kworker/u8:6: attempt to access beyond end of device loop4: rw=1048577, sector=3912, nr_sectors = 2048 limit=256 ================================================================== BUG: KCSAN: data-race in __wb_writeout_add / writeout_period write to 0xffffffff88bdcdf0 of 8 bytes by interrupt on cpu 0: writeout_period+0xa6/0xe0 mm/page-writeback.c:638 call_timer_fn+0x3a/0x300 kernel/time/timer.c:1794 expire_timers kernel/time/timer.c:1845 [inline] __run_timers kernel/time/timer.c:2419 [inline] __run_timer_base+0x417/0x640 kernel/time/timer.c:2430 run_timer_base kernel/time/timer.c:2439 [inline] run_timer_softirq+0x45/0x70 kernel/time/timer.c:2450 handle_softirqs+0xbf/0x280 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0x3e/0x90 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline] sysvec_apic_timer_interrupt+0x73/0x80 arch/x86/kernel/apic/apic.c:1037 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:94 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0x3d/0x60 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] pcpu_alloc_noprof+0x77a/0x10c0 mm/percpu.c:1867 ipv4_mib_init_net+0x6f/0x340 net/ipv4/af_inet.c:1729 ops_init+0x1c9/0x260 net/core/net_namespace.c:139 setup_net+0x14d/0x600 net/core/net_namespace.c:356 copy_net_ns+0x290/0x430 net/core/net_namespace.c:494 create_new_namespaces+0x228/0x430 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xe6/0x120 kernel/nsproxy.c:228 ksys_unshare+0x3c9/0x6e0 kernel/fork.c:3311 __do_sys_unshare kernel/fork.c:3382 [inline] __se_sys_unshare kernel/fork.c:3380 [inline] __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3380 x64_sys_call+0x2c8d/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:273 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffffffff88bdcdf0 of 8 bytes by task 740 on cpu 1: wb_domain_writeout_add mm/page-writeback.c:587 [inline] __wb_writeout_add+0x83/0x1d0 mm/page-writeback.c:608 __folio_end_writeback+0x215/0x4a0 mm/page-writeback.c:3091 folio_end_writeback+0x74/0x1f0 mm/filemap.c:1634 mpage_write_end_io+0x27c/0x390 fs/mpage.c:65 bio_endio+0x369/0x410 block/bio.c:1708 submit_bio_noacct+0x61f/0x9a0 block/blk-core.c:861 submit_bio+0x218/0x230 block/blk-core.c:896 mpage_bio_submit_write fs/mpage.c:83 [inline] __mpage_writepage+0x978/0xe10 fs/mpage.c:612 write_cache_pages+0x62/0x100 mm/page-writeback.c:2640 mpage_writepages+0x72/0xf0 fs/mpage.c:666 fat_writepages+0x24/0x30 fs/fat/inode.c:199 do_writepages+0x1d8/0x480 mm/page-writeback.c:2683 __writeback_single_inode+0x89/0x850 fs/fs-writeback.c:1658 writeback_sb_inodes+0x461/0xa30 fs/fs-writeback.c:1954 __writeback_inodes_wb+0x9a/0x1a0 fs/fs-writeback.c:2025 wb_writeback+0x274/0x640 fs/fs-writeback.c:2136 wb_check_background_flush fs/fs-writeback.c:2206 [inline] wb_do_writeback fs/fs-writeback.c:2294 [inline] wb_workfn+0x67f/0x940 fs/fs-writeback.c:2321 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391 kthread+0x1d1/0x210 kernel/kthread.c:389 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 value changed: 0x00000000ffffdf74 -> 0x00000000ffffe0a0 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 740 Comm: kworker/u8:6 Tainted: G W 6.12.0-rc1-syzkaller-00257-g2f91ff27b0ee #0 Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: writeback wb_workfn (flush-7:4) ================================================================== kworker/u8:6: attempt to access beyond end of device loop4: rw=1048577, sector=5960, nr_sectors = 2048 limit=256 kworker/u8:6: attempt to access beyond end of device loop4: rw=1048577, sector=8008, nr_sectors = 1440 limit=256