syzbot

 sign-in | mailing list | source | docs
🐞 Open [1626]
Subsystems
🐞 Fixed [6271]
🐞 Invalid [15939]
Missing Backports [189]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in memcpy_and_pad / release_task

Status: moderation: reported on 2025/06/07 05:38
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+d06247460da822ececd6@syzkaller.appspotmail.com
First crash: 1d04h, last: 7h40m

Sample crash report:
==================================================================
BUG: KCSAN: data-race in memcpy_and_pad / release_task

write to 0xffff88810982a548 of 8 bytes by task 2010 on cpu 1:
 __list_del include/linux/list.h:195 [inline]
 __list_del_entry include/linux/list.h:218 [inline]
 list_del_rcu include/linux/rculist.h:168 [inline]
 __unhash_process kernel/exit.c:148 [inline]
 __exit_signal kernel/exit.c:211 [inline]
 release_task+0x6f9/0xb60 kernel/exit.c:266
 wait_task_zombie kernel/exit.c:1266 [inline]
 wait_consider_task+0x113f/0x1650 kernel/exit.c:1493
 do_wait_pid kernel/exit.c:1632 [inline]
 __do_wait+0x34a/0x510 kernel/exit.c:1667
 do_wait+0xb7/0x260 kernel/exit.c:1708
 kernel_wait+0x51/0xc0 kernel/exit.c:1884
 call_usermodehelper_exec_sync kernel/umh.c:136 [inline]
 call_usermodehelper_exec_work+0x9c/0x160 kernel/umh.c:163
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88810982a080 of 3200 bytes by task 8170 on cpu 0:
 memcpy_and_pad+0x48/0x80 lib/string_helpers.c:1007
 arch_dup_task_struct+0x2c/0x40 arch/x86/kernel/process.c:98
 dup_task_struct+0x83/0x6a0 kernel/fork.c:873
 copy_process+0x399/0x1fe0 kernel/fork.c:1999
 kernel_clone+0x16c/0x5b0 kernel/fork.c:2599
 __do_sys_clone3 kernel/fork.c:2903 [inline]
 __se_sys_clone3+0x1c2/0x200 kernel/fork.c:2882
 __x64_sys_clone3+0x31/0x40 kernel/fork.c:2882
 x64_sys_call+0x10c9/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:436
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 8170 Comm: syz.5.1423 Not tainted 6.15.0-syzkaller-13659-g5b032cac6225 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/08 02:28 upstream 5b032cac6225 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in memcpy_and_pad / release_task
2025/06/07 05:38 upstream c0c9379f235d 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in memcpy_and_pad / release_task
* Struck through repros no longer work on HEAD.