syzbot

EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
==================================================================
BUG: KCSAN: data-race in __lru_add_drain_all / folio_add_lru

read-write to 0xffff888237d26668 of 1 bytes by task 12954 on cpu 1:
 folio_batch_add include/linux/pagevec.h:77 [inline]
 __folio_batch_add_and_move mm/swap.c:194 [inline]
 folio_add_lru+0xa4/0x1e0 mm/swap.c:511
 folio_add_lru_vma+0x49/0x70 mm/swap.c:530
 do_anonymous_page mm/memory.c:5313 [inline]
 do_pte_missing mm/memory.c:4475 [inline]
 handle_pte_fault mm/memory.c:6317 [inline]
 __handle_mm_fault mm/memory.c:6455 [inline]
 handle_mm_fault+0x2c31/0x3020 mm/memory.c:6624
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x1023/0x1ea0 mm/gup.c:1428
 __get_user_pages_locked mm/gup.c:1692 [inline]
 __gup_longterm_locked+0x2fa/0xe30 mm/gup.c:2481
 gup_fast_fallback+0x1f3/0x13c0 mm/gup.c:3209
 pin_user_pages_fast+0x5f/0x90 mm/gup.c:3315
 io_pin_pages+0xba/0x170 io_uring/memmap.c:63
 io_region_pin_pages+0x58/0xf0 io_uring/memmap.c:141
 io_create_region+0x2c4/0x330 io_uring/memmap.c:218
 io_allocate_scq_urings+0x125/0x3f0 io_uring/io_uring.c:2706
 io_uring_create+0x30a/0x510 io_uring/io_uring.c:3009
 io_uring_setup io_uring/io_uring.c:3079 [inline]
 __do_sys_io_uring_setup io_uring/io_uring.c:3113 [inline]
 __se_sys_io_uring_setup+0x1cb/0x1e0 io_uring/io_uring.c:3104
 __x64_sys_io_uring_setup+0x31/0x40 io_uring/io_uring.c:3104
 x64_sys_call+0x2962/0x3020 arch/x86/include/generated/asm/syscalls_64.h:426
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888237d26668 of 1 bytes by task 12148 on cpu 0:
 folio_batch_count include/linux/pagevec.h:56 [inline]
 cpu_needs_drain mm/swap.c:780 [inline]
 __lru_add_drain_all+0x17e/0x450 mm/swap.c:877
 lru_add_drain_all+0x10/0x20 mm/swap.c:893
 invalidate_bdev+0x47/0x70 block/bdev.c:101
 ext4_put_super+0x610/0x7b0 fs/ext4/super.c:1349
 generic_shutdown_super+0xee/0x220 fs/super.c:646
 kill_block_super+0x2a/0x70 fs/super.c:1725
 ext4_kill_sb+0x42/0x80 fs/ext4/super.c:7484
 deactivate_locked_super+0x75/0x1c0 fs/super.c:476
 deactivate_super+0x97/0xa0 fs/super.c:509
 cleanup_mnt+0x2bb/0x330 fs/namespace.c:1312
 __cleanup_mnt+0x19/0x20 fs/namespace.c:1319
 task_work_run+0x130/0x1a0 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x1f4/0x6f0 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
 do_syscall_64+0x249/0x370 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x1a -> 0x1f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 12148 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
==================================================================