EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.641: bg 0: block 40: padding at end of block bitmap is not set
EXT4-fs (loop1): Remounting filesystem read-only
EXT4-fs (loop1): 1 truncate cleaned up
SELinux: (dev loop1, type ext4) getxattr errno 5
==================================================================
BUG: KCSAN: data-race in __lru_add_drain_all / folios_put_refs

write to 0xffff888237c2a928 of 1 bytes by task 5440 on cpu 0:
 folio_batch_reinit include/linux/pagevec.h:50 [inline]
 folios_put_refs+0x26d/0x2b0 mm/swap.c:988
 folios_put include/linux/mm.h:1548 [inline]
 folio_batch_move_lru+0x202/0x230 mm/swap.c:175
 __folio_batch_add_and_move mm/swap.c:196 [inline]
 folio_add_lru+0x145/0x1f0 mm/swap.c:505
 folio_add_lru_vma+0x48/0x60 mm/swap.c:524
 wp_page_copy mm/memory.c:3503 [inline]
 do_wp_page+0x17a2/0x2340 mm/memory.c:3827
 handle_pte_fault mm/memory.c:5905 [inline]
 __handle_mm_fault mm/memory.c:6032 [inline]
 handle_mm_fault+0xc63/0x2ac0 mm/memory.c:6201
 do_user_addr_fault arch/x86/mm/fault.c:1388 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x296/0x650 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
 rep_movs_alternative+0x4a/0x70 arch/x86/lib/copy_user_64.S:65
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 copy_to_user_iter lib/iov_iter.c:25 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:300 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 _copy_to_iter+0x141/0xd00 lib/iov_iter.c:185
 copy_to_iter include/linux/uio.h:220 [inline]
 simple_copy_to_iter net/core/datagram.c:524 [inline]
 __skb_datagram_iter+0xc8/0x610 net/core/datagram.c:401
 skb_copy_datagram_iter+0x41/0x130 net/core/datagram.c:538
 skb_copy_datagram_msg include/linux/skbuff.h:4144 [inline]
 tipc_recvstream+0x2df/0x7e0 net/tipc/socket.c:2067
 sock_recvmsg_nosec net/socket.c:1023 [inline]
 sock_recvmsg+0x13f/0x170 net/socket.c:1045
 ____sys_recvmsg+0xf9/0x280 net/socket.c:2793
 ___sys_recvmsg net/socket.c:2835 [inline]
 __sys_recvmsg+0x1c0/0x260 net/socket.c:2868
 __do_sys_recvmsg net/socket.c:2874 [inline]
 __se_sys_recvmsg net/socket.c:2871 [inline]
 __x64_sys_recvmsg+0x46/0x50 net/socket.c:2871
 x64_sys_call+0xc64/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:48
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888237c2a928 of 1 bytes by task 5419 on cpu 1:
 folio_batch_count include/linux/pagevec.h:56 [inline]
 cpu_needs_drain mm/swap.c:773 [inline]
 __lru_add_drain_all+0x136/0x3f0 mm/swap.c:867
 lru_add_drain_all+0x10/0x20 mm/swap.c:883
 invalidate_bdev+0x47/0x70 block/bdev.c:101
 ext4_put_super+0x571/0x810 fs/ext4/super.c:1356
 generic_shutdown_super+0xe5/0x220 fs/super.c:642
 kill_block_super+0x2a/0x70 fs/super.c:1710
 ext4_kill_sb+0x44/0x80 fs/ext4/super.c:7368
 deactivate_locked_super+0x7d/0x1c0 fs/super.c:473
 fc_drop_locked+0x50/0x60 fs/fs_context.c:379
 vfs_get_tree+0x160/0x1e0 fs/super.c:1841
 do_new_mount+0x227/0x690 fs/namespace.c:3560
 path_mount+0x49b/0xb30 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount+0x27f/0x2d0 fs/namespace.c:4088
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4088
 x64_sys_call+0x2c84/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x1f -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5419 Comm: syz.1.641 Not tainted 6.14.0-rc3-syzkaller-00060-g6537cfb395f3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
==================================================================