syzbot

 sign-in | mailing list | source | docs
🞠Open [1592]
≡ Subsystems
🞠Fixed [6233]
🞠Invalid [15780]
⬇ Missing Backports [183]
≡ Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in _copy_from_iter / _copy_from_iter (5)

Status: moderation: reported on 2025/03/31 12:44
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+b598ec189233b099946c@syzkaller.appspotmail.com
First crash: 46d, last: 13h30m
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in _copy_from_iter / _copy_from_iter mm 8 666d 710d 0/28 auto-obsoleted due to no activity on 2023/08/24 22:03
upstream KCSAN: data-race in _copy_from_iter / _copy_from_iter (4) mm 7 113d 190d 0/28 auto-obsoleted due to no activity on 2025/03/20 10:28
upstream KCSAN: data-race in _copy_from_iter / _copy_from_iter (3) mm 12 269d 382d 0/28 auto-obsoleted due to no activity on 2024/09/24 07:08
upstream KCSAN: data-race in _copy_from_iter / _copy_from_iter (2) mm 18 443d 524d 0/28 auto-obsoleted due to no activity on 2024/04/04 01:00

Sample crash report:
loop0: detected capacity change from 0 to 128
vfat: Unknown parameter 'ÿÿ'
==================================================================
BUG: KCSAN: data-race in _copy_from_iter / _copy_from_iter

write to 0xffff888107369000 of 4096 bytes by task 3606 on cpu 1:
 instrument_copy_from_user_before include/linux/instrumented.h:130 [inline]
 copy_from_user_iter lib/iov_iter.c:54 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:300 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 __copy_from_iter lib/iov_iter.c:249 [inline]
 _copy_from_iter+0x130/0xdd0 lib/iov_iter.c:260
 copy_page_from_iter+0x15a/0x290 lib/iov_iter.c:422
 process_vm_rw_pages mm/process_vm_access.c:43 [inline]
 process_vm_rw_single_vec mm/process_vm_access.c:118 [inline]
 process_vm_rw_core mm/process_vm_access.c:216 [inline]
 process_vm_rw+0x659/0x950 mm/process_vm_access.c:284
 __do_sys_process_vm_writev mm/process_vm_access.c:304 [inline]
 __se_sys_process_vm_writev mm/process_vm_access.c:299 [inline]
 __x64_sys_process_vm_writev+0x78/0x90 mm/process_vm_access.c:299
 x64_sys_call+0xe80/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:312
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff888107369000 of 4096 bytes by task 3605 on cpu 0:
 instrument_copy_from_user_before include/linux/instrumented.h:130 [inline]
 copy_from_user_iter lib/iov_iter.c:54 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:300 [inline]
 iterate_and_advance include/linux/iov_iter.h:328 [inline]
 __copy_from_iter lib/iov_iter.c:249 [inline]
 _copy_from_iter+0x130/0xdd0 lib/iov_iter.c:260
 copy_page_from_iter+0x15a/0x290 lib/iov_iter.c:422
 process_vm_rw_pages mm/process_vm_access.c:43 [inline]
 process_vm_rw_single_vec mm/process_vm_access.c:118 [inline]
 process_vm_rw_core mm/process_vm_access.c:216 [inline]
 process_vm_rw+0x659/0x950 mm/process_vm_access.c:284
 __do_sys_process_vm_writev mm/process_vm_access.c:304 [inline]
 __se_sys_process_vm_writev mm/process_vm_access.c:299 [inline]
 __x64_sys_process_vm_writev+0x78/0x90 mm/process_vm_access.c:299
 x64_sys_call+0xe80/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:312
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3605 Comm: syz.0.47 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/16 17:34 upstream fee3e843b309 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
2025/05/13 02:33 upstream 82f2b0b97b36 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
2025/05/12 09:29 upstream cd802e7e5f1e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
2025/05/08 10:52 upstream d76bb1ebb558 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
2025/05/07 05:54 upstream 0d8d44db295c 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
2025/05/03 21:57 upstream 2a239ffbebb5 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
2025/04/23 15:17 upstream bc3372351d0c 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
2025/03/31 12:43 upstream 4e82c87058f4 d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_from_iter / _copy_from_iter
* Struck through repros no longer work on HEAD.