syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in inode_cgwb_move_to_attached / iput

Status: moderation: reported on 2025/05/16 03:00
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+a2d54e154af71a59a531@syzkaller.appspotmail.com
First crash: 1d03h, last: 1d03h

Sample crash report:
loop7: detected capacity change from 0 to 1024
EXT4-fs: Ignoring removed bh option
==================================================================
BUG: KCSAN: data-race in inode_cgwb_move_to_attached / iput

write to 0xffff8881072636f8 of 4 bytes by task 12236 on cpu 0:
 inode_cgwb_move_to_attached+0x9b/0x310 fs/fs-writeback.c:309
 requeue_inode fs/fs-writeback.c:-1 [inline]
 writeback_sb_inodes+0x6d9/0xa20 fs/fs-writeback.c:2005
 __writeback_inodes_wb+0x94/0x1a0 fs/fs-writeback.c:2047
 wb_writeback+0x266/0x5c0 fs/fs-writeback.c:2158
 wb_check_start_all fs/fs-writeback.c:2284 [inline]
 wb_do_writeback fs/fs-writeback.c:2310 [inline]
 wb_workfn+0x4c9/0x910 fs/fs-writeback.c:2343
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff8881072636f8 of 4 bytes by task 24980 on cpu 1:
 iput+0x32/0x5b0 fs/inode.c:1914
 ext4_xattr_block_set+0x1554/0x1a30 fs/ext4/xattr.c:2001
 ext4_xattr_set_handle+0xdc8/0xe70 fs/ext4/xattr.c:2447
 ext4_xattr_set+0x18e/0x240 fs/ext4/xattr.c:2549
 ext4_xattr_trusted_set+0x3c/0x50 fs/ext4/xattr_trusted.c:38
 __vfs_setxattr+0x2e6/0x310 fs/xattr.c:200
 __vfs_setxattr_noperm+0xe8/0x410 fs/xattr.c:234
 __vfs_setxattr_locked+0x1af/0x1d0 fs/xattr.c:295
 vfs_setxattr+0x132/0x270 fs/xattr.c:321
 do_setxattr fs/xattr.c:636 [inline]
 filename_setxattr+0x1ad/0x400 fs/xattr.c:665
 path_setxattrat+0x2c9/0x310 fs/xattr.c:713
 __do_sys_setxattr fs/xattr.c:747 [inline]
 __se_sys_setxattr fs/xattr.c:743 [inline]
 __x64_sys_setxattr+0x6e/0x90 fs/xattr.c:743
 x64_sys_call+0x28a7/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:189
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00010002 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 24980 Comm: syz.7.6812 Tainted: G        W           6.15.0-rc6-syzkaller-00105-g088d13246a46 #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/16 03:00 upstream 088d13246a46 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in inode_cgwb_move_to_attached / iput
* Struck through repros no longer work on HEAD.