syzbot

 sign-in | mailing list | source | docs
🐞 Open [1500]
Subsystems
🐞 Fixed [6594]
🐞 Invalid [16873]
Missing Backports [206]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in _copy_to_iter / _copy_to_iter

Status: moderation: reported on 2025/09/21 03:13
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+c42bdcc6f021f53ce265@syzkaller.appspotmail.com
First crash: 19h39m, last: 19h39m

Sample crash report:
==================================================================
BUG: KCSAN: data-race in _copy_to_iter / _copy_to_iter

write to 0xffff88811d09e000 of 1024 bytes by task 51 on cpu 1:
 memcpy_to_iter lib/iov_iter.c:65 [inline]
 iterate_bvec include/linux/iov_iter.h:123 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:306 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0x602/0xe70 lib/iov_iter.c:185
 copy_page_to_iter+0x18f/0x2d0 lib/iov_iter.c:362
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 shmem_file_read_iter+0x2d6/0x540 mm/shmem.c:3476
 lo_rw_aio+0x69d/0x760 drivers/block/loop.c:-1
 do_req_filebacked drivers/block/loop.c:-1 [inline]
 loop_handle_cmd drivers/block/loop.c:1919 [inline]
 loop_process_work+0x52d/0xa60 drivers/block/loop.c:1954
 loop_workfn+0x31/0x40 drivers/block/loop.c:1978
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88811d09e000 of 512 bytes by task 3534 on cpu 0:
 instrument_copy_to_user include/linux/instrumented.h:113 [inline]
 copy_to_user_iter lib/iov_iter.c:24 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0x130/0xe70 lib/iov_iter.c:185
 copy_page_to_iter+0x18f/0x2d0 lib/iov_iter.c:362
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 filemap_read+0x407/0xa00 mm/filemap.c:2763
 blkdev_read_iter+0x22d/0x2e0 block/fops.c:852
 new_sync_read fs/read_write.c:491 [inline]
 vfs_read+0x64c/0x770 fs/read_write.c:572
 ksys_read+0xda/0x1a0 fs/read_write.c:715
 __do_sys_read fs/read_write.c:724 [inline]
 __se_sys_read fs/read_write.c:722 [inline]
 __x64_sys_read+0x40/0x50 fs/read_write.c:722
 x64_sys_call+0x27bc/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3534 Comm: udevd Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/21 03:13 upstream 3b08f56fbbb9 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
* Struck through repros no longer work on HEAD.