syzbot

EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
==================================================================
BUG: KCSAN: data-race in __lru_add_drain_all / folio_add_lru_vma

read-write to 0xffff888237c2ac08 of 1 bytes by task 4568 on cpu 0:
 folio_batch_add include/linux/pagevec.h:77 [inline]
 folio_batch_add_and_move mm/swap.c:246 [inline]
 folio_add_lru mm/swap.c:532 [inline]
 folio_add_lru_vma+0x74/0x170 mm/swap.c:552
 wp_page_copy mm/memory.c:3331 [inline]
 do_wp_page+0x1556/0x1e70 mm/memory.c:3660
 handle_pte_fault mm/memory.c:5316 [inline]
 __handle_mm_fault mm/memory.c:5441 [inline]
 handle_mm_fault+0xb7f/0x27e0 mm/memory.c:5606
 do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x2f5/0x6d0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
 rep_movs_alternative+0x4a/0x70 arch/x86/lib/copy_user_64.S:65
 copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:131 [inline]
 copy_to_user_iter lib/iov_iter.c:25 [inline]
 iterate_iovec include/linux/iov_iter.h:51 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:247 [inline]
 iterate_and_advance include/linux/iov_iter.h:271 [inline]
 _copy_to_iter+0x2c5/0xaf0 lib/iov_iter.c:185
 copy_page_to_iter+0x171/0x2b0 lib/iov_iter.c:362
 process_vm_rw_pages mm/process_vm_access.c:45 [inline]
 process_vm_rw_single_vec mm/process_vm_access.c:118 [inline]
 process_vm_rw_core mm/process_vm_access.c:216 [inline]
 process_vm_rw+0x5f0/0x8c0 mm/process_vm_access.c:284
 __do_sys_process_vm_readv mm/process_vm_access.c:296 [inline]
 __se_sys_process_vm_readv mm/process_vm_access.c:292 [inline]
 __x64_sys_process_vm_readv+0x7a/0x90 mm/process_vm_access.c:292
 x64_sys_call+0x1a7/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:311
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888237c2ac08 of 1 bytes by task 3113 on cpu 1:
 folio_batch_count include/linux/pagevec.h:56 [inline]
 cpu_needs_drain mm/swap.c:810 [inline]
 __lru_add_drain_all+0x137/0x420 mm/swap.c:904
 lru_add_drain_all+0x10/0x20 mm/swap.c:920
 invalidate_bdev+0x54/0x80 block/bdev.c:95
 ext4_put_super+0x51b/0x7e0 fs/ext4/super.c:1361
 generic_shutdown_super+0xde/0x210 fs/super.c:641
 kill_block_super+0x2a/0x70 fs/super.c:1675
 ext4_kill_sb+0x44/0x80 fs/ext4/super.c:7327
 deactivate_locked_super+0x7d/0x1c0 fs/super.c:472
 deactivate_super+0x9f/0xb0 fs/super.c:505
 cleanup_mnt+0x272/0x2e0 fs/namespace.c:1267
 __cleanup_mnt+0x19/0x20 fs/namespace.c:1274
 task_work_run+0x13a/0x1a0 kernel/task_work.c:180
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xbe/0x130 kernel/entry/common.c:218
 do_syscall_64+0xda/0x1d0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0e -> 0x11

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 3113 Comm: syz-executor.4 Not tainted 6.9.0-rc6-syzkaller-00232-gddb4c3f25b7b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================