syzbot

 sign-in | mailing list | source | docs
🐞 Open [1463]
Subsystems
🐞 Fixed [6847]
🐞 Invalid [17764]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in copy_mm / vma_complete (3)

Status: moderation: reported on 2025/12/25 21:31
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+066a77caae64cfbe489b@syzkaller.appspotmail.com
First crash: 17d, last: 2d13h
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in copy_mm / vma_complete mm 6 1 185d 185d 0/29 auto-obsoleted due to no activity on 2025/09/04 07:42
upstream KCSAN: data-race in copy_mm / vma_complete (2) mm 6 2 73d 89d 0/29 auto-obsoleted due to no activity on 2025/12/25 08:42

Sample crash report:
==================================================================
BUG: KCSAN: data-race in copy_mm / vma_complete

read-write to 0xffff88811b40b0c8 of 4 bytes by task 12683 on cpu 1:
 vma_complete+0x13f/0x580 mm/vma.c:349
 __split_vma+0x5e3/0x660 mm/vma.c:561
 split_vma mm/vma.c:591 [inline]
 vma_modify+0xbee/0xd50 mm/vma.c:1634
 vma_modify_flags+0x10c/0x190 mm/vma.c:1654
 mprotect_fixup+0x30f/0x5e0 mm/mprotect.c:756
 do_mprotect_pkey+0x6d6/0x980 mm/mprotect.c:930
 __do_sys_mprotect mm/mprotect.c:951 [inline]
 __se_sys_mprotect mm/mprotect.c:948 [inline]
 __x64_sys_mprotect+0x48/0x60 mm/mprotect.c:948
 x64_sys_call+0x2c3b/0x3000 arch/x86/include/generated/asm/syscalls_64.h:11
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811b40af40 of 1664 bytes by task 12687 on cpu 0:
 dup_mm kernel/fork.c:1523 [inline]
 copy_mm+0xe2/0x370 kernel/fork.c:1581
 copy_process+0xcbc/0x1ef0 kernel/fork.c:2221
 kernel_clone+0x16c/0x5c0 kernel/fork.c:2651
 __do_sys_clone kernel/fork.c:2792 [inline]
 __se_sys_clone kernel/fork.c:2776 [inline]
 __x64_sys_clone+0xe6/0x120 kernel/fork.c:2776
 x64_sys_call+0x12d0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 12687 Comm: syz.5.2466 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/09 16:27 upstream 623fb9912f6a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / vma_complete
2025/12/25 21:30 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / vma_complete
* Struck through repros no longer work on HEAD.