syzbot

 sign-in | mailing list | source | docs
🐞 Open [1457]
Subsystems
🐞 Fixed [6847]
🐞 Invalid [17763]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in copy_mm / percpu_counter_destroy_many

Status: upstream: reported on 2025/05/12 06:36
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+8be9bf36c3cf574426c8@syzkaller.appspotmail.com
First crash: 245d, last: 2d12h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [io-uring] KCSAN: data-race in copy_mm / percpu_counter_destroy_many 2 (3) 2025/05/12 17:08

Sample crash report:
==================================================================
BUG: KCSAN: data-race in copy_mm / percpu_counter_destroy_many

write to 0xffff888104afe388 of 8 bytes by task 10146 on cpu 0:
 __list_del include/linux/list.h:203 [inline]
 __list_del_entry include/linux/list.h:226 [inline]
 list_del include/linux/list.h:237 [inline]
 percpu_counter_destroy_many+0xc7/0x2b0 lib/percpu_counter.c:244
 __mmdrop+0x25a/0x3f0 kernel/fork.c:734
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch+0x186/0x2a0 kernel/sched/core.c:5139
 context_switch kernel/sched/core.c:5259 [inline]
 __schedule+0x85f/0xcd0 kernel/sched/core.c:6863
 preempt_schedule_common kernel/sched/core.c:7047 [inline]
 __cond_resched+0x31/0x60 kernel/sched/core.c:7376
 might_resched include/linux/kernel.h:61 [inline]
 might_alloc include/linux/sched/mm.h:323 [inline]
 slab_pre_alloc_hook mm/slub.c:4904 [inline]
 slab_alloc_node mm/slub.c:5239 [inline]
 __do_kmalloc_node mm/slub.c:5656 [inline]
 __kmalloc_noprof+0xaf/0x5a0 mm/slub.c:5669
 kmalloc_noprof include/linux/slab.h:961 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 lsm_blob_alloc security/security.c:192 [inline]
 lsm_task_alloc security/security.c:244 [inline]
 security_task_alloc+0x4d/0x120 security/security.c:2682
 copy_process+0xbb3/0x1ef0 kernel/fork.c:2203
 kernel_clone+0x16c/0x5c0 kernel/fork.c:2651
 __do_sys_clone3 kernel/fork.c:2953 [inline]
 __se_sys_clone3+0x1c2/0x200 kernel/fork.c:2932
 __x64_sys_clone3+0x31/0x40 kernel/fork.c:2932
 x64_sys_call+0x2c0f/0x3000 arch/x86/include/generated/asm/syscalls_64.h:436
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888104afde80 of 1664 bytes by task 10134 on cpu 1:
 dup_mm kernel/fork.c:1523 [inline]
 copy_mm+0xe2/0x370 kernel/fork.c:1581
 copy_process+0xcbc/0x1ef0 kernel/fork.c:2221
 kernel_clone+0x16c/0x5c0 kernel/fork.c:2651
 __do_sys_clone kernel/fork.c:2792 [inline]
 __se_sys_clone kernel/fork.c:2776 [inline]
 __x64_sys_clone+0xe6/0x120 kernel/fork.c:2776
 x64_sys_call+0x12d0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10134 Comm: dhcpcd-run-hook Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/09 05:28 upstream 79b95d74470d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/07 02:52 upstream f0b9d8eb98df d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/12/19 17:23 upstream dd9b004b7ff3 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/12/15 01:45 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/12/08 07:52 upstream ba65a4e7120a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/18 20:18 upstream f406055cb18c 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/07 17:45 upstream 971199ad2a0f 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/06 04:23 upstream 7a405dbb0f03 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/03 12:33 upstream e406d57be7bd 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/09/16 06:00 upstream 46a51f4f5eda e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/08/13 09:25 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/31 23:56 upstream 260f6f4fda93 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/26 01:33 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/09 17:36 upstream 733923397fd9 f4e5e155 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/24 05:59 upstream 78f4e737a53e e2f27c35 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/20 16:34 upstream 75f5f23f8787 804b3919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/18 01:08 upstream 4663747812d1 e77fae15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/07 01:58 upstream c0c9379f235d 9fa58bba .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/06 06:43 upstream e271ed52b344 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/05/11 09:17 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
* Struck through repros no longer work on HEAD.