Hello,
syzbot found the following issue on:
HEAD commit: 21b136cc63d2 minmax: fix up min3() and max3() too
git tree: upstream
console output:
https://syzkaller.appspot.com/x/log.txt?x=10ec8f9d980000
kernel config:
https://syzkaller.appspot.com/x/.config?x=bc4a9b665a33d32c
dashboard link:
https://syzkaller.appspot.com/bug?extid=3b72eab3f50bc31d8357
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [
ak...@linux-foundation.org hu...@google.com linux-...@vger.kernel.org linu...@kvack.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/62299a51ea29/disk-21b136cc.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/93c83ba9e733/vmlinux-21b136cc.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/076b14485b3c/bzImage-21b136cc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+3b72ea...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in shmem_fallocate / shmem_fault
write to 0xffff888114f86e70 of 8 bytes by task 10155 on cpu 0:
shmem_fallocate+0x23a/0x860 mm/shmem.c:3270
vfs_fallocate+0x392/0x3e0 fs/open.c:334
madvise_remove mm/madvise.c:1012 [inline]
madvise_vma_behavior mm/madvise.c:1036 [inline]
madvise_walk_vmas mm/madvise.c:1271 [inline]
do_madvise+0x1177/0x2620 mm/madvise.c:1467
__do_sys_madvise mm/madvise.c:1484 [inline]
__se_sys_madvise mm/madvise.c:1482 [inline]
__x64_sys_madvise+0x61/0x70 mm/madvise.c:1482
x64_sys_call+0x23b3/0x2e00 arch/x86/include/generated/asm/syscalls_64.h:29
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff888114f86e70 of 8 bytes by task 10144 on cpu 1:
shmem_fault+0x9d/0x260 mm/shmem.c:2385
__do_fault+0xb6/0x200 mm/memory.c:4655
do_read_fault mm/memory.c:5061 [inline]
do_fault mm/memory.c:5191 [inline]
do_pte_missing mm/memory.c:3947 [inline]
handle_pte_fault mm/memory.c:5522 [inline]
__handle_mm_fault mm/memory.c:5665 [inline]
handle_mm_fault+0xe2a/0x2940 mm/memory.c:5833
faultin_page mm/gup.c:1194 [inline]
__get_user_pages+0x499/0x10d0 mm/gup.c:1493
populate_vma_page_range mm/gup.c:1932 [inline]
__mm_populate+0x25b/0x3b0 mm/gup.c:2035
mm_populate include/linux/mm.h:3415 [inline]
vm_mmap_pgoff+0x1d6/0x290 mm/util.c:593
ksys_mmap_pgoff+0xd0/0x340 mm/mmap.c:1514
x64_sys_call+0x1940/0x2e00 arch/x86/include/generated/asm/syscalls_64.h:10
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000000000000 -> 0xffffc9000155fcb8
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10144 Comm: syz.1.2313 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup