...@vger.kernel.org linux-...@vger.kernel.org oja...@linux.ibm.com rites...@gmail.com ty...@mit.edu yi.z...@huawei.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9308709bb66a/disk-8cd8cf7a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a3bd564d0cb7/vmlinux-8cd8cf7a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3c139da2b0a7/bzImage-8cd8cf7a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+20c072...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in xas_find_marked / xas_init_marks
read-write to 0xffff88811f10dfe0 of 8 bytes by task 14572 on cpu 0:
instrument_read_write include/linux/instrumented.h:56 [inline]
__instrument_read_write_bitop include/asm-generic/bitops/instrumented-non-atomic.h:84 [inline]
___test_and_clear_bit include/asm-generic/bitops/instrumented-non-atomic.h:114 [inline]
node_clear_mark lib/xarray.c:102 [inline]
xas_clear_mark lib/xarray.c:922 [inline]
xas_init_marks+0x18a/0x320 lib/xarray.c:955
xas_store+0x243/0xce0 lib/xarray.c:817
page_cache_delete_batch mm/filemap.c:315 [inline]
delete_from_page_cache_batch+0x324/0x720 mm/filemap.c:337
truncate_inode_pages_range+0x1f3/0x7d0 mm/truncate.c:405
truncate_inode_pages mm/truncate.c:485 [inline]
truncate_pagecache+0x53/0x70 mm/truncate.c:798
ext4_setattr+0xb71/0x1140 fs/ext4/inode.c:6139
notify_change+0x842/0x8c0 fs/attr.c:556
do_truncate fs/open.c:68 [inline]
do_ftruncate+0x344/0x410 fs/open.c:194
ksys_ftruncate fs/open.c:206 [inline]
__do_sys_ftruncate fs/open.c:211 [inline]
__se_sys_ftruncate fs/open.c:209 [inline]
__x64_sys_ftruncate+0x65/0xc0 fs/open.c:209
x64_sys_call+0x2beb/0x3020 arch/x86/include/generated/asm/syscalls_64.h:78
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88811f10dfe0 of 8 bytes by task 5934 on cpu 1:
xas_find_chunk include/linux/xarray.h:1752 [inline]
xas_find_marked+0x211/0x650 lib/xarray.c:1510
find_get_entry mm/filemap.c:2082 [inline]
filemap_get_folios_tag+0xf7/0x400 mm/filemap.c:2349
mpage_prepare_extent_to_map+0x2f8/0xc00 fs/ext4/inode.c:2656
ext4_do_writepages+0x9e5/0x2720 fs/ext4/inode.c:2947
ext4_writepages+0x18f/0x300 fs/ext4/inode.c:3043
do_writepages+0x1b9/0x300 mm/page-writeback.c:2571
__writeback_single_inode+0x7b/0x660 fs/fs-writeback.c:1787
writeback_sb_inodes+0x4d9/0xaa0 fs/fs-writeback.c:2079
wb_writeback+0x20c/0x510 fs/fs-writeback.c:2264
wb_do_writeback fs/fs-writeback.c:2432 [inline]
wb_workfn+0x1a4/0xa50 fs/fs-writeback.c:2477
process_one_work kernel/workqueue.c:3322 [inline]
process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
worker_thread+0x569/0x750 kernel/workqueue.c:3486
kthread+0x221/0x270 kernel/kthread.c:436
ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0xffffffffffffffff -> 0xffffffff80000000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5934 Comm: kworker/u8:10 Tainted: G W syzkaller #0 PREEMPT(lazy)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: writeback wb_workfn (flush-7:2)
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages