syzbot


KCSAN: data-race in shmem_fallocate / shmem_fault (7)

Status: auto-obsoleted due to no activity on 2024/01/31 00:24
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+2cb26506a9fe7a5fec94@syzkaller.appspotmail.com
First crash: 145d, last: 60d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in shmem_fallocate / shmem_fault (6) mm 1 204d 204d 0/26 auto-obsoleted due to no activity on 2023/09/08 14:27
upstream KCSAN: data-race in shmem_fallocate / shmem_fault (2) mm 2 1041d 1045d 0/26 auto-closed as invalid on 2021/05/24 18:53
upstream KCSAN: data-race in shmem_fallocate / shmem_fault (3) mm 2 841d 859d 0/26 auto-closed as invalid on 2021/12/11 00:12
upstream KCSAN: data-race in shmem_fallocate / shmem_fault (4) mm 1 449d 449d 0/26 auto-obsoleted due to no activity on 2023/01/13 18:30
upstream KCSAN: data-race in shmem_fallocate / shmem_fault mm 1 1240d 1240d 0/26 auto-closed as invalid on 2020/11/07 06:23
upstream KCSAN: data-race in shmem_fallocate / shmem_fault (5) mm 1 333d 333d 0/26 auto-obsoleted due to no activity on 2023/05/03 07:41

Sample crash report:
==================================================================
BUG: KCSAN: data-race in shmem_fallocate / shmem_fault

write to 0xffff8881609f0ea0 of 8 bytes by task 12843 on cpu 1:
 shmem_fallocate+0x23e/0x860 mm/shmem.c:3087
 vfs_fallocate+0x378/0x3e0 fs/open.c:324
 madvise_remove mm/madvise.c:1001 [inline]
 madvise_vma_behavior mm/madvise.c:1025 [inline]
 madvise_walk_vmas mm/madvise.c:1260 [inline]
 do_madvise+0x741/0x26f0 mm/madvise.c:1440
 __do_sys_madvise mm/madvise.c:1453 [inline]
 __se_sys_madvise mm/madvise.c:1451 [inline]
 __x64_sys_madvise+0x60/0x70 mm/madvise.c:1451
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

read to 0xffff8881609f0ea0 of 8 bytes by task 12840 on cpu 0:
 shmem_fault+0x9d/0x250 mm/shmem.c:2223
 __do_fault mm/memory.c:4266 [inline]
 do_shared_fault mm/memory.c:4693 [inline]
 do_fault mm/memory.c:4767 [inline]
 do_pte_missing mm/memory.c:3731 [inline]
 handle_pte_fault mm/memory.c:5039 [inline]
 __handle_mm_fault mm/memory.c:5180 [inline]
 handle_mm_fault+0x17db/0x2dd0 mm/memory.c:5345
 do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x2f7/0x6c0 arch/x86/mm/fault.c:1561
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
 rep_movs_alternative+0x15/0x70 arch/x86/lib/copy_user_64.S:43
 copy_user_generic arch/x86/include/asm/uaccess_64.h:112 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:133 [inline]
 _copy_to_user+0x77/0x90 lib/usercopy.c:41
 copy_to_user include/linux/uaccess.h:191 [inline]
 do_timer_create+0x75c/0xa30 kernel/time/posix-timers.c:500
 __se_sys_timer_create kernel/time/posix-timers.c:530 [inline]
 __x64_sys_timer_create+0xbb/0xe0 kernel/time/posix-timers.c:530
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

value changed: 0x0000000000000000 -> 0xffffc90003573cd0

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 12840 Comm: syz-executor.2 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
==================================================================

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/27 00:24 upstream fbafc3e621c3 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in shmem_fallocate / shmem_fault
2023/12/21 21:14 upstream 9a6b294ab496 4f9530a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in shmem_fallocate / shmem_fault
2023/11/14 14:19 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in shmem_fallocate / shmem_fault
2023/11/09 08:36 upstream 6bc986ab839c 4862372a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in shmem_fallocate / shmem_fault
2023/10/29 01:34 upstream 51a7691038c3 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in shmem_fallocate / shmem_fault
2023/10/07 10:20 upstream 82714078aee4 5e837c76 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in shmem_fallocate / shmem_fault
2023/10/02 22:27 upstream 8a749fd1a872 50b20e75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in shmem_fallocate / shmem_fault
* Struck through repros no longer work on HEAD.