syzbot

 sign-in | mailing list | source | docs
🐞 Open [1453]
Subsystems
🐞 Fixed [6871]
🐞 Invalid [17836]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in copy_mm / vma_complete (3)

Status: moderation: reported on 2025/12/25 21:31
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+066a77caae64cfbe489b@syzkaller.appspotmail.com
First crash: 25d, last: 2d02h
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in copy_mm / vma_complete mm 6 1 193d 193d 0/29 auto-obsoleted due to no activity on 2025/09/04 07:42
upstream KCSAN: data-race in copy_mm / vma_complete (2) mm 6 2 81d 97d 0/29 auto-obsoleted due to no activity on 2025/12/25 08:42

Sample crash report:
==================================================================
BUG: KCSAN: data-race in copy_mm / vma_complete

read-write to 0xffff888104a4f448 of 4 bytes by task 9294 on cpu 0:
 vma_complete+0x13f/0x580 mm/vma.c:352
 __split_vma+0x5e3/0x660 mm/vma.c:564
 split_vma mm/vma.c:594 [inline]
 vma_modify+0xbcb/0xd30 mm/vma.c:1672
 vma_modify_flags+0x182/0x210 mm/vma.c:1692
 mprotect_fixup+0x30e/0x5e0 mm/mprotect.c:756
 do_mprotect_pkey+0x67b/0x920 mm/mprotect.c:930
 __do_sys_mprotect mm/mprotect.c:951 [inline]
 __se_sys_mprotect mm/mprotect.c:948 [inline]
 __x64_sys_mprotect+0x48/0x60 mm/mprotect.c:948
 x64_sys_call+0x2c3b/0x3000 arch/x86/include/generated/asm/syscalls_64.h:11
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888104a4f2c0 of 1664 bytes by task 9295 on cpu 1:
 dup_mm kernel/fork.c:1523 [inline]
 copy_mm+0xe1/0x370 kernel/fork.c:1581
 copy_process+0xcbd/0x1f10 kernel/fork.c:2221
 kernel_clone+0x16b/0x5b0 kernel/fork.c:2651
 __do_sys_clone kernel/fork.c:2792 [inline]
 __se_sys_clone kernel/fork.c:2776 [inline]
 __x64_sys_clone+0x143/0x180 kernel/fork.c:2776
 x64_sys_call+0x12d0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9295 Comm: syz.7.1562 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/18 01:45 upstream d3eeb99bbc99 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / vma_complete
2026/01/09 16:27 upstream 623fb9912f6a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / vma_complete
2025/12/25 21:30 upstream ccd1cdca5cd4 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / vma_complete
* Struck through repros no longer work on HEAD.