syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1345]
Subsystems
🐞 Fixed [7089]
🐞 Invalid [18671]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in __mmput / copy_mm (3)

Status: moderation: reported on 2026/05/08 14:19
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+259d9dfc97438497978a@syzkaller.appspotmail.com
First crash: 1d08h, last: 1d08h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
4525cc73-aa85-4ce8-bae8-ecf6761d52e2 assessment-kcsan Benign: ✅ KCSAN: data-race in __mmput / copy_mm (3) 2026/05/08 14:18 2026/05/08 14:18 2026/05/08 14:40 04e3cfe80d8d1595bcb750e55868b0ba3c416767
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __mmput / copy_mm (2) kernel 6 1 102d 102d 0/29 auto-obsoleted due to no activity on 2026/03/24 11:25
upstream KCSAN: data-race in __mmput / copy_mm mm 6 1 325d 325d 0/29 auto-obsoleted due to no activity on 2025/08/12 22:58

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __mmput / copy_mm

write to 0xffff888103c5e6f8 of 8 bytes by task 20512 on cpu 0:
 __list_del include/linux/list.h:203 [inline]
 __list_del_entry include/linux/list.h:226 [inline]
 list_del include/linux/list.h:237 [inline]
 __mmput+0xe2/0x1c0 kernel/fork.c:1183
 mmput+0x40/0x50 kernel/fork.c:1201
 exit_mm+0x113/0x1a0 kernel/exit.c:581
 do_exit+0x442/0x1530 kernel/exit.c:963
 do_group_exit+0x138/0x140 kernel/exit.c:1117
 __do_sys_exit_group kernel/exit.c:1128 [inline]
 __se_sys_exit_group kernel/exit.c:1126 [inline]
 __x64_sys_exit_group+0x1f/0x20 kernel/exit.c:1126
 x64_sys_call+0x3008/0x3020 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888103c5e540 of 1664 bytes by task 3308 on cpu 1:
 dup_mm kernel/fork.c:1528 [inline]
 copy_mm+0xe1/0x370 kernel/fork.c:1586
 copy_process+0x1087/0x2370 kernel/fork.c:2264
 kernel_clone+0x1a5/0x5e0 kernel/fork.c:2721
 __do_sys_clone kernel/fork.c:2862 [inline]
 __se_sys_clone kernel/fork.c:2846 [inline]
 __x64_sys_clone+0x143/0x180 kernel/fork.c:2846
 x64_sys_call+0x1222/0x3020 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3308 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/08 14:18 upstream 917719c412c4 b2988c17 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __mmput / copy_mm
* Struck through repros no longer work on HEAD.