syzbot

 sign-in | mailing list | source | docs
🐞 Open [1425]
Subsystems
🐞 Fixed [6979]
🐞 Invalid [18191]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in _copy_to_iter / _copy_to_iter

Status: auto-obsoleted due to no activity on 2026/03/03 09:15
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+c42bdcc6f021f53ce265@syzkaller.appspotmail.com
First crash: 171d, last: 64d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
45709646-99f4-40ae-8972-97e694976a49 assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in _copy_to_iter / _copy_to_iter 2026/02/25 00:20 2026/02/25 00:20 2026/02/25 00:32 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
491e6122-d1cc-4556-a9cc-3f5d2bf0f517 assessment-kcsan 💥 KCSAN: data-race in _copy_to_iter / _copy_to_iter 2026/01/10 07:27 2026/01/10 07:27 2026/01/10 07:46 7519916073b761ced56a7b15fdeeb4674e8dc125 Error 429, Message: You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. * Quota exceeded for metric: generativelanguage.googleapis.com/generate_requests_per_model_per_day, limit: 0, Status: RESOURCE_EXHAUSTED, Details: [map[@type:type.googleapis.com/google.rpc.Help links:[map[description:Learn more about Gemini API quotas url:https://ai.google.dev/gemini-api/docs/rate-limits]]] map[@type:type.googleapis.com/google.rpc.QuotaFailure violations:[map[quotaId:GenerateRequestsPerDayPerProjectPerModel quotaMetric:generativelanguage.googleapis.com/generate_requests_per_model_per_day]]] map[@type:type.googleapis.com/google.rpc.DebugInfo detail:[ORIGINAL ERROR] generic::resource_exhausted: You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. * Quota exceeded for metric: generativelanguage.googleapis.com/generate_requests_per_model_per_day, limit: 0 [google.rpc.error_details_ext] { message: "You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. \n* Quota exceeded for metric: generativelanguage.googleapis.com/generate_requests_per_model_per_day, limit: 0" details { type_url: "type.googleapis.com/language_labs.genai.debug.GeminiApiDebugInfo" value: "RM\nK\nEgenerativelanguage.googleapis.com/generate_requests_per_model_per_day\030\000\"\000" } details { [type.googleapis.com/google.rpc.Help] { links { description: "Learn more about Gemini API quotas" url: "https://ai.google.dev/gemini-api/docs/rate-limits" } } } details { [type.googleapis.com/google.rpc.QuotaFailure] { violations { quota_metric: "generativelanguage.googleapis.com/generate_requests_per_model_per_day" quota_id: "GenerateRequestsPerDayPerProjectPerModel" } } } }]]

Sample crash report:
==================================================================
BUG: KCSAN: data-race in _copy_to_iter / _copy_to_iter

read to 0xffff888144851000 of 512 bytes by task 3546 on cpu 0:
 instrument_copy_to_user include/linux/instrumented.h:113 [inline]
 copy_to_user_iter lib/iov_iter.c:24 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0x130/0xe70 lib/iov_iter.c:197
 copy_page_to_iter+0x18f/0x2d0 lib/iov_iter.c:374
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 filemap_read+0x407/0xa00 mm/filemap.c:2851
 blkdev_read_iter+0x22d/0x2e0 block/fops.c:856
 new_sync_read fs/read_write.c:491 [inline]
 vfs_read+0x64c/0x770 fs/read_write.c:572
 ksys_read+0xda/0x1a0 fs/read_write.c:715
 __do_sys_read fs/read_write.c:724 [inline]
 __se_sys_read fs/read_write.c:722 [inline]
 __x64_sys_read+0x40/0x50 fs/read_write.c:722
 x64_sys_call+0x2889/0x3000 arch/x86/include/generated/asm/syscalls_64.h:1
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xca/0x2b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff888144851000 of 1024 bytes by task 31 on cpu 1:
 memcpy_to_iter lib/iov_iter.c:77 [inline]
 iterate_bvec include/linux/iov_iter.h:123 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:306 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0x602/0xe70 lib/iov_iter.c:197
 copy_page_to_iter+0x18f/0x2d0 lib/iov_iter.c:374
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 shmem_file_read_iter+0x2d6/0x540 mm/shmem.c:3438
 lo_rw_aio+0x673/0x720 drivers/block/loop.c:-1
 do_req_filebacked drivers/block/loop.c:-1 [inline]
 loop_handle_cmd drivers/block/loop.c:1926 [inline]
 loop_process_work+0x56d/0xaa0 drivers/block/loop.c:1961
 loop_workfn+0x31/0x40 drivers/block/loop.c:1985
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 31 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: loop3 loop_workfn
==================================================================

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/06 09:14 upstream 7f98ab9da046 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
2025/11/30 06:02 upstream 6bda50f4333f d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
2025/11/17 16:23 upstream 6a23ae0a96a6 ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
2025/11/14 10:58 upstream 6da43bbeb691 07e030de .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
2025/11/04 16:38 upstream c9cfc122f037 686bf657 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
2025/10/08 13:43 upstream 0d97f2067c16 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
2025/09/21 03:13 upstream 3b08f56fbbb9 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / _copy_to_iter
* Struck through repros no longer work on HEAD.