syzbot

==================================================================
BUG: KCSAN: data-race in memcpy_and_pad / prepare_signal

read-write to 0xffff88811a392638 of 8 bytes by interrupt on cpu 1:
 task_clear_jobctl_pending kernel/signal.c:339 [inline]
 prepare_signal+0x21d/0x670 kernel/signal.c:901
 __send_signal_locked+0x30/0x760 kernel/signal.c:1053
 send_signal_locked+0x34e/0x3c0 kernel/signal.c:1216
 do_send_sig_info+0x9f/0xf0 kernel/signal.c:1269
 group_send_sig_info+0x6f/0x90 kernel/signal.c:1419
 do_bpf_send_signal+0x64/0xf0 kernel/trace/bpf_trace.c:814
 irq_work_single kernel/irq_work.c:221 [inline]
 irq_work_run_list kernel/irq_work.c:252 [inline]
 irq_work_run+0xe2/0x2d0 kernel/irq_work.c:261
 __sysvec_irq_work+0x22/0x170 arch/x86/kernel/irq_work.c:22
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0x66/0x80 arch/x86/kernel/irq_work.c:17
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
 __wrmsrq arch/x86/include/asm/msr.h:80 [inline]
 native_write_msr arch/x86/include/asm/msr.h:137 [inline]
 wrmsrq arch/x86/include/asm/msr.h:199 [inline]
 native_apic_msr_write+0x3d/0x60 arch/x86/include/asm/apic.h:212
 apic_write arch/x86/include/asm/apic.h:405 [inline]
 x2apic_send_IPI_self+0x10/0x20 arch/x86/kernel/apic/x2apic_phys.c:107
 __apic_send_IPI_self arch/x86/include/asm/apic.h:455 [inline]
 arch_irq_work_raise+0x46/0x50 arch/x86/kernel/irq_work.c:31
 irq_work_raise kernel/irq_work.c:84 [inline]
 __irq_work_queue_local+0x10f/0x2c0 kernel/irq_work.c:112
 irq_work_queue+0x70/0x100 kernel/irq_work.c:124
 bpf_send_signal_common+0x280/0x300 kernel/trace/bpf_trace.c:872
 ____bpf_send_signal kernel/trace/bpf_trace.c:881 [inline]
 bpf_send_signal+0x1d/0x30 kernel/trace/bpf_trace.c:879
 bpf_prog_631417f49dd64198+0x25/0x4c
 bpf_dispatcher_nop_func include/linux/bpf.h:1332 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2257 [inline]
 bpf_trace_run2+0x104/0x1c0 kernel/trace/bpf_trace.c:2298
 __traceiter_kfree+0x2e/0x50 include/trace/events/kmem.h:94
 __do_trace_kfree include/trace/events/kmem.h:94 [inline]
 trace_kfree include/trace/events/kmem.h:94 [inline]
 kfree+0x27b/0x320 mm/slub.c:4881
 ___sys_recvmsg+0x135/0x370 net/socket.c:2877
 do_recvmmsg+0x1ef/0x540 net/socket.c:2971
 __sys_recvmmsg net/socket.c:3045 [inline]
 __do_sys_recvmmsg net/socket.c:3068 [inline]
 __se_sys_recvmmsg net/socket.c:3061 [inline]
 __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3061
 x64_sys_call+0x27a6/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:300
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811a392100 of 3264 bytes by task 13765 on cpu 0:
 memcpy_and_pad+0x48/0x80 lib/string_helpers.c:1007
 arch_dup_task_struct+0x2c/0x40 arch/x86/kernel/process.c:98
 dup_task_struct+0x83/0x6a0 kernel/fork.c:877
 copy_process+0x399/0x2000 kernel/fork.c:2004
 kernel_clone+0x16c/0x5c0 kernel/fork.c:2605
 __do_sys_clone3 kernel/fork.c:2909 [inline]
 __se_sys_clone3+0x1c2/0x200 kernel/fork.c:2888
 __x64_sys_clone3+0x31/0x40 kernel/fork.c:2888
 x64_sys_call+0x1fc9/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:436
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13765 Comm: syz.0.2769 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================