On Mon, 14 Oct 2024 at 08:40, Sabyrzhan Tasbolatov <snovitoll@xxxxxxxxx> wrote: > > On Mon, Oct 14, 2024 at 11:08 AM syzbot > <syzbot+b79be83906cd9bab16ff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 2f91ff27b0ee Merge tag 'sound-6.12-rc2' of git://git.kerne.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=155c879f980000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=95098faba89c70c9 > > dashboard link: https://syzkaller.appspot.com/bug?extid=b79be83906cd9bab16ff > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/14933c4ac457/disk-2f91ff27.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/6725831fc1a1/vmlinux-2f91ff27.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/98d64e038e72/bzImage-2f91ff27.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+b79be83906cd9bab16ff@xxxxxxxxxxxxxxxxxxxxxxxxx > > > > loop4: detected capacity change from 0 to 4096 > > EXT4-fs: Ignoring removed nobh option > > EXT4-fs: Ignoring removed i_version option > > ================================================================== > > BUG: KCSAN: data-race in xas_create / xas_find > > > > write to 0xffff888106819919 of 1 bytes by task 3435 on cpu 0: > > xas_expand lib/xarray.c:613 [inline] > > xas_create+0x666/0xbd0 lib/xarray.c:654 > > xas_store+0x6f/0xc90 lib/xarray.c:788 > > AFAIU, xas_store() itself, doesn't have a locking mechanism, > but is locked in xa_* functions. Example: > > void *xa_store_range(...) > { > XA_STATE(xas, xa, 0); > ... > do { > xas_lock(&xas); > if (entry) { > ... > xas_create(&xas, true); > } > ... > unlock: > xas_unlock(&xas); > } > > Same thing is for the another racing xas_find() function: > > void *xa_find(...) > { > XA_STATE(xas, xa, *indexp); > void *entry; > rcu_read_lock(); > do { > if (...) > entry = xas_find_marked(&xas, max, filter); > else > entry = xas_find(&xas, max); > ... > rcu_read_unlock(); > } > > In this KCSAN report, xas_create() and xas_find() are racing for `offset` field. If you search the mailing list archives, there are several such reports: https://lore.kernel.org/all/20230914080811.465zw662sus4uznq@quack3/ And have all been deemed benign. The code might benefit from markings, per: https://github.com/torvalds/linux/blob/master/tools/memory-model/Documentation/access-marking.txt But that's entirely up to the maintainer's preference: https://lwn.net/Articles/816854/
