[moderation] [mm?] KCSAN: data-race in filemap_fault / filemap_read_folio
0 views
Skip to first unread message
syzbot
3:42 AM (18 hours ago) 3:42 AM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8bc67e4db64a Merge tag 'erofs-for-7.1-rc5-fixes' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17b16b06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2e40c0f41e01837e
dashboard link: https://syzkaller.appspot.com/bug?extid=b8092072949d8acc854b
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [ak...@linux-foundation.org da...@kernel.org j...@ziepe.ca jhub...@nvidia.com linux-...@vger.kernel.org linu...@kvack.org pet...@redhat.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7f7e86848d38/disk-8bc67e4d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b45ffa8926f1/vmlinux-8bc67e4d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/049da472fcb0/bzImage-8bc67e4d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b80920...@syzkaller.appspotmail.com
FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
FAT-fs (loop1): Filesystem has been set read-only
FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
==================================================================
BUG: KCSAN: data-race in filemap_fault / filemap_read_folio
read to 0xffff88811a777398 of 4 bytes by task 3803 on cpu 0:
do_async_mmap_readahead mm/filemap.c:3425 [inline]
filemap_fault+0x1ce/0xb70 mm/filemap.c:3541
__do_fault mm/memory.c:5474 [inline]
do_shared_fault mm/memory.c:5973 [inline]
do_fault mm/memory.c:6047 [inline]
do_pte_missing mm/memory.c:4566 [inline]
handle_pte_fault mm/memory.c:6427 [inline]
__handle_mm_fault mm/memory.c:6565 [inline]
handle_mm_fault+0x1a26/0x2e70 mm/memory.c:6734
do_user_addr_fault+0x62f/0x1050 arch/x86/mm/fault.c:1334
handle_page_fault arch/x86/mm/fault.c:1474 [inline]
exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
read-write to 0xffff88811a777398 of 4 bytes by task 3804 on cpu 1:
shrink_readahead_size_eio mm/filemap.c:2444 [inline]
filemap_read_folio+0xea/0x110 mm/filemap.c:2514
filemap_fault+0x5ae/0xb70 mm/filemap.c:3647
__do_fault mm/memory.c:5474 [inline]
do_read_fault mm/memory.c:5909 [inline]
do_fault mm/memory.c:6043 [inline]
do_pte_missing mm/memory.c:4566 [inline]
handle_pte_fault mm/memory.c:6427 [inline]
__handle_mm_fault mm/memory.c:6565 [inline]
handle_mm_fault+0x16cd/0x2e70 mm/memory.c:6734
faultin_page mm/gup.c:1126 [inline]
__get_user_pages+0x1290/0x1f10 mm/gup.c:1428
populate_vma_page_range mm/gup.c:1860 [inline]
__mm_populate+0x242/0x390 mm/gup.c:1963
mm_populate include/linux/mm.h:4137 [inline]
vm_mmap_pgoff+0x23b/0x2d0 mm/util.c:586
ksys_mmap_pgoff+0x267/0x310 mm/mmap.c:606
x64_sys_call+0x14df/0x3020 arch/x86/include/generated/asm/syscalls_64.h:10
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000020 -> 0x00000000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3804 Comm: syz.1.91 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 8bc67e4db64a Merge tag 'erofs-for-7.1-rc5-fixes' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17b16b06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2e40c0f41e01837e
dashboard link: https://syzkaller.appspot.com/bug?extid=b8092072949d8acc854b
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [ak...@linux-foundation.org da...@kernel.org j...@ziepe.ca jhub...@nvidia.com linux-...@vger.kernel.org linu...@kvack.org pet...@redhat.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7f7e86848d38/disk-8bc67e4d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b45ffa8926f1/vmlinux-8bc67e4d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/049da472fcb0/bzImage-8bc67e4d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b80920...@syzkaller.appspotmail.com
FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
FAT-fs (loop1): Filesystem has been set read-only
FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100)
==================================================================
BUG: KCSAN: data-race in filemap_fault / filemap_read_folio
read to 0xffff88811a777398 of 4 bytes by task 3803 on cpu 0:
do_async_mmap_readahead mm/filemap.c:3425 [inline]
filemap_fault+0x1ce/0xb70 mm/filemap.c:3541
__do_fault mm/memory.c:5474 [inline]
do_shared_fault mm/memory.c:5973 [inline]
do_fault mm/memory.c:6047 [inline]
do_pte_missing mm/memory.c:4566 [inline]
handle_pte_fault mm/memory.c:6427 [inline]
__handle_mm_fault mm/memory.c:6565 [inline]
handle_mm_fault+0x1a26/0x2e70 mm/memory.c:6734
do_user_addr_fault+0x62f/0x1050 arch/x86/mm/fault.c:1334
handle_page_fault arch/x86/mm/fault.c:1474 [inline]
exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
read-write to 0xffff88811a777398 of 4 bytes by task 3804 on cpu 1:
shrink_readahead_size_eio mm/filemap.c:2444 [inline]
filemap_read_folio+0xea/0x110 mm/filemap.c:2514
filemap_fault+0x5ae/0xb70 mm/filemap.c:3647
__do_fault mm/memory.c:5474 [inline]
do_read_fault mm/memory.c:5909 [inline]
do_fault mm/memory.c:6043 [inline]
do_pte_missing mm/memory.c:4566 [inline]
handle_pte_fault mm/memory.c:6427 [inline]
__handle_mm_fault mm/memory.c:6565 [inline]
handle_mm_fault+0x16cd/0x2e70 mm/memory.c:6734
faultin_page mm/gup.c:1126 [inline]
__get_user_pages+0x1290/0x1f10 mm/gup.c:1428
populate_vma_page_range mm/gup.c:1860 [inline]
__mm_populate+0x242/0x390 mm/gup.c:1963
mm_populate include/linux/mm.h:4137 [inline]
vm_mmap_pgoff+0x23b/0x2d0 mm/util.c:586
ksys_mmap_pgoff+0x267/0x310 mm/mmap.c:606
x64_sys_call+0x14df/0x3020 arch/x86/include/generated/asm/syscalls_64.h:10
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000020 -> 0x00000000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3804 Comm: syz.1.91 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages