syzbot


KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (9)

Status: auto-closed as invalid on 2021/12/17 02:26
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 335d, last: 326d
similar bugs (8):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (4) 1 885d 885d 0/24 auto-closed as invalid on 2020/06/18 13:13
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (5) 3 738d 795d 0/24 auto-closed as invalid on 2020/10/30 13:53
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (6) 1 688d 665d 0/24 auto-closed as invalid on 2020/12/21 12:01
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (3) 5 978d 1065d 0/24 auto-closed as invalid on 2020/04/09 02:07
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (8) 6 493d 541d 0/24 auto-closed as invalid on 2021/07/03 03:54
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (2) 1 1084d 1084d 0/24 closed as invalid on 2019/10/18 14:11
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent 60 1084d 1095d 0/24 closed as invalid on 2019/10/15 15:50
upstream KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent (7) 2 627d 648d 0/24 auto-closed as invalid on 2021/02/19 02:54

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent

read to 0xffff888105b57098 of 8 bytes by task 11794 on cpu 0:
 ext4_es_lookup_extent+0x2a8/0x500 fs/ext4/extents_status.c:966
 ext4_map_blocks+0x10e/0xf00 fs/ext4/inode.c:529
 ext4_iomap_begin+0x17b/0x630 fs/ext4/inode.c:3417
 iomap_iter+0x395/0x4a0 fs/iomap/iter.c:74
 __iomap_dio_rw+0xb78/0x1070 fs/iomap/direct-io.c:588
 iomap_dio_rw+0x38/0x80 fs/iomap/direct-io.c:679
 ext4_dio_read_iter fs/ext4/file.c:77 [inline]
 ext4_file_read_iter+0x21d/0x290 fs/ext4/file.c:128
 call_read_iter include/linux/fs.h:2156 [inline]
 generic_file_splice_read+0x24f/0x330 fs/splice.c:311
 do_splice_to fs/splice.c:796 [inline]
 splice_direct_to_actor+0x2aa/0x650 fs/splice.c:870
 do_splice_direct+0x106/0x190 fs/splice.c:979
 do_sendfile+0x675/0xc40 fs/read_write.c:1245
 __do_sys_sendfile64 fs/read_write.c:1310 [inline]
 __se_sys_sendfile64 fs/read_write.c:1296 [inline]
 __x64_sys_sendfile64+0x102/0x140 fs/read_write.c:1296
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

write to 0xffff888105b57098 of 8 bytes by task 11793 on cpu 1:
 ext4_es_set_referenced fs/ext4/extents_status.h:194 [inline]
 ext4_es_lookup_extent+0x2f7/0x500 fs/ext4/extents_status.c:968
 ext4_map_blocks+0x10e/0xf00 fs/ext4/inode.c:529
 ext4_mpage_readpages+0x583/0x1080 fs/ext4/readpage.c:304
 ext4_readahead+0x99/0xa0 fs/ext4/inode.c:3199
 read_pages+0xba/0x5f0 mm/readahead.c:129
 page_cache_ra_unbounded+0x3d2/0x430 mm/readahead.c:238
 ondemand_readahead+0x4f8/0x700
 page_cache_sync_ra+0xaf/0xe0 mm/readahead.c:579
 page_cache_sync_readahead include/linux/pagemap.h:980 [inline]
 filemap_get_pages mm/filemap.c:2556 [inline]
 filemap_read+0x3eb/0x16d0 mm/filemap.c:2642
 generic_file_read_iter+0x72/0x2a0 mm/filemap.c:2792
 ext4_file_read_iter+0x1db/0x290
 call_read_iter include/linux/fs.h:2156 [inline]
 generic_file_splice_read+0x24f/0x330 fs/splice.c:311
 do_splice_to fs/splice.c:796 [inline]
 splice_direct_to_actor+0x2aa/0x650 fs/splice.c:870
 do_splice_direct+0x106/0x190 fs/splice.c:979
 do_sendfile+0x675/0xc40 fs/read_write.c:1245
 __do_sys_sendfile64 fs/read_write.c:1310 [inline]
 __se_sys_sendfile64 fs/read_write.c:1296 [inline]
 __x64_sys_sendfile64+0x102/0x140 fs/read_write.c:1296
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0800000000016588 -> 0x8800000000016588

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 11793 Comm: syz-executor.2 Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/11/12 02:20 upstream ca2ef2d9f2aa 75b04091 .config log report info KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent
ci2-upstream-kcsan-gce 2021/11/11 01:23 upstream 89d714ab6043 75b04091 .config log report info KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent
ci2-upstream-kcsan-gce 2021/11/02 12:17 upstream bfc484fe6abb 098b5d53 .config log report info KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent
ci2-upstream-kcsan-gce 2021/11/02 09:58 upstream e66435936756 098b5d53 .config log report info KCSAN: data-race in ext4_es_lookup_extent / ext4_es_lookup_extent
* Struck through repros no longer work on HEAD.