From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-oi1-f208.google.com (mail-oi1-f208.google.com [209.85.167.208])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD486372EED
	for <linux-kernel@vger.kernel.org>; Fri, 17 Apr 2026 09:12:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.208
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776417144; cv=none; b=mL0Cp3hwXIOdXVeh6X2IKs5GJxQy5R5M/vWjjDcr9f0auzcD8m+ic9vM64yBI9AlUCwiNRUBAtaZz5jlicANONzo5VXy0p5W6NqHffxrOFmSkKov9i0ZrxyjcVY8DbSIUN4hE6buWObyb2GsLCxAbHLMUPVjZ86cSbzkziuf3oE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776417144; c=relaxed/simple;
	bh=Ep7vzvKsCQ+DbCvbgHYEvtFvE++/r9EjrQz4Mwa0zik=;
	h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=H0Z8kThfAADD3xGZFMaKKwX9aSASLXsMFWJmIIT07DNim1VSeVxIJOpdd0MIdRtv5jIFTNGJgxToCX92MstaxF2YpjPP2h7qipL8eqSQRG6v9HZMHGt0KFwXdw+6LVI2LZN2qrHxglwCRVEYFO/kWCzJYkOKAUptepE3Qz024xI=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.167.208
Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com
Received: by mail-oi1-f208.google.com with SMTP id 5614622812f47-463a018f61bso297609b6e.3
        for <linux-kernel@vger.kernel.org>; Fri, 17 Apr 2026 02:12:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1776417141; x=1777021941;
        h=to:from:subject:message-id:date:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=a/KbQkE3F+9rowducc7K95ONRIPvyXcoib07wiB0EiI=;
        b=GHwV4QifNS6mWHFv5f8U7bYqfyYXZurBnjXQWUDo/ElsW1qmk8xU/BdFJvQGQHlASt
         9NVCzq66i5+iRU0N8RNazC+UHjj+rXxKUC5bbPiMGKvPSxS7HE6iJsMOPdAebOogz8IT
         eNcz/EU/zY9PkyEbED4xFk8BECfZ7D6VvdCapgCytp65lZNXFVu2j/XSiMKWc2JkPLyC
         Lb/rH16y4oGu/NRcLmzTcEUNQSya/tE2gQsTQBEvo/XfA/NWlbMF3z6w4g7YzT4W6DEq
         04F1fe92nquSjK60Fxx8pHlUUJn/TPMLtAn5yw2zreUBMzdeh9GhXLoSBUBURE0B2e/U
         KU7g==
X-Forwarded-Encrypted: i=1; AFNElJ/DF+0efPvB5ZgQ9qMMklA6nfjh95x+svLTrKLYSobe00VixCKd+s4XstfqZd7yKLsBFzcYX/+a+veChjY=@vger.kernel.org
X-Gm-Message-State: AOJu0YyfW4pNuPTa9uZMJuGknb8UAeJA63ytM/648fruvJoX5p5zjd5S
	V1WGTiNoZkcPd0AmAIasYw8IPuSyyTf30dUWN94BY9GLFPikOPweM7dJX3Op5KKq5jMGBC4DXjR
	nD5mAjA4bGimoehemsxSlkVhuRuduBi33PqKSrlDuaL9OXrncdAUuoB2SW/c=
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Received: by 2002:a05:6820:3092:b0:692:9c90:8e9a with SMTP id
 006d021491bc7-69462f2036dmr956132eaf.45.1776417141711; Fri, 17 Apr 2026
 02:12:21 -0700 (PDT)
Date: Fri, 17 Apr 2026 02:12:21 -0700
X-Google-Appengine-App-Id: s~syzkaller
X-Google-Appengine-App-Id-Alias: syzkaller
Message-ID: <69e1f975.050a0220.1de265.0009.GAE@google.com>
Subject: [syzbot] [mm?] KCSAN: data-race in mas_wr_store_entry /
 mtree_range_walk (2)
From: syzbot <syzbot+38a879f4a73497f2dfef@syzkaller.appspotmail.com>
To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, 
	linux-kernel@vger.kernel.org, linux-mm@kvack.org, ljs@kernel.org, 
	pfalcato@suse.de, syzkaller-bugs@googlegroups.com, vbabka@kernel.org
Content-Type: text/plain; charset="UTF-8"

Hello,

syzbot found the following issue on:

HEAD commit:    1d51b370a0f8 Merge tag 'jfs-7.1' of github.com:kleikamp/li..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=117dc4ce580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=7f207c4b1fbf85a3
dashboard link: https://syzkaller.appspot.com/bug?extid=38a879f4a73497f2dfef
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e08ff8d2b0e5/disk-1d51b370.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c11d4b098bbf/vmlinux-1d51b370.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6a4691f32e3d/bzImage-1d51b370.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+38a879f4a73497f2dfef@syzkaller.appspotmail.com

==================================================================
BUG: KCSAN: data-race in mas_wr_store_entry / mtree_range_walk

write to 0xffff888104f71d08 of 8 bytes by task 4757 on cpu 0:
 mas_wr_slot_store lib/maple_tree.c:3232 [inline]
 mas_wr_store_entry+0x3405/0x5ad0 lib/maple_tree.c:3528
 mas_store_prealloc+0x43e/0x690 lib/maple_tree.c:4936
 vma_iter_store_overwrite mm/vma.h:616 [inline]
 commit_merge+0x6a1/0x720 mm/vma.c:766
 vma_expand+0x301/0x460 mm/vma.c:1219
 vma_merge_new_range+0x29c/0x320 mm/vma.c:1112
 __mmap_region mm/vma.c:2766 [inline]
 mmap_region+0x1073/0x2110 mm/vma.c:2856
 do_mmap+0x9b2/0xbd0 mm/mmap.c:560
 vm_mmap_pgoff+0x183/0x2d0 mm/util.c:581
 ksys_mmap_pgoff+0xc1/0x310 mm/mmap.c:606
 x64_sys_call+0x14df/0x3020 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888104f71d08 of 8 bytes by task 4759 on cpu 1:
 mtree_range_walk+0x1a6/0x490 lib/maple_tree.c:2032
 mas_state_walk lib/maple_tree.c:2952 [inline]
 mas_walk+0x1cc/0x370 lib/maple_tree.c:4366
 lock_vma_under_rcu+0xc9/0x210 mm/mmap_lock.c:304
 do_user_addr_fault+0x232/0x1050 arch/x86/mm/fault.c:1325
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x62/0xa0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

value changed: 0x00007f68dc2a5fff -> 0x00007f68dc284fff

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 4759 Comm: syz.5.348 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
==================================================================
netlink: 64 bytes leftover after parsing attributes in process `syz.5.348'.


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup