KCSAN: data-race in copy_mm / percpu_counter_destroy

Title	Replies (including bot)	Last reply
[syzbot] [io-uring] KCSAN: data-race in copy_mm / percpu_counter_destroy_many	2 (3)	2025/05/12 17:08

==================================================================
BUG: KCSAN: data-race in copy_mm / percpu_counter_destroy_many

write to 0xffff88810b2ab208 of 8 bytes by task 11860 on cpu 0:
 __list_del include/linux/list.h:195 [inline]
 __list_del_entry include/linux/list.h:218 [inline]
 list_del include/linux/list.h:229 [inline]
 percpu_counter_destroy_many+0xc7/0x2b0 lib/percpu_counter.c:244
 __mmdrop+0x22e/0x350 kernel/fork.c:688
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch+0x187/0x2b0 kernel/sched/core.c:5289
 context_switch kernel/sched/core.c:5399 [inline]
 __schedule+0x6a8/0xb30 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0x5f/0xd0 kernel/sched/core.c:6878
 do_nanosleep+0x96/0x330 kernel/time/hrtimer.c:2100
 hrtimer_nanosleep+0xdd/0x280 kernel/time/hrtimer.c:2147
 common_nsleep+0x62/0x80 kernel/time/posix-timers.c:1353
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1399 [inline]
 __se_sys_clock_nanosleep+0x21a/0x250 kernel/time/posix-timers.c:1376
 __x64_sys_clock_nanosleep+0x55/0x70 kernel/time/posix-timers.c:1376
 x64_sys_call+0x1df0/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810b2aae00 of 1408 bytes by task 12877 on cpu 1:
 dup_mm kernel/fork.c:1471 [inline]
 copy_mm+0xe2/0x370 kernel/fork.c:1529
 copy_process+0xcf1/0x1fe0 kernel/fork.c:2169
 kernel_clone+0x16c/0x5b0 kernel/fork.c:2599
 __do_sys_clone kernel/fork.c:2742 [inline]
 __se_sys_clone kernel/fork.c:2726 [inline]
 __x64_sys_clone+0xe6/0x120 kernel/fork.c:2726
 x64_sys_call+0x2c59/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 12877 Comm: dhcpcd-run-hook Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2025/06/24 05:59	upstream	78f4e737a53e	e2f27c35	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/20 16:34	upstream	75f5f23f8787	804b3919	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/18 01:08	upstream	4663747812d1	e77fae15	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/07 01:58	upstream	c0c9379f235d	9fa58bba	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/06 06:43	upstream	e271ed52b344	6b6b5f21	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/05/11 09:17	upstream	3ce9925823c7	77908e5f	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in copy_mm / percpu_counter_destroy_many