syzbot

 sign-in | mailing list | source | docs
🐞 Open [1459]
Subsystems
🐞 Fixed [6847]
🐞 Invalid [17763]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (10)

Status: moderation: reported on 2025/12/14 03:38
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+d120bbc65fa373916946@syzkaller.appspotmail.com
First crash: 28d, last: 6d07h
Similar bugs (9)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (7) mm 6 10 510d 492d 0/29 auto-obsoleted due to no activity on 2024/09/23 07:15
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (8) mm ext4 6 3 190d 259d 0/29 auto-obsoleted due to no activity on 2025/08/30 17:27
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (5) mm 6 8 832d 928d 0/29 auto-obsoleted due to no activity on 2023/11/06 01:09
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (3) mm fs 6 3 1026d 1044d 0/29 auto-obsoleted due to no activity on 2023/04/29 19:41
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead fs 6 7 1447d 1521d 0/29 auto-closed as invalid on 2022/03/01 21:22
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (9) mm 6 1 123d 123d 0/29 auto-obsoleted due to no activity on 2025/11/05 13:57
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (2) fs 6 1 1232d 1232d 0/29 auto-closed as invalid on 2022/10/02 20:33
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (6) fs mm 6 5 648d 742d 0/29 auto-obsoleted due to no activity on 2024/05/08 09:54
upstream KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead (4) fs 6 1 985d 985d 0/29 auto-obsoleted due to no activity on 2023/06/06 03:32

Sample crash report:
==================================================================
BUG: KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead

write to 0xffff888105737e10 of 8 bytes by task 13565 on cpu 1:
 do_sync_mmap_readahead+0x2ba/0x320 mm/filemap.c:-1
 filemap_fault+0x336/0xb70 mm/filemap.c:3549
 __do_fault+0xbc/0x200 mm/memory.c:5320
 do_read_fault mm/memory.c:5755 [inline]
 do_fault mm/memory.c:5889 [inline]
 do_pte_missing mm/memory.c:4401 [inline]
 handle_pte_fault mm/memory.c:6273 [inline]
 __handle_mm_fault mm/memory.c:6411 [inline]
 handle_mm_fault+0xfab/0x2c60 mm/memory.c:6580
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x1024/0x1ed0 mm/gup.c:1428
 __get_user_pages_locked mm/gup.c:1692 [inline]
 get_dump_page+0xb5/0x250 mm/gup.c:2192
 dump_user_range+0x145/0x8f0 fs/coredump.c:1366
 elf_core_dump+0x1de7/0x1f80 fs/binfmt_elf.c:2111
 coredump_write+0xacf/0xdf0 fs/coredump.c:1049
 do_coredump fs/coredump.c:1126 [inline]
 vfs_coredump+0x24f7/0x2e60 fs/coredump.c:1200
 get_signal+0xd84/0xf70 kernel/signal.c:3019
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:75 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline]
 irqentry_exit+0xf9/0x560 kernel/entry/common.c:196
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

write to 0xffff888105737e10 of 8 bytes by task 13567 on cpu 0:
 do_sync_mmap_readahead+0x2ba/0x320 mm/filemap.c:-1
 filemap_fault+0x336/0xb70 mm/filemap.c:3549
 __do_fault+0xbc/0x200 mm/memory.c:5320
 do_read_fault mm/memory.c:5755 [inline]
 do_fault mm/memory.c:5889 [inline]
 do_pte_missing mm/memory.c:4401 [inline]
 handle_pte_fault mm/memory.c:6273 [inline]
 __handle_mm_fault mm/memory.c:6411 [inline]
 handle_mm_fault+0xfab/0x2c60 mm/memory.c:6580
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x1024/0x1ed0 mm/gup.c:1428
 __get_user_pages_locked mm/gup.c:1692 [inline]
 get_dump_page+0xb5/0x250 mm/gup.c:2192
 dump_user_range+0x145/0x8f0 fs/coredump.c:1366
 elf_core_dump+0x1de7/0x1f80 fs/binfmt_elf.c:2111
 coredump_write+0xacf/0xdf0 fs/coredump.c:1049
 do_coredump fs/coredump.c:1126 [inline]
 vfs_coredump+0x24f7/0x2e60 fs/coredump.c:1200
 get_signal+0xd84/0xf70 kernel/signal.c:3019
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:75 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline]
 irqentry_exit+0xf9/0x560 kernel/entry/common.c:196
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x00000000000000b5 -> 0x00000000000000b6

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13567 Comm: syz.3.3414 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
syz.3.3414 (13567) used greatest stack depth: 7416 bytes left

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/05 15:28 upstream 3609fa95fb0f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
2025/12/14 03:37 upstream 9d9c1cfec01c d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
* Struck through repros no longer work on HEAD.