[moderation] [mm?] KCSAN: data-race in __unmap_hugepage_range / alloc_surplus_hugetlb_folio
2 views
Skip to first unread message
syzbot
Aug 14, 2025, 12:21:30 PM8/14/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0cc53520e68b Merge tag 'probes-fixes-v6.17-rc1' of git://g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17816af0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e229060118f4fc05
dashboard link: https://syzkaller.appspot.com/bug?extid=417aeb05fd190f3a6da9
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
CC: [ak...@linux-foundation.org da...@redhat.com linux-...@vger.kernel.org linu...@kvack.org muchu...@linux.dev osal...@suse.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f9e6d22932c4/disk-0cc53520.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b48befaa495/vmlinux-0cc53520.xz
kernel image: https://storage.googleapis.com/syzbot-assets/10079bf4852c/bzImage-0cc53520.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+417aeb...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __unmap_hugepage_range / alloc_surplus_hugetlb_folio
write to 0xffffffff88e73818 of 8 bytes by task 30243 on cpu 1:
alloc_surplus_hugetlb_folio+0x26f/0x2d0 mm/hugetlb.c:2272
gather_surplus_pages mm/hugetlb.c:2434 [inline]
hugetlb_acct_memory+0x32f/0xa50 mm/hugetlb.c:5317
hugetlb_reserve_pages+0x767/0xc00 mm/hugetlb.c:7328
hugetlbfs_file_mmap+0x27e/0x340 fs/hugetlbfs/inode.c:153
vfs_mmap include/linux/fs.h:2289 [inline]
mmap_file mm/internal.h:167 [inline]
__mmap_new_file_vma mm/vma.c:2413 [inline]
__mmap_new_vma mm/vma.c:2476 [inline]
__mmap_region mm/vma.c:2669 [inline]
mmap_region+0xfad/0x1630 mm/vma.c:2739
do_mmap+0x9b3/0xbe0 mm/mmap.c:558
vm_mmap_pgoff+0x17a/0x2e0 mm/util.c:580
ksys_mmap_pgoff+0x2d0/0x310 mm/mmap.c:604
x64_sys_call+0x14a3/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:10
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e73818 of 8 bytes by task 30241 on cpu 0:
__unmap_hugepage_range+0xad6/0x1290 mm/hugetlb.c:5954
unmap_single_vma mm/memory.c:1928 [inline]
unmap_vmas+0x2f0/0x3a0 mm/memory.c:1976
vms_clear_ptes+0x1f7/0x2d0 mm/vma.c:1228
vms_complete_munmap_vmas+0x159/0x440 mm/vma.c:1277
do_vmi_align_munmap+0x383/0x3d0 mm/vma.c:1536
do_vmi_munmap+0x1db/0x220 mm/vma.c:1584
shrink_vma mm/mremap.c:1335 [inline]
mremap_at+0x110/0x630 mm/mremap.c:1566
do_mremap mm/mremap.c:1925 [inline]
__do_sys_mremap mm/mremap.c:1981 [inline]
__se_sys_mremap+0x6c5/0xc60 mm/mremap.c:1949
__x64_sys_mremap+0x67/0x80 mm/mremap.c:1949
x64_sys_call+0x2a24/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:26
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000000000001 -> 0x0000000000000002
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 30241 Comm: syz.5.7987 Tainted: G W 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 0cc53520e68b Merge tag 'probes-fixes-v6.17-rc1' of git://g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17816af0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e229060118f4fc05
dashboard link: https://syzkaller.appspot.com/bug?extid=417aeb05fd190f3a6da9
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
CC: [ak...@linux-foundation.org da...@redhat.com linux-...@vger.kernel.org linu...@kvack.org muchu...@linux.dev osal...@suse.de]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f9e6d22932c4/disk-0cc53520.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b48befaa495/vmlinux-0cc53520.xz
kernel image: https://storage.googleapis.com/syzbot-assets/10079bf4852c/bzImage-0cc53520.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+417aeb...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in __unmap_hugepage_range / alloc_surplus_hugetlb_folio
write to 0xffffffff88e73818 of 8 bytes by task 30243 on cpu 1:
alloc_surplus_hugetlb_folio+0x26f/0x2d0 mm/hugetlb.c:2272
gather_surplus_pages mm/hugetlb.c:2434 [inline]
hugetlb_acct_memory+0x32f/0xa50 mm/hugetlb.c:5317
hugetlb_reserve_pages+0x767/0xc00 mm/hugetlb.c:7328
hugetlbfs_file_mmap+0x27e/0x340 fs/hugetlbfs/inode.c:153
vfs_mmap include/linux/fs.h:2289 [inline]
mmap_file mm/internal.h:167 [inline]
__mmap_new_file_vma mm/vma.c:2413 [inline]
__mmap_new_vma mm/vma.c:2476 [inline]
__mmap_region mm/vma.c:2669 [inline]
mmap_region+0xfad/0x1630 mm/vma.c:2739
do_mmap+0x9b3/0xbe0 mm/mmap.c:558
vm_mmap_pgoff+0x17a/0x2e0 mm/util.c:580
ksys_mmap_pgoff+0x2d0/0x310 mm/mmap.c:604
x64_sys_call+0x14a3/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:10
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e73818 of 8 bytes by task 30241 on cpu 0:
__unmap_hugepage_range+0xad6/0x1290 mm/hugetlb.c:5954
unmap_single_vma mm/memory.c:1928 [inline]
unmap_vmas+0x2f0/0x3a0 mm/memory.c:1976
vms_clear_ptes+0x1f7/0x2d0 mm/vma.c:1228
vms_complete_munmap_vmas+0x159/0x440 mm/vma.c:1277
do_vmi_align_munmap+0x383/0x3d0 mm/vma.c:1536
do_vmi_munmap+0x1db/0x220 mm/vma.c:1584
shrink_vma mm/mremap.c:1335 [inline]
mremap_at+0x110/0x630 mm/mremap.c:1566
do_mremap mm/mremap.c:1925 [inline]
__do_sys_mremap mm/mremap.c:1981 [inline]
__se_sys_mremap+0x6c5/0xc60 mm/mremap.c:1949
__x64_sys_mremap+0x67/0x80 mm/mremap.c:1949
x64_sys_call+0x2a24/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:26
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000000000001 -> 0x0000000000000002
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 30241 Comm: syz.5.7987 Tainted: G W 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages