syzbot

 sign-in | mailing list | source | docs
🐞 Open [1500]
Subsystems
🐞 Fixed [6510]
🐞 Invalid [16547]
Missing Backports [204]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in copy_mm / percpu_counter_destroy_many

Status: upstream: reported on 2025/05/12 06:36
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+8be9bf36c3cf574426c8@syzkaller.appspotmail.com
First crash: 95d, last: 1d15h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [io-uring] KCSAN: data-race in copy_mm / percpu_counter_destroy_many 2 (3) 2025/05/12 17:08

Sample crash report:
==================================================================
BUG: KCSAN: data-race in copy_mm / percpu_counter_destroy_many

write to 0xffff888119967cf0 of 8 bytes by task 12433 on cpu 0:
 __list_del include/linux/list.h:195 [inline]
 __list_del_entry include/linux/list.h:218 [inline]
 list_del include/linux/list.h:229 [inline]
 percpu_counter_destroy_many+0xc7/0x2b0 lib/percpu_counter.c:244
 __mmdrop+0x22d/0x3d0 kernel/fork.c:691
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch+0x187/0x2b0 kernel/sched/core.c:5250
 context_switch kernel/sched/core.c:5360 [inline]
 __schedule+0x6b9/0xb30 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x5f/0xd0 kernel/sched/core.c:7058
 exit_to_user_mode_loop kernel/entry/common.c:31 [inline]
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 irqentry_exit_to_user_mode+0x3a/0xa0 kernel/entry/common.c:73
 irqentry_exit+0x12/0x50 kernel/entry/common.c:177
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623

read to 0xffff8881199678c0 of 1408 bytes by task 12421 on cpu 1:
 dup_mm kernel/fork.c:1479 [inline]
 copy_mm+0xe2/0x370 kernel/fork.c:1537
 copy_process+0xd08/0x2000 kernel/fork.c:2175
 kernel_clone+0x16c/0x5c0 kernel/fork.c:2605
 __do_sys_clone kernel/fork.c:2748 [inline]
 __se_sys_clone kernel/fork.c:2732 [inline]
 __x64_sys_clone+0xe6/0x120 kernel/fork.c:2732
 x64_sys_call+0x119c/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 12421 Comm: dhcpcd-run-hook Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/13 09:25 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/31 23:56 upstream 260f6f4fda93 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/26 01:33 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/09 17:36 upstream 733923397fd9 f4e5e155 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/24 05:59 upstream 78f4e737a53e e2f27c35 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/20 16:34 upstream 75f5f23f8787 804b3919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/18 01:08 upstream 4663747812d1 e77fae15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/07 01:58 upstream c0c9379f235d 9fa58bba .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/06 06:43 upstream e271ed52b344 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/05/11 09:17 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
* Struck through repros no longer work on HEAD.