syzbot

 sign-in | mailing list | source | docs
🐞 Open [995] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (6)

Status: moderation: reported on 2023/12/31 04:33
Subsystems: fs mm
[Documentation on labels]
Reported-by: syzbot+54d878f388c40ef735d6@syzkaller.appspotmail.com
First crash: 118d, last: 24d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (5) mm 8 208d 304d 0/26 auto-obsoleted due to no activity on 2023/11/06 01:09
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (3) fs mm 3 402d 419d 0/26 auto-obsoleted due to no activity on 2023/04/29 19:41
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead fs 7 822d 896d 0/26 auto-closed as invalid on 2022/03/01 21:22
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (2) fs 1 607d 607d 0/26 auto-closed as invalid on 2022/10/02 20:33
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (4) fs 1 361d 361d 0/26 auto-obsoleted due to no activity on 2023/06/06 03:32

Sample crash report:
==================================================================
BUG: KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead

write to 0xffff888103ccc280 of 4 bytes by task 28239 on cpu 1:
 do_sync_mmap_readahead+0x3e2/0x450 mm/filemap.c:3148
 filemap_fault+0x43d/0xc70 mm/filemap.c:3289
 __do_fault+0xb6/0x200 mm/memory.c:4531
 do_read_fault mm/memory.c:4894 [inline]
 do_fault mm/memory.c:5024 [inline]
 do_pte_missing mm/memory.c:3880 [inline]
 handle_pte_fault mm/memory.c:5300 [inline]
 __handle_mm_fault mm/memory.c:5441 [inline]
 handle_mm_fault+0xdbf/0x27e0 mm/memory.c:5606
 do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x2f5/0x6d0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
 rep_movs_alternative+0x13/0x70 arch/x86/lib/copy_user_64.S:40
 copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:125 [inline]
 _copy_from_user+0x80/0xd0 lib/usercopy.c:23
 copy_from_user include/linux/uaccess.h:183 [inline]
 copy_from_sockptr_offset include/linux/sockptr.h:48 [inline]
 copy_from_sockptr include/linux/sockptr.h:55 [inline]
 do_tcp_getsockopt+0xd0/0x1a40 net/ipv4/tcp.c:4013
 tcp_getsockopt+0x6e/0xe0 net/ipv4/tcp.c:4377
 sock_common_getsockopt+0x5b/0x70 net/core/sock.c:3700
 do_sock_getsockopt+0x121/0x1a0 net/socket.c:2373
 __sys_getsockopt+0x19a/0x210 net/socket.c:2402
 __do_sys_getsockopt net/socket.c:2412 [inline]
 __se_sys_getsockopt net/socket.c:2409 [inline]
 __x64_sys_getsockopt+0x66/0x80 net/socket.c:2409
 do_syscall_64+0xd3/0x1d0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

write to 0xffff888103ccc280 of 4 bytes by task 28238 on cpu 0:
 do_sync_mmap_readahead+0x3e2/0x450 mm/filemap.c:3148
 filemap_fault+0x43d/0xc70 mm/filemap.c:3289
 __do_fault+0xb6/0x200 mm/memory.c:4531
 do_read_fault mm/memory.c:4894 [inline]
 do_fault mm/memory.c:5024 [inline]
 do_pte_missing mm/memory.c:3880 [inline]
 handle_pte_fault mm/memory.c:5300 [inline]
 __handle_mm_fault mm/memory.c:5441 [inline]
 handle_mm_fault+0xdbf/0x27e0 mm/memory.c:5606
 do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x2f5/0x6d0 arch/x86/mm/fault.c:1563
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
 rep_movs_alternative+0x30/0x70 arch/x86/lib/copy_user_64.S:50
 copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:125 [inline]
 _copy_from_user+0x80/0xd0 lib/usercopy.c:23
 copy_from_user include/linux/uaccess.h:183 [inline]
 copy_from_sockptr_offset include/linux/sockptr.h:48 [inline]
 copy_from_sockptr include/linux/sockptr.h:55 [inline]
 do_tcp_setsockopt+0x297/0x1540 net/ipv4/tcp.c:3469
 tcp_setsockopt+0x50/0xb0 net/ipv4/tcp.c:3739
 sock_common_setsockopt+0x64/0x80 net/core/sock.c:3727
 do_sock_setsockopt net/socket.c:2311 [inline]
 __sys_setsockopt+0x1d8/0x250 net/socket.c:2334
 __do_sys_setsockopt net/socket.c:2343 [inline]
 __se_sys_setsockopt net/socket.c:2340 [inline]
 __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340
 do_syscall_64+0xd3/0x1d0
 entry_SYSCALL_64_after_hwframe+0x72/0x7a

value changed: 0x00000000 -> 0x00000020

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 28238 Comm: syz-executor.0 Tainted: G        W          6.9.0-rc2-syzkaller-00040-gb1e6ec0a0fd0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/03 09:54 upstream b1e6ec0a0fd0 7925100d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
2024/03/24 01:32 upstream 484193fecd2b 0ea90952 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
2024/02/19 07:31 upstream b401b621758e 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
2024/01/26 11:32 upstream ecb1b8288dc7 cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
2023/12/31 04:33 upstream 453f5db0619e fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
* Struck through repros no longer work on HEAD.