syzbot

EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000.
==================================================================
BUG: KCSAN: data-race in __lru_add_drain_all / folios_put_refs

write to 0xffff888237c26528 of 1 bytes by task 10175 on cpu 0:
 folio_batch_reinit include/linux/folio_batch.h:50 [inline]
 folios_put_refs+0x2b4/0x300 mm/swap.c:1051
 folios_put include/linux/mm.h:2183 [inline]
 folio_batch_move_lru+0x367/0x3a0 mm/swap.c:214
 __folio_batch_add_and_move mm/swap.c:231 [inline]
 folio_add_lru+0x149/0x250 mm/swap.c:562
 shmem_alloc_and_add_folio mm/shmem.c:2008 [inline]
 shmem_get_folio_gfp+0x7cc/0xd90 mm/shmem.c:2502
 shmem_fault+0xf6/0x250 mm/shmem.c:2703
 __do_fault mm/memory.c:5425 [inline]
 do_read_fault mm/memory.c:5860 [inline]
 do_fault mm/memory.c:5994 [inline]
 do_pte_missing mm/memory.c:4566 [inline]
 handle_pte_fault mm/memory.c:6379 [inline]
 __handle_mm_fault mm/memory.c:6517 [inline]
 handle_mm_fault+0x167a/0x2da0 mm/memory.c:6686
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x129c/0x1f10 mm/gup.c:1428
 populate_vma_page_range mm/gup.c:1860 [inline]
 __mm_populate+0x242/0x390 mm/gup.c:1963
 mm_populate include/linux/mm.h:4171 [inline]
 vm_mmap_pgoff+0x23b/0x2d0 mm/util.c:586
 ksys_mmap_pgoff+0xc1/0x310 mm/mmap.c:606
 x64_sys_call+0x14df/0x3020 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888237c26528 of 1 bytes by task 8545 on cpu 1:
 folio_batch_count include/linux/folio_batch.h:56 [inline]
 cpu_needs_drain mm/swap.c:831 [inline]
 __lru_add_drain_all+0x17e/0x450 mm/swap.c:928
 lru_add_drain_all+0x10/0x20 mm/swap.c:944
 invalidate_bdev+0x47/0x70 block/bdev.c:101
 ext4_put_super+0x614/0x7c0 fs/ext4/super.c:1355
 generic_shutdown_super+0xee/0x220 fs/super.c:647
 kill_block_super+0x2a/0x70 fs/super.c:1665
 ext4_kill_sb+0x42/0x80 fs/ext4/super.c:7499
 deactivate_locked_super+0x75/0x1c0 fs/super.c:477
 deactivate_super+0x97/0xa0 fs/super.c:510
 cleanup_mnt+0x2c3/0x340 fs/namespace.c:1317
 __cleanup_mnt+0x19/0x20 fs/namespace.c:1324
 task_work_run+0x130/0x1a0 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:70 [inline]
 exit_to_user_mode_loop+0x1e4/0x8c0 kernel/entry/common.c:101
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
 do_syscall_64+0x23c/0x3c0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x1f -> 0x00

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 8545 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(lazy) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
==================================================================