Linux filesystem development
 help / color / mirror / Atom feed
* [syzbot] [exfat?] KCSAN: data-race in copy_folio_from_iter_atomic / fat12_ent_put (5)
@ 2026-07-03  0:49 syzbot
  2026-07-03  5:51 ` OGAWA Hirofumi
  0 siblings, 1 reply; 2+ messages in thread
From: syzbot @ 2026-07-03  0:49 UTC (permalink / raw)
  To: hirofumi, linkinjeon, linux-fsdevel, linux-kernel, sj1557.seo,
	syzkaller-bugs

Hello,

syzbot found the following issue on:

HEAD commit:    665159e24674 Merge tag 'probes-fixes-v7.2-rc1' of git://gi..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1484b146580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=84b3039e8461eef5
dashboard link: https://syzkaller.appspot.com/bug?extid=e9aa2f4bc3623d1be5cf
compiler:       Debian clang version 22.1.8 (++20260613092233+e80beda6e255-1~exp1~20260613092250.77), Debian LLD 22.1.8

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/31c1c90dee17/disk-665159e2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d073e04a63f4/vmlinux-665159e2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0421e67defd8/bzImage-665159e2.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e9aa2f4bc3623d1be5cf@syzkaller.appspotmail.com

==================================================================
BUG: KCSAN: data-race in copy_folio_from_iter_atomic / fat12_ent_put

write to 0xffff888121f76082 of 1 bytes by task 6014 on cpu 1:
 fat12_ent_put+0x74/0x180 fs/fat/fatent.c:168
 fat_alloc_clusters+0x55e/0xc40 fs/fat/fatent.c:508
 fat_add_cluster fs/fat/inode.c:108 [inline]
 __fat_get_block fs/fat/inode.c:155 [inline]
 fat_get_block+0x252/0x5e0 fs/fat/inode.c:190
 __block_write_begin_int+0x400/0xf90 fs/buffer.c:2123
 block_write_begin fs/buffer.c:2234 [inline]
 cont_write_begin+0x5bf/0x920 fs/buffer.c:2596
 fat_write_begin+0x52/0xe0 fs/fat/inode.c:230
 cont_expand_zero fs/buffer.c:2524 [inline]
 cont_write_begin+0x18d/0x920 fs/buffer.c:2586
 fat_write_begin+0x52/0xe0 fs/fat/inode.c:230
 generic_cont_expand_simple+0xb0/0x150 fs/buffer.c:2487
 fat_cont_expand+0x3e/0x170 fs/fat/file.c:227
 fat_fallocate+0x177/0x1c0 fs/fat/file.c:305
 vfs_fallocate+0x3ac/0x400 fs/open.c:338
 ksys_fallocate fs/open.c:362 [inline]
 __do_sys_fallocate fs/open.c:367 [inline]
 __se_sys_fallocate fs/open.c:365 [inline]
 __x64_sys_fallocate+0x7a/0xd0 fs/open.c:365
 x64_sys_call+0x298e/0x3020 arch/x86/include/generated/asm/syscalls_64.h:286
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888121f76000 of 512 bytes by task 49 on cpu 0:
 memcpy_from_iter lib/iov_iter.c:85 [inline]
 iterate_bvec include/linux/iov_iter.h:123 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:306 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 __copy_from_iter lib/iov_iter.c:261 [inline]
 copy_folio_from_iter_atomic+0x728/0x10a0 lib/iov_iter.c:491
 generic_perform_write+0x2c4/0x490 mm/filemap.c:4376
 shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3414
 lo_rw_aio+0x6a9/0x760 drivers/block/loop.c:-1
 do_req_filebacked drivers/block/loop.c:-1 [inline]
 loop_handle_cmd drivers/block/loop.c:1921 [inline]
 loop_process_work+0x567/0xac0 drivers/block/loop.c:1956
 loop_workfn+0x31/0x40 drivers/block/loop.c:1980
 process_one_work kernel/workqueue.c:3322 [inline]
 process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
 worker_thread+0x569/0x750 kernel/workqueue.c:3486
 kthread+0x221/0x270 kernel/kthread.c:436
 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: loop6 loop_workfn
==================================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [syzbot] [exfat?] KCSAN: data-race in copy_folio_from_iter_atomic / fat12_ent_put (5)
  2026-07-03  0:49 [syzbot] [exfat?] KCSAN: data-race in copy_folio_from_iter_atomic / fat12_ent_put (5) syzbot
@ 2026-07-03  5:51 ` OGAWA Hirofumi
  0 siblings, 0 replies; 2+ messages in thread
From: OGAWA Hirofumi @ 2026-07-03  5:51 UTC (permalink / raw)
  To: syzbot; +Cc: linkinjeon, linux-fsdevel, linux-kernel, sj1557.seo,
	syzkaller-bugs

syzbot <syzbot+e9aa2f4bc3623d1be5cf@syzkaller.appspotmail.com> writes:

> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    665159e24674 Merge tag 'probes-fixes-v7.2-rc1' of git://gi..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1484b146580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=84b3039e8461eef5
> dashboard link: https://syzkaller.appspot.com/bug?extid=e9aa2f4bc3623d1be5cf
> compiler:       Debian clang version 22.1.8 (++20260613092233+e80beda6e255-1~exp1~20260613092250.77), Debian LLD 22.1.8
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/31c1c90dee17/disk-665159e2.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/d073e04a63f4/vmlinux-665159e2.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/0421e67defd8/bzImage-665159e2.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+e9aa2f4bc3623d1be5cf@syzkaller.appspotmail.com

Quick look though, this looks like the temporary state that will be
fixed later. The loop copies from req buffer while fat modifying, but
fat is dirtied after this, and rewrite with complete data later.

Thanks.

> ==================================================================
> BUG: KCSAN: data-race in copy_folio_from_iter_atomic / fat12_ent_put
>
> write to 0xffff888121f76082 of 1 bytes by task 6014 on cpu 1:
>  fat12_ent_put+0x74/0x180 fs/fat/fatent.c:168
>  fat_alloc_clusters+0x55e/0xc40 fs/fat/fatent.c:508
>  fat_add_cluster fs/fat/inode.c:108 [inline]
>  __fat_get_block fs/fat/inode.c:155 [inline]
>  fat_get_block+0x252/0x5e0 fs/fat/inode.c:190
>  __block_write_begin_int+0x400/0xf90 fs/buffer.c:2123
>  block_write_begin fs/buffer.c:2234 [inline]
>  cont_write_begin+0x5bf/0x920 fs/buffer.c:2596
>  fat_write_begin+0x52/0xe0 fs/fat/inode.c:230
>  cont_expand_zero fs/buffer.c:2524 [inline]
>  cont_write_begin+0x18d/0x920 fs/buffer.c:2586
>  fat_write_begin+0x52/0xe0 fs/fat/inode.c:230
>  generic_cont_expand_simple+0xb0/0x150 fs/buffer.c:2487
>  fat_cont_expand+0x3e/0x170 fs/fat/file.c:227
>  fat_fallocate+0x177/0x1c0 fs/fat/file.c:305
>  vfs_fallocate+0x3ac/0x400 fs/open.c:338
>  ksys_fallocate fs/open.c:362 [inline]
>  __do_sys_fallocate fs/open.c:367 [inline]
>  __se_sys_fallocate fs/open.c:365 [inline]
>  __x64_sys_fallocate+0x7a/0xd0 fs/open.c:365
>  x64_sys_call+0x298e/0x3020 arch/x86/include/generated/asm/syscalls_64.h:286
>  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
>  do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> read to 0xffff888121f76000 of 512 bytes by task 49 on cpu 0:
>  memcpy_from_iter lib/iov_iter.c:85 [inline]
>  iterate_bvec include/linux/iov_iter.h:123 [inline]
>  iterate_and_advance2 include/linux/iov_iter.h:306 [inline]
>  iterate_and_advance include/linux/iov_iter.h:330 [inline]
>  __copy_from_iter lib/iov_iter.c:261 [inline]
>  copy_folio_from_iter_atomic+0x728/0x10a0 lib/iov_iter.c:491
>  generic_perform_write+0x2c4/0x490 mm/filemap.c:4376
>  shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3414
>  lo_rw_aio+0x6a9/0x760 drivers/block/loop.c:-1
>  do_req_filebacked drivers/block/loop.c:-1 [inline]
>  loop_handle_cmd drivers/block/loop.c:1921 [inline]
>  loop_process_work+0x567/0xac0 drivers/block/loop.c:1956
>  loop_workfn+0x31/0x40 drivers/block/loop.c:1980
>  process_one_work kernel/workqueue.c:3322 [inline]
>  process_scheduled_works+0x4d4/0x9a0 kernel/workqueue.c:3405
>  worker_thread+0x569/0x750 kernel/workqueue.c:3486
>  kthread+0x221/0x270 kernel/kthread.c:436
>  ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158
>  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
>
> Reported by Kernel Concurrency Sanitizer on:
> CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
> Tainted: [W]=WARN
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
> Workqueue: loop6 loop_workfn
> ==================================================================
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup

-- 
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-07-03  6:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-03  0:49 [syzbot] [exfat?] KCSAN: data-race in copy_folio_from_iter_atomic / fat12_ent_put (5) syzbot
2026-07-03  5:51 ` OGAWA Hirofumi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox