From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2AFECF2590 for ; Mon, 14 Oct 2024 06:40:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7ABFE6B0089; Mon, 14 Oct 2024 02:40:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 75A536B008A; Mon, 14 Oct 2024 02:40:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 649086B008C; Mon, 14 Oct 2024 02:40:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 47CD86B0089 for ; Mon, 14 Oct 2024 02:40:21 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id C97CA160B92 for ; Mon, 14 Oct 2024 06:40:12 +0000 (UTC) X-FDA: 82671258474.15.3648EDF Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) by imf19.hostedemail.com (Postfix) with ESMTP id DE4251A0011 for ; Mon, 14 Oct 2024 06:40:11 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=L3XbZdeW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf19.hostedemail.com: domain of snovitoll@gmail.com designates 209.85.218.41 as permitted sender) smtp.mailfrom=snovitoll@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728887904; a=rsa-sha256; cv=none; b=gPjfS2e5sNaefno3+cnqmxPySfnKDKzefbuFblVTCYvTiNKj5mPyJrY2uWgFj98iXwqO4w yEaVUyeCb/LCki0g7KEfF5IeYNL0uCNC+EBxycuGJTkH4Bibtibw+rug2zd9+w8ytFk72z tHNTiQk8m18569YiL0hFsRSYDR65jMI= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=L3XbZdeW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf19.hostedemail.com: domain of snovitoll@gmail.com designates 209.85.218.41 as permitted sender) smtp.mailfrom=snovitoll@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728887904; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TR0VkSzHgQed4LGhsboXO1HzDsdYANLCRc7hah45+yU=; b=IQxwsVyK6LMH8K2rsDizMv2pYFxQMpMBagtsw6dhstjtY0Ya8gaZrRFUvS4SKQhbGwAnwi n42TDGiD/sMgLfgWJaW+gVEnK7ONeYhtuvak573BlAdVK8u2PHBS38vfeRj9qgmenXhnSC /RD/ZthqzuL+f+AGt6NodC3N7jkZllc= Received: by mail-ej1-f41.google.com with SMTP id a640c23a62f3a-a9a0f198d38so96986466b.1 for ; Sun, 13 Oct 2024 23:40:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728888017; x=1729492817; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=TR0VkSzHgQed4LGhsboXO1HzDsdYANLCRc7hah45+yU=; b=L3XbZdeWwEpOGNYZsGwSEkFyoZWLYAsP7jbUSQkt0HIZ9U/0GZod0Nbi2bzXwfBmlC zPveWHJ6oYYs1UugsyPk/x/ix002hDksA/LgGDWyoZHVEPss21dKrxtFqXQ9IgvUrATY +Nm72AjTBbBltRC4nPj3j2N0x4YuOe7W7Q1N+eNlGbBN3/N/4IBAU78mJlPryTbpTTim q1khoFLdjtqpevIA1QOJ/zizp2xhA/I5fYpjZvIOJH+ACcF5PIFAqiiJ9F1AaguD4gpk Q2Sk909VBMuprXTeV/oTt1mYekxpShDyI2SnjLPG1j9KTEELhhwwkIDcGxiLhltKYwOm wscQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728888017; x=1729492817; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TR0VkSzHgQed4LGhsboXO1HzDsdYANLCRc7hah45+yU=; b=Y+EmF6btA3EpPMZjpvnhFJMoeBYB7U4OpWJ+P80a8O/KQoJ0eH96uKEFId5TsMbMMx hiXXNsKBuMxeSKC9lvoJBEgQz9r+ZHKVfgeASyeLc5WJTYivDn5hq1wmNJYi4bh2M/zh TEEfaOSOgmiKT7RTrDoccZQuB0v9KUHTkPHJxenHUARpkTtvsP6lLepnItX4pd+66chA CjyrwEUswwPhr58Sar7BMxAT0K2kSE3fs9wZMQYOAmFP4dBdZFZdv7Ife7PJZ75P299Z u3wdNdd3pn7QWB0wqSRU2KowZH4vQjNmytrfXMQsmvjX3IUL4fEQ3G8VnmmENvEWozk3 XO4Q== X-Forwarded-Encrypted: i=1; AJvYcCXxN3Jdfte1mqjVpR4ZlNnB2uQTE/9FCEUis2fCHzUGR6A/rmJ+CIuIjo1GkEoi57GQh0CdzRezjw==@kvack.org X-Gm-Message-State: AOJu0YzxT8eW00CplHWj3k5xwZPyU7+7EtMnzizv8vgURb00kp0d3YZB jJy041/dOgPetUCehiqONq7tk99PngNwZ11Eo8hZmNMJcCIdl40aaVRNbxmM62eYUij2Wy9FBna Huw66PFar1DW7bPlHXG993Kv3hlOBzU5bjgU= X-Google-Smtp-Source: AGHT+IExpJghYioV548dHA4Vly+YTesctkQRh7Suh3jV5PgqvkuqJWKYh/PFxaOj5DjRa0XLAezNCR3pXRc8LJZOTw8= X-Received: by 2002:a17:906:da83:b0:a99:77f0:51f7 with SMTP id a640c23a62f3a-a99e3e9c139mr665660066b.61.1728888017171; Sun, 13 Oct 2024 23:40:17 -0700 (PDT) MIME-Version: 1.0 References: <670cb562.050a0220.4cbc0.0042.GAE@google.com> In-Reply-To: <670cb562.050a0220.4cbc0.0042.GAE@google.com> From: Sabyrzhan Tasbolatov Date: Mon, 14 Oct 2024 11:40:05 +0500 Message-ID: Subject: Re: [syzbot] [fs?] [mm?] KCSAN: data-race in xas_create / xas_find (8) To: syzbot Cc: akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, willy@infradead.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: DE4251A0011 X-Stat-Signature: 8g7fr3rwa9ogtjb6jortua654kdjqc91 X-Rspam-User: X-HE-Tag: 1728888011-479835 X-HE-Meta: U2FsdGVkX1/T4q66WBD4z7C4fVDviMyxO5OYuo0VMjECQ8M5TO0XwVGACHdIK5naDydVztJBlnMLYczV0SQ9b32IKm6axZZDKYqh4hqwAe5UI/XFZhmycqov8/nlgxByGy1jpZ7BZ6u5iOrV/a8mHELxSGpXP2WpJk7ZPofyrS8LFRAjzelTcA311GImrG+96xpzGHCQxBJLp+f7etgwrXLWLtCThhvUMWsUHazFMHbw3FKPCFSWaMvG+Yc53fnengzcdl5jWccZqJOlJPXsX+x83ezQJ6pJGQ76liwVVybQv5IY8m8PZAGT4cHtKgcVZ8ZHXo9W15uC3Qw+oL8Ya+K8zxnBEkBtTiMWfybvui4k6T3RopNFvBNSsXnYPo2jTh/FJMAbQR5QgACySqsgRk8/KdfAsmkd0A2M+fg9HPefWUQrWBPz6x5MEXAjSeMW9gRpUi2OdinCMoGT5kHeBi5bzlnOT69q9xScMYKRK7zRBvdH0jcVOEM+Fna3bUTN6NstP3P77U9GzGTadQUvm8pP26GIPQr+HiGvQBMJG5k1QGwQb0S0eIWmDTopyusUdtgBiSQF23WhiB+vPCukaH6UVJtDNQ1qM6nEBf17DX8GnzW+MAnRldGCaYPKMZ5cSbcyvTzcbkQeEqjFnGW7pZxEH/TIOwnzrmcmrRJJz7G9N29ZIECfz7+funcavK/Bo7rs8oO9AMguTgUqSXoZVaXs/9egVHA4qCUEaxWNo/iG35aSzPI+koFDTtQ2EoMIDDLbK6uqtwrSOidmfwbrvgSfjYZDp3m3HxIIE3BR5sVqbjRPUNiFP+stmth10mirdMrTT2qC1b2Jd5FDDVgc4tGwWN7EYnKHoVgqhM45OtnyuMNLtAU8ZL1uhLfWz59qbcGPduqd3y1f277/dYs7AyhTWz574kJ85sCiBvO5YZH2cjh1h2c7bNN6MHzFxUBeuB1HDOLpqG6StZPWE6j AN1fWsq9 WbyElog/gUEq1UO87ryWNxZeTj9E8SiruCNSq5pgUf49Qs3sZz//x9pKBwU4mD6s2NbX5pkUVqNEJAKUSEyfTQzIy30TYioz2QHHYzUKdCQKQ+BpPcNT3ksAyU3z8aQaIO5gqT+rxjRvGeXjIn62W1tJXR8T7BIueljyojBf66uPYQQ0oFXaGnuC5Ck1zNZ3u84hFa7odIoWUOcP8wTJBSmAUA7PRsDgZwE7eeoW0BJXMfnUgn6Obi+mYGQMRJmWPNQMJ65Y7aJ998IbOHi/LW4Iv+oVBB+kJJh7N7Yg3/42+FPcy4GOJq7Fwe0XEtCNlYQaYdiQSDmx31+3BWcJddxy10m+qp3O+ncwa/rOSSv2bUaQq04h180tWW1Hzz90TUndHdOvnvOjrkY3EkPAjkjpHCjuK0P/4uRCxcAdPdRQyjn47al0ZM7yKAtGtr8D9qkrreUvJlry7wT7FpTzeZuRYEMtphE47pUGB9RkuwhKN9sEmSwBK7NWQgC7MGGt9o5ynDUWs+2kHbXfPEjFcLILmFni1fePFRGMqjnNIgaW6sasuwiXkxuQyFzc55ZXQagpoZaFFAfbQkaNdw9tWIfp4UtyY/PULv+SM2JGQZ6WOCfL/aKKzyhzVkKqvxf648rxFecQtucT4/KYBAfukGacu4PsyRMOqIAlefF+jtJo4ZcDpFN+e4qpxlbkKCtphj4GWva/i0Y9w964fi+a7YVmHxqmfrbPx3sc4U0Uf8kdaGGsZUNrEporXj+Eff9v9zh2k9dYFmFDOuHkSBFnd9kTREfj13etj+UXFMp7V8hEOAoruqdhVHiGY0RV8VIshJZDqF8bunKLRTI7VU95pW/MzWYEoNGjlo1svNq2pkDykUvKnRS/wLCD8YstYwlOYIrdxN5U7dz0Tfhez2FIJy7yTgcEWNFx5vIL8WymCosIY2ksYpSaVOkmk/mNgmPKf1V1hIf5dskKXytKrff7ni7fpS4bt 8/RLWa9c yThEhrmUM93R5LHmKTvg5Pbmveq0Ng9U072ILmfe+OF0uv+NvLTmOADDkc0Y8BnXpBouv3JMi04iCh/Dn3l+Ynp36nOMDbnHb1/aGSTVw51r7FhY6CBUBkmsl0OUo329C3+d7Y/EiIEhVoKDDtBw8Uh80YQgUmvhwABbTab9qeRjG5+nTGrPHt60l52+JWRHKoOMwrKy9ugb3RE4ay9aEbXZd98pZD7H X-Bogosity: Ham, tests=bogofilter, spamicity=0.000065, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Oct 14, 2024 at 11:08=E2=80=AFAM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 2f91ff27b0ee Merge tag 'sound-6.12-rc2' of git://git.kern= e.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=3D155c879f98000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3D95098faba89c7= 0c9 > dashboard link: https://syzkaller.appspot.com/bug?extid=3Db79be83906cd9ba= b16ff > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Deb= ian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/14933c4ac457/dis= k-2f91ff27.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/6725831fc1a1/vmlinu= x-2f91ff27.xz > kernel image: https://storage.googleapis.com/syzbot-assets/98d64e038e72/b= zImage-2f91ff27.xz > > IMPORTANT: if you fix the issue, please add the following tag to the comm= it: > Reported-by: syzbot+b79be83906cd9bab16ff@syzkaller.appspotmail.com > > loop4: detected capacity change from 0 to 4096 > EXT4-fs: Ignoring removed nobh option > EXT4-fs: Ignoring removed i_version option > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > BUG: KCSAN: data-race in xas_create / xas_find > > write to 0xffff888106819919 of 1 bytes by task 3435 on cpu 0: > xas_expand lib/xarray.c:613 [inline] > xas_create+0x666/0xbd0 lib/xarray.c:654 > xas_store+0x6f/0xc90 lib/xarray.c:788 AFAIU, xas_store() itself, doesn't have a locking mechanism, but is locked in xa_* functions. Example: void *xa_store_range(...) { XA_STATE(xas, xa, 0); ... do { xas_lock(&xas); if (entry) { ... xas_create(&xas, true); } ... unlock: xas_unlock(&xas); } Same thing is for the another racing xas_find() function: void *xa_find(...) { XA_STATE(xas, xa, *indexp); void *entry; rcu_read_lock(); do { if (...) entry =3D xas_find_marked(&xas, max, filter); else entry =3D xas_find(&xas, max); ... rcu_read_unlock(); } In this KCSAN report, xas_create() and xas_find() are racing for `offset` f= ield. > __filemap_add_folio+0x3cc/0x6f0 mm/filemap.c:916 > filemap_add_folio+0x9c/0x1b0 mm/filemap.c:972 > page_cache_ra_unbounded+0x175/0x310 mm/readahead.c:268 > do_page_cache_ra mm/readahead.c:320 [inline] > force_page_cache_ra mm/readahead.c:349 [inline] > page_cache_sync_ra+0x252/0x670 mm/readahead.c:562 > page_cache_sync_readahead include/linux/pagemap.h:1394 [inline] > filemap_get_pages+0x2c1/0x10e0 mm/filemap.c:2547 > filemap_read+0x216/0x680 mm/filemap.c:2645 > blkdev_read_iter+0x20e/0x2c0 block/fops.c:765 > new_sync_read fs/read_write.c:488 [inline] > vfs_read+0x5f6/0x720 fs/read_write.c:569 > ksys_read+0xeb/0x1b0 fs/read_write.c:712 > __do_sys_read fs/read_write.c:722 [inline] > __se_sys_read fs/read_write.c:720 [inline] > __x64_sys_read+0x42/0x50 fs/read_write.c:720 > x64_sys_call+0x27d3/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:= 1 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > read to 0xffff888106819919 of 1 bytes by task 9109 on cpu 1: > xas_find+0x372/0x3f0 lib/xarray.c:1278 > find_get_entry+0x66/0x390 mm/filemap.c:1992 > find_get_entries+0xa4/0x220 mm/filemap.c:2047 > truncate_inode_pages_range+0x4ac/0x6b0 mm/truncate.c:378 > truncate_inode_pages+0x24/0x30 mm/truncate.c:423 > kill_bdev block/bdev.c:91 [inline] > set_blocksize+0x258/0x270 block/bdev.c:173 > sb_set_blocksize block/bdev.c:182 [inline] > sb_min_blocksize+0x63/0xe0 block/bdev.c:198 > ext4_load_super fs/ext4/super.c:4992 [inline] > __ext4_fill_super fs/ext4/super.c:5213 [inline] > ext4_fill_super+0x38b/0x3a10 fs/ext4/super.c:5686 > get_tree_bdev+0x256/0x2e0 fs/super.c:1635 > ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5718 > vfs_get_tree+0x56/0x1e0 fs/super.c:1800 > do_new_mount+0x227/0x690 fs/namespace.c:3507 > path_mount+0x49b/0xb30 fs/namespace.c:3834 > do_mount fs/namespace.c:3847 [inline] > __do_sys_mount fs/namespace.c:4055 [inline] > __se_sys_mount+0x27c/0x2d0 fs/namespace.c:4032 > __x64_sys_mount+0x67/0x80 fs/namespace.c:4032 > x64_sys_call+0x203e/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:= 166 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > value changed: 0x0e -> 0x00 > > Reported by Kernel Concurrency Sanitizer on: > CPU: 1 UID: 0 PID: 9109 Comm: syz.4.1794 Not tainted 6.12.0-rc1-syzkaller= -00257-g2f91ff27b0ee #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 09/13/2024 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 = r/w without journal. Quota mode: writeback. > EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-0000000000= 00. > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup >