syzbot

 sign-in | mailing list | source | docs
🐞 Open [1540]
Subsystems
🐞 Fixed [6208]
🐞 Invalid [15619]
Missing Backports [182]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in exec_mmap / vms_clear_ptes (3)

Status: moderation: reported on 2025/04/14 00:06
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+37f46374782def1c680d@syzkaller.appspotmail.com
First crash: 12d, last: 12d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in exec_mmap / vms_clear_ptes (2) mm 3 132d 150d 0/28 auto-obsoleted due to no activity on 2025/02/09 00:05
upstream KCSAN: data-race in exec_mmap / vms_clear_ptes mm 2 208d 208d 0/28 auto-obsoleted due to no activity on 2024/11/03 23:18

Sample crash report:
==================================================================
BUG: KCSAN: data-race in exec_mmap / vms_clear_ptes

write to 0xffff88810005ef00 of 8 bytes by task 3044 on cpu 1:
 update_hiwater_rss include/linux/mm.h:2754 [inline]
 vms_clear_ptes+0x1a4/0x300 mm/vma.c:1150
 vms_complete_munmap_vmas+0x17b/0x470 mm/vma.c:1200
 do_vmi_align_munmap+0x379/0x3c0 mm/vma.c:1459
 do_vmi_munmap+0x1eb/0x230 mm/vma.c:1507
 __vm_munmap+0x196/0x270 mm/vma.c:2970
 __do_sys_munmap mm/mmap.c:1084 [inline]
 __se_sys_munmap mm/mmap.c:1081 [inline]
 __x64_sys_munmap+0x36/0x40 mm/mmap.c:1081
 x64_sys_call+0xe1b/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:12
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810005ef00 of 8 bytes by task 4417 on cpu 0:
 get_mm_hiwater_rss include/linux/mm.h:2741 [inline]
 setmax_mm_hiwater_rss include/linux/mm.h:2771 [inline]
 exec_mmap+0x362/0x4d0 fs/exec.c:1007
 begin_new_exec+0xb2c/0x1150 fs/exec.c:1264
 load_elf_binary+0x65a/0x1a50 fs/binfmt_elf.c:1001
 search_binary_handler fs/exec.c:1778 [inline]
 exec_binprm fs/exec.c:1810 [inline]
 bprm_execve+0x48b/0x9c0 fs/exec.c:1862
 do_execveat_common+0x766/0x7e0 fs/exec.c:1968
 do_execve fs/exec.c:2042 [inline]
 __do_sys_execve fs/exec.c:2118 [inline]
 __se_sys_execve fs/exec.c:2113 [inline]
 __x64_sys_execve+0x5c/0x70 fs/exec.c:2113
 x64_sys_call+0x1362/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:60
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000233 -> 0x0000000000000253

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4417 Comm: dhcpcd Not tainted 6.15.0-rc1-syzkaller-00333-g5aaaedb0cb54 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/14 00:05 upstream 5aaaedb0cb54 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in exec_mmap / vms_clear_ptes
* Struck through repros no longer work on HEAD.