syzbot

 sign-in | mailing list | source | docs
🐞 Open [1048] Subsystems 🐞 Fixed [5280] 🐞 Invalid [12613] Missing Backports [88] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in ondemand_readahead / read_pages (3)

Status: moderation: reported on 2024/04/28 14:14
Subsystems: fs mm
[Documentation on labels]
Reported-by: syzbot+f12141c8cf8742e5060e@syzkaller.appspotmail.com
First crash: 14d, last: 8d04h
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ondemand_readahead / read_pages (2) fs mm 1 86d 86d 0/26 auto-obsoleted due to no activity on 2024/03/23 09:55
upstream KCSAN: data-race in ondemand_readahead / read_pages fs mm 42 146d 156d 0/26 auto-obsoleted due to no activity on 2024/01/23 07:51

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ondemand_readahead / read_pages

read to 0xffff8881136f1e84 of 4 bytes by task 19950 on cpu 0:
 ondemand_readahead+0x15d/0x6c0 mm/readahead.c:573
 page_cache_sync_ra+0xe0/0xf0 mm/readahead.c:688
 page_cache_sync_readahead include/linux/pagemap.h:1300 [inline]
 filemap_get_pages+0x252/0xfb0 mm/filemap.c:2505
 filemap_splice_read+0x360/0x920 mm/filemap.c:2870
 ext4_file_splice_read+0x95/0xc0 fs/ext4/file.c:158
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x26c/0x670 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 x64_sys_call+0x2c67/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff8881136f1e84 of 4 bytes by task 19954 on cpu 1:
 read_pages+0x287/0x540 mm/readahead.c:172
 page_cache_ra_unbounded+0x225/0x2e0
 do_page_cache_ra mm/readahead.c:299 [inline]
 page_cache_ra_order mm/readahead.c:539 [inline]
 ondemand_readahead+0x549/0x6c0 mm/readahead.c:661
 page_cache_sync_ra+0xe0/0xf0 mm/readahead.c:688
 page_cache_sync_readahead include/linux/pagemap.h:1300 [inline]
 filemap_get_pages+0x252/0xfb0 mm/filemap.c:2505
 filemap_splice_read+0x360/0x920 mm/filemap.c:2870
 ext4_file_splice_read+0x95/0xc0 fs/ext4/file.c:158
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x26c/0x670 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 x64_sys_call+0x2c67/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000007 -> 0x00000015

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19954 Comm: syz-executor.2 Tainted: G        W          6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================
==================================================================
BUG: KCSAN: data-race in filemap_splice_read / filemap_splice_read

write to 0xffff8881136f1e90 of 8 bytes by task 19950 on cpu 0:
 filemap_splice_read+0x6cc/0x920 mm/filemap.c:2916
 ext4_file_splice_read+0x95/0xc0 fs/ext4/file.c:158
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x26c/0x670 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 x64_sys_call+0x2c67/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff8881136f1e90 of 8 bytes by task 19954 on cpu 1:
 filemap_splice_read+0x6cc/0x920 mm/filemap.c:2916
 ext4_file_splice_read+0x95/0xc0 fs/ext4/file.c:158
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x26c/0x670 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 x64_sys_call+0x2c67/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000a19000 -> 0x0000000000a20000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19954 Comm: syz-executor.2 Tainted: G        W          6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================
==================================================================
BUG: KCSAN: data-race in read_pages / read_pages

read-write to 0xffff8881136f1e80 of 4 bytes by task 19950 on cpu 1:
 read_pages+0x23f/0x540 mm/readahead.c:170
 page_cache_ra_unbounded+0x225/0x2e0
 do_page_cache_ra mm/readahead.c:299 [inline]
 page_cache_ra_order mm/readahead.c:539 [inline]
 ondemand_readahead+0x549/0x6c0 mm/readahead.c:661
 page_cache_sync_ra+0xe0/0xf0 mm/readahead.c:688
 page_cache_sync_readahead include/linux/pagemap.h:1300 [inline]
 filemap_get_pages+0x252/0xfb0 mm/filemap.c:2505
 filemap_splice_read+0x360/0x920 mm/filemap.c:2870
 ext4_file_splice_read+0x95/0xc0 fs/ext4/file.c:158
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x26c/0x670 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 x64_sys_call+0x2c67/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read-write to 0xffff8881136f1e80 of 4 bytes by task 19954 on cpu 0:
 read_pages+0x23f/0x540 mm/readahead.c:170
 page_cache_ra_unbounded+0x2a4/0x2e0 mm/readahead.c:269
 do_page_cache_ra mm/readahead.c:299 [inline]
 page_cache_ra_order mm/readahead.c:539 [inline]
 ondemand_readahead+0x549/0x6c0 mm/readahead.c:661
 page_cache_sync_ra+0xe0/0xf0 mm/readahead.c:688
 page_cache_sync_readahead include/linux/pagemap.h:1300 [inline]
 filemap_get_pages+0x252/0xfb0 mm/filemap.c:2505
 filemap_splice_read+0x360/0x920 mm/filemap.c:2870
 ext4_file_splice_read+0x95/0xc0 fs/ext4/file.c:158
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x26c/0x670 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 x64_sys_call+0x2c67/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000e -> 0xfffffff8

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 19954 Comm: syz-executor.2 Tainted: G        W          6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/05 07:05 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ondemand_readahead / read_pages
2024/04/28 14:13 upstream 2c8159388952 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ondemand_readahead / read_pages
* Struck through repros no longer work on HEAD.