syzbot

 sign-in | mailing list | source | docs
🐞 Open [1621]
Subsystems
🐞 Fixed [6275]
🐞 Invalid [15945]
Missing Backports [189]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in exec_mmap / vms_clear_ptes (3)

Status: moderation: reported on 2025/04/14 00:06
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+37f46374782def1c680d@syzkaller.appspotmail.com
First crash: 56d, last: 8d20h
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in exec_mmap / vms_clear_ptes (2) mm 3 176d 194d 0/28 auto-obsoleted due to no activity on 2025/02/09 00:05
upstream KCSAN: data-race in exec_mmap / vms_clear_ptes mm 2 252d 251d 0/28 auto-obsoleted due to no activity on 2024/11/03 23:18

Sample crash report:
==================================================================
BUG: KCSAN: data-race in exec_mmap / vms_clear_ptes

write to 0xffff888103ff6e70 of 8 bytes by task 3046 on cpu 1:
 update_hiwater_rss include/linux/mm.h:2771 [inline]
 vms_clear_ptes+0x18c/0x2d0 mm/vma.c:1183
 vms_complete_munmap_vmas+0x159/0x440 mm/vma.c:1233
 do_vmi_align_munmap+0x383/0x3d0 mm/vma.c:1492
 do_vmi_munmap+0x1db/0x220 mm/vma.c:1540
 __vm_munmap+0x1a1/0x280 mm/vma.c:3014
 __do_sys_munmap mm/mmap.c:1084 [inline]
 __se_sys_munmap mm/mmap.c:1081 [inline]
 __x64_sys_munmap+0x36/0x50 mm/mmap.c:1081
 x64_sys_call+0xa65/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:12
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888103ff6e70 of 8 bytes by task 4221 on cpu 0:
 get_mm_hiwater_rss include/linux/mm.h:2758 [inline]
 setmax_mm_hiwater_rss include/linux/mm.h:2788 [inline]
 exec_mmap+0x365/0x4d0 fs/exec.c:947
 begin_new_exec+0xb6b/0x1160 fs/exec.c:1204
 load_elf_binary+0x5ff/0x19d0 fs/binfmt_elf.c:995
 search_binary_handler fs/exec.c:1718 [inline]
 exec_binprm fs/exec.c:1750 [inline]
 bprm_execve+0x474/0x970 fs/exec.c:1802
 do_execveat_common+0x6e6/0x750 fs/exec.c:1908
 do_execve fs/exec.c:1982 [inline]
 __do_sys_execve fs/exec.c:2058 [inline]
 __se_sys_execve fs/exec.c:2053 [inline]
 __x64_sys_execve+0x5c/0x70 fs/exec.c:2053
 x64_sys_call+0x13ab/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:60
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000273 -> 0x0000000000000293

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4221 Comm: dhcpcd Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/31 05:59 upstream 8477ab143069 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in exec_mmap / vms_clear_ptes
2025/05/29 22:52 upstream e0797d3b91de 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in exec_mmap / vms_clear_ptes
2025/04/14 00:05 upstream 5aaaedb0cb54 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in exec_mmap / vms_clear_ptes
* Struck through repros no longer work on HEAD.