syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1323]
Subsystems
🐞 Fixed [7177]
🐞 Invalid [18964]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch (3)

Status: upstream: reported on 2026/06/19 22:36
Subsystems: mm
Labels: race:harmful prio:low
[Documentation on labels]
Reported-by: syzbot+a3c71b9db9c11c270f59@syzkaller.appspotmail.com
First crash: 1d04h, last: 1d04h
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
2b43d460-96f4-44d2-912d-5aee4000bcf9 assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch (3) 2026/06/21 00:01 2026/06/21 00:01 2026/06/21 00:02 43bfcdb07c3552e4664e1029672054ac0924d543 

			
				
	

	
	

		de958f61-0bde-44dc-90f3-a86b5773e590
		assessment-kcsan
		
			
				
					Benign: ❌
				
			
				
			
		
		
		KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch (3)
		2026/06/19 22:08
		2026/06/19 22:08
		2026/06/19 22:35
		023e42b533e586523329e56d8cc833583d338ca9
		
			

			
				
	

	
	



			

		

	

	
	

		

			
			
			Discussions (1)
		

		

			
			
			



	
	

		Title
		Replies (including bot)
		Last reply
	

	
	
	
		

			[syzbot] [mm?] KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch (3)
			0 (1)
			2026/06/19 22:36
		

	
	




			
			
		

	

	
	

		

			
			
			Similar bugs (2)
		

		

			




	
	

		
			Kernel
		
		Title
		
			Rank
			
🛈

		
		Repro
		Cause bisect
		Fix bisect
		Count
		Last
		Reported
		
		
		
			Patched
		
		
			Status
		
		
	

	
	
	
		

			upstream
			
				KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch (2)
					mm
			
			6
			
			
			
			1
			600d
			
				
					600d
				
			
			
			
			
				0/29
			
			
				
					
						auto-obsoleted due to no activity on 2024/12/23 03:58
					
				
			
			
		

	
		

			upstream
			
				KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch
					mm
			
			6
			
			
			
			1
			914d
			
				
					914d
				
			
			
			
			
				0/29
			
			
				
					
						auto-obsoleted due to no activity on 2024/01/23 11:04
					
				
			
			
		

	
	





			
			
			
			
		

	

	

	
	
Sample crash report:

	
==================================================================
BUG: KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch

read-write to 0xffff88812a80e9d0 of 8 bytes by task 11484 on cpu 0:
 percpu_counter_add_batch+0x101/0x120 lib/percpu_counter.c:107
 percpu_counter_add include/linux/percpu_counter.h:71 [inline]
 percpu_counter_sub include/linux/percpu_counter.h:277 [inline]
 shmem_inode_unacct_blocks mm/shmem.c:263 [inline]
 shmem_recalc_inode+0x143/0x1f0 mm/shmem.c:466
 shmem_undo_range+0xb20/0xb60 mm/shmem.c:1272
 shmem_truncate_range mm/shmem.c:1277 [inline]
 shmem_evict_inode+0x132/0x520 mm/shmem.c:1407
 evict+0x2a5/0x510 fs/inode.c:828
 iput_final fs/inode.c:2022 [inline]
 iput+0x430/0x5a0 fs/inode.c:2071
 filename_unlinkat+0x21f/0x410 fs/namei.c:5585
 __do_sys_unlink fs/namei.c:5616 [inline]
 __se_sys_unlink+0x2b/0xe0 fs/namei.c:5613
 __x64_sys_unlink+0x1f/0x30 fs/namei.c:5613
 x64_sys_call+0x2eb6/0x3020 arch/x86/include/generated/asm/syscalls_64.h:88
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x136/0x3c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88812a80e9d0 of 8 bytes by task 16836 on cpu 1:
 __percpu_counter_limited_add+0xc4/0x3f0 lib/percpu_counter.c:-1
 percpu_counter_limited_add include/linux/percpu_counter.h:77 [inline]
 shmem_inode_acct_blocks+0xf4/0x230 mm/shmem.c:232
 shmem_alloc_and_add_folio mm/shmem.c:1979 [inline]
 shmem_get_folio_gfp+0x5d3/0xd90 mm/shmem.c:2502
 shmem_get_folio mm/shmem.c:2608 [inline]
 shmem_write_begin+0xfc/0x1f0 mm/shmem.c:3239
 generic_perform_write+0x186/0x490 mm/filemap.c:4363
 shmem_file_write_iter+0xc5/0xf0 mm/shmem.c:3414
 __kernel_write_iter+0x30f/0x590 fs/read_write.c:621
 dump_emit_page fs/coredump.c:1298 [inline]
 dump_user_range+0xa73/0xd00 fs/coredump.c:1372
 elf_core_dump+0x21c0/0x2340 fs/binfmt_elf.c:2109
 coredump_write+0xaf9/0xdd0 fs/coredump.c:1052
 do_coredump fs/coredump.c:1131 [inline]
 vfs_coredump+0x2770/0x3290 fs/coredump.c:1200
 get_signal+0xd33/0xf10 kernel/signal.c:3023
 arch_do_signal_or_restart+0x96/0x480 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:66 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:101 [inline]
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline]
 irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline]
 irqentry_exit+0x14d/0x610 kernel/entry/common.c:165
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:595

value changed: 0x000000000000459f -> 0x00000000000035b4

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 16836 Comm: syz.5.4499 Tainted: G        W           syzkaller #0 PREEMPT(lazy) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
==================================================================



	

	



	Crashes (1):
		
		

			Time
			Kernel
			Commit
			Syzkaller
			Config
			Log
			Report
			Syz repro
			C repro
			VM info
			Assets (help?)
			Manager
			Title
		

		
		
		
		

			2026/06/19 22:08
			upstream
			5e2e14749c3d
			43bfcdb0
			.config
			console log
			report
			
			
			info
			
				[disk image]
			
				[vmlinux]
			
				[kernel image]
			
			ci2-upstream-kcsan-gce
			KCSAN: data-race in __percpu_counter_limited_add / percpu_counter_add_batch
		

		
		


* Struck through repros no longer work on HEAD.