syzbot

 sign-in | mailing list | source | docs
🐞 Open [1609]
Subsystems
🐞 Fixed [6290]
🐞 Invalid [16015]
Missing Backports [190]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic

Status: moderation: reported on 2025/06/04 17:43
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+27d06913c9600f11dfed@syzkaller.appspotmail.com
First crash: 10d, last: 1d12h

Sample crash report:
==================================================================
BUG: KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic

write to 0xffff88810789a3da of 2 bytes by task 3886 on cpu 1:
 memcpy_from_iter lib/iov_iter.c:73 [inline]
 iterate_bvec include/linux/iov_iter.h:123 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:304 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 __copy_from_iter lib/iov_iter.c:249 [inline]
 copy_folio_from_iter_atomic+0x7fc/0x1170 lib/iov_iter.c:479
 generic_perform_write+0x2c2/0x490 mm/filemap.c:4130
 __generic_file_write_iter+0x9e/0x120 mm/filemap.c:4229
 generic_file_write_iter+0x8d/0x2f0 mm/filemap.c:4255
 iter_file_splice_write+0x5f2/0x970 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0x153/0x2a0 fs/splice.c:1158
 splice_direct_to_actor+0x30f/0x680 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1227
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0xb39/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810789a200 of 512 bytes by task 377 on cpu 0:
 memcpy_from_iter lib/iov_iter.c:73 [inline]
 iterate_bvec include/linux/iov_iter.h:123 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:304 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 __copy_from_iter lib/iov_iter.c:249 [inline]
 copy_folio_from_iter_atomic+0x7fc/0x1170 lib/iov_iter.c:479
 generic_perform_write+0x2c2/0x490 mm/filemap.c:4130
 shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3463
 lo_rw_aio+0x6ea/0x7a0 include/linux/fs.h:-1
 do_req_filebacked drivers/block/loop.c:-1 [inline]
 loop_handle_cmd drivers/block/loop.c:1890 [inline]
 loop_process_work+0x52d/0xa60 drivers/block/loop.c:1925
 loop_workfn+0x31/0x40 drivers/block/loop.c:1949
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 377 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: loop2 loop_workfn
==================================================================

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/14 00:26 upstream 02adc1490e6d 0e8da31f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/10 22:25 upstream aef17cb3d3c4 5d7e17ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/10 07:56 upstream f09079bd04a9 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/09 09:19 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/07 23:49 upstream 5b032cac6225 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/07 23:48 upstream 5b032cac6225 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/07 02:45 upstream c0c9379f235d 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/06 21:59 upstream c0c9379f235d 9fa58bba .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/04 23:36 upstream 1af80d00e1e0 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
2025/06/04 17:42 upstream 1af80d00e1e0 e565f08d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic
* Struck through repros no longer work on HEAD.