[syzbot] [fs?] [mm?] KCSAN: data-race in xas_create / xas_find (8)

[syzbot <syzbot+b79be83906cd9bab16ff@syzkaller.appspotmail.com>]

Hello,

syzbot found the following issue on:

HEAD commit:    2f91ff27b0ee Merge tag 'sound-6.12-rc2' of git://git.kerne..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=155c879f980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=95098faba89c70c9
dashboard link: https://syzkaller.appspot.com/bug?extid=b79be83906cd9bab16ff
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/14933c4ac457/disk-2f91ff27.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6725831fc1a1/vmlinux-2f91ff27.xz
kernel image: https://storage.googleapis.com/syzbot-assets/98d64e038e72/bzImage-2f91ff27.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b79be83906cd9bab16ff@syzkaller.appspotmail.com

loop4: detected capacity change from 0 to 4096
EXT4-fs: Ignoring removed nobh option
EXT4-fs: Ignoring removed i_version option
==================================================================
BUG: KCSAN: data-race in xas_create / xas_find

write to 0xffff888106819919 of 1 bytes by task 3435 on cpu 0:
 xas_expand lib/xarray.c:613 [inline]
 xas_create+0x666/0xbd0 lib/xarray.c:654
 xas_store+0x6f/0xc90 lib/xarray.c:788
 __filemap_add_folio+0x3cc/0x6f0 mm/filemap.c:916
 filemap_add_folio+0x9c/0x1b0 mm/filemap.c:972
 page_cache_ra_unbounded+0x175/0x310 mm/readahead.c:268
 do_page_cache_ra mm/readahead.c:320 [inline]
 force_page_cache_ra mm/readahead.c:349 [inline]
 page_cache_sync_ra+0x252/0x670 mm/readahead.c:562
 page_cache_sync_readahead include/linux/pagemap.h:1394 [inline]
 filemap_get_pages+0x2c1/0x10e0 mm/filemap.c:2547
 filemap_read+0x216/0x680 mm/filemap.c:2645
 blkdev_read_iter+0x20e/0x2c0 block/fops.c:765
 new_sync_read fs/read_write.c:488 [inline]
 vfs_read+0x5f6/0x720 fs/read_write.c:569
 ksys_read+0xeb/0x1b0 fs/read_write.c:712
 __do_sys_read fs/read_write.c:722 [inline]
 __se_sys_read fs/read_write.c:720 [inline]
 __x64_sys_read+0x42/0x50 fs/read_write.c:720
 x64_sys_call+0x27d3/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888106819919 of 1 bytes by task 9109 on cpu 1:
 xas_find+0x372/0x3f0 lib/xarray.c:1278
 find_get_entry+0x66/0x390 mm/filemap.c:1992
 find_get_entries+0xa4/0x220 mm/filemap.c:2047
 truncate_inode_pages_range+0x4ac/0x6b0 mm/truncate.c:378
 truncate_inode_pages+0x24/0x30 mm/truncate.c:423
 kill_bdev block/bdev.c:91 [inline]
 set_blocksize+0x258/0x270 block/bdev.c:173
 sb_set_blocksize block/bdev.c:182 [inline]
 sb_min_blocksize+0x63/0xe0 block/bdev.c:198
 ext4_load_super fs/ext4/super.c:4992 [inline]
 __ext4_fill_super fs/ext4/super.c:5213 [inline]
 ext4_fill_super+0x38b/0x3a10 fs/ext4/super.c:5686
 get_tree_bdev+0x256/0x2e0 fs/super.c:1635
 ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5718
 vfs_get_tree+0x56/0x1e0 fs/super.c:1800
 do_new_mount+0x227/0x690 fs/namespace.c:3507
 path_mount+0x49b/0xb30 fs/namespace.c:3834
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x27c/0x2d0 fs/namespace.c:4032
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4032
 x64_sys_call+0x203e/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0e -> 0x00

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9109 Comm: syz.4.1794 Not tainted 6.12.0-rc1-syzkaller-00257-g2f91ff27b0ee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
==================================================================
EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup