syzbot

EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
==================================================================
BUG: KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead

write to 0xffff88811c5d2210 of 8 bytes by task 10026 on cpu 0:
 do_sync_mmap_readahead+0x2d8/0x350 mm/filemap.c:-1
 filemap_fault+0x362/0xb90 mm/filemap.c:3549
 __do_fault+0xbc/0x200 mm/memory.c:5363
 do_read_fault mm/memory.c:5798 [inline]
 do_fault mm/memory.c:5932 [inline]
 do_pte_missing mm/memory.c:4477 [inline]
 handle_pte_fault mm/memory.c:6316 [inline]
 __handle_mm_fault mm/memory.c:6454 [inline]
 handle_mm_fault+0x11d7/0x3020 mm/memory.c:6623
 do_user_addr_fault+0x3fd/0x1050 arch/x86/mm/fault.c:1385
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
 rep_movs_alternative+0x30/0x90 arch/x86/lib/copy_user_64.S:53
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:141 [inline]
 _inline_copy_from_user include/linux/uaccess.h:185 [inline]
 _copy_from_user+0x6f/0xb0 lib/usercopy.c:18
 copy_from_user include/linux/uaccess.h:223 [inline]
 copy_msghdr_from_user net/socket.c:2522 [inline]
 recvmsg_copy_msghdr net/socket.c:2778 [inline]
 ___sys_recvmsg+0xaa/0x3b0 net/socket.c:2850
 do_recvmmsg+0x1ef/0x560 net/socket.c:2949
 __sys_recvmmsg net/socket.c:3023 [inline]
 __do_sys_recvmmsg net/socket.c:3046 [inline]
 __se_sys_recvmmsg net/socket.c:3039 [inline]
 __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3039
 x64_sys_call+0x80f/0x3020 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff88811c5d2210 of 8 bytes by task 10029 on cpu 1:
 do_sync_mmap_readahead+0x2d8/0x350 mm/filemap.c:-1
 filemap_fault+0x362/0xb90 mm/filemap.c:3549
 __do_fault+0xbc/0x200 mm/memory.c:5363
 do_read_fault mm/memory.c:5798 [inline]
 do_fault mm/memory.c:5932 [inline]
 do_pte_missing mm/memory.c:4477 [inline]
 handle_pte_fault mm/memory.c:6316 [inline]
 __handle_mm_fault mm/memory.c:6454 [inline]
 handle_mm_fault+0x11d7/0x3020 mm/memory.c:6623
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x1023/0x1ea0 mm/gup.c:1428
 populate_vma_page_range mm/gup.c:1860 [inline]
 __mm_populate+0x242/0x390 mm/gup.c:1963
 mm_populate include/linux/mm.h:3899 [inline]
 vm_mmap_pgoff+0x23b/0x2d0 mm/util.c:586
 ksys_mmap_pgoff+0x267/0x310 mm/mmap.c:605
 x64_sys_call+0x14df/0x3020 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000163 -> 0x0000000000000260

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10029 Comm: syz.5.1589 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================