syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1344]
Subsystems
🐞 Fixed [7090]
🐞 Invalid [18714]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in copy_mm / percpu_counter_destroy_many

Status: upstream: reported on 2025/05/12 06:36
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+8be9bf36c3cf574426c8@syzkaller.appspotmail.com
First crash: 369d, last: 17d
✨ AI Jobs (4)
ID Workflow Result Correct Bug Created Started Finished Revision Error
5887a3ab-842c-4015-8099-ae1515fdc912 assessment-security 💥 KCSAN: data-race in copy_mm / percpu_counter_destroy_many 2026/05/14 08:46 2026/05/14 08:46 2026/05/14 08:49 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/fada836d39ac2253f51960c6abf24deda2d95d2b" "-s" "bzImage" "compile_commands.json"]: exit status 2 /bin/sh: 1: printf: printf: I/O error make[5]: *** [/app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/scripts/Makefile.build:487: fs/nfs_common/modules.order] Error 1 make[5]: *** Deleting file 'fs/nfs_common/modules.order' make[5]: *** Waiting for unfinished jobs.... fatal error: error in backend: IO failure on output stream: No space left on device PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script. Stack dump: 0. Program arguments: /usr/bin/clang --target=x86_64-linux-gnu -fintegrated-as -Werror=unknown-warning-option -Werror=ignored-optimization-argument -Werror=option-ignored -Werror=unused-command-line-argument -fmacro-prefix-map=/app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/= -fshort-wchar -funsigned-char -fno-common -fno-PIE -fno-strict-aliasing -std=gnu11 -fms-extensions -Wno-gnu -Wno-microsoft-anon-tag -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -mno-sse4a -fcf-protection=branch -fno-jump-tables -m64 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mstack-alignment=8 -mskip-rax-setup -march=x86-64 -mtune=generic -mno-red-zone -mcmodel=kernel -mstack-protector-guard-reg=gs -mstack-protector-guard-symbol=__ref_stack_chk_guard -Wno-sign-compare -fno-asynchronous-unwind-tables -mretpoline-external-thunk -mindirect-branch-cs-prefix -mfunction-return=thunk-extern -fpatchable-function-entry=16,16 -fno-delete-null-pointer-checks -O2 -fstack-protector-strong -fomit-frame-pointer -ftrivial-auto-var-init=zero -fno-stack-clash-protection -falign-functions=16 -fstrict-flex-arrays=3 -fno-strict-overflow -fno-stack-check -fno-builtin-wcslen -Wall -Wextra -Wundef -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Werror=strict-prototypes -Wno-format-security -Wno-trigraphs -Wno-frame-address -Wno-address-of-packed-member -Wmissing-declarations -Wmissing-prototypes -Wframe-larger-than=2048 -Wno-format-overflow-non-kprintf -Wno-format-truncation-non-kprintf -Wno-default-const-init-unsafe -Wno-type-limits -Wno-pointer-sign -Wcast-function-type -Wno-unterminated-string-initialization -Wimplicit-fallthrough -Werror=date-time -Werror=incompatible-pointer-types -Wenum-conversion -Wunused -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-format-overflow -Wno-override-init -Wno-pointer-to-enum-cast -Wno-tautological-constant-out-of-range-compare -Wno-unaligned-access -Wno-enum-compare-conditional -Wno-missing-field-initializers -Wno-shift-negative-value -Wno-enum-enum-conversion -Wno-sign-compare -Wno-unused-parameter -g -gdwarf-4 -fsanitize-coverage=trace-pc -fsanitize-coverage=trace-cmp -fsanitize=thread -fno-optimize-sibling-calls -mllvm -tsan-compound-read-before-write=1 -mllvm -tsan-distinguish-volatile=1 -mllvm -tsan-instrument-func-entry-exit=0 -fdebug-info-for-profiling -mllvm -enable-fs-discriminator=true -mllvm -improved-fs-discriminator=true -fbasic-block-address-map -nostdinc -I/app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/arch/x86/include -I./arch/x86/include/generated -I/app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/include -I./include -I/app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I/app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/include/uapi -I./include/generated/uapi -include /app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/include/linux/compiler-version.h -include /app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/include/linux/kconfig.h -include /app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc/include/linux/compiler_types.h -D__KERNEL__ -I/app/workdir/cache/src/a580385dbb8ecf5336c33a3bd089ab5ead1252dc
1ca35b62-b099-44ea-8f9b-370d4c4078b5 repro KCSAN: data-race in copy_mm / percpu_counter_destroy_many 2026/03/06 08:12 2026/03/06 08:12 2026/03/06 08:20 31e9c887f7dc24e04b3ca70d0d54fc34141844b0
322946ee-da2c-4712-8ba4-57675d507ebb assessment-kcsan Benign: ❌ Confident: ✅ KCSAN: data-race in copy_mm / percpu_counter_destroy_many 2026/02/24 16:38 2026/02/24 16:38 2026/02/24 16:43 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
dac3f1b5-c9d4-4cd8-9583-8c2086aa554c assessment-kcsan 💥 KCSAN: data-race in copy_mm / percpu_counter_destroy_many 2026/01/09 14:44 2026/01/09 14:44 2026/01/09 14:44 9ee25c60da3366005e31dedd1574732f63338151 failed to load compile commands: open /usr/local/google/home/dvyukov/syzkaller/agent/workdir/cache/build/1c844b2d5eebe6f9620a23918d22adffff66b51d/compile_commands.json: no such file or directory
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [io-uring] KCSAN: data-race in copy_mm / percpu_counter_destroy_many 2 (3) 2025/05/12 17:08

Sample crash report:
==================================================================
BUG: KCSAN: data-race in copy_mm / percpu_counter_destroy_many

write to 0xffff888105225cd8 of 8 bytes by task 3303 on cpu 1:
 __list_del include/linux/list.h:203 [inline]
 __list_del_entry include/linux/list.h:226 [inline]
 list_del include/linux/list.h:237 [inline]
 percpu_counter_destroy_many+0xc7/0x2b0 lib/percpu_counter.c:244
 __mmdrop+0x25d/0x3f0 kernel/fork.c:737
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch+0x225/0x320 kernel/sched/core.c:5269
 context_switch kernel/sched/core.c:5390 [inline]
 __schedule+0x936/0xd20 kernel/sched/core.c:7188
 __schedule_loop kernel/sched/core.c:7267 [inline]
 schedule+0x5e/0xd0 kernel/sched/core.c:7282
 do_nanosleep+0x95/0x330 kernel/time/hrtimer.c:2293
 hrtimer_nanosleep+0xf4/0x290 kernel/time/hrtimer.c:2339
 common_nsleep+0x62/0x80 kernel/time/posix-timers.c:1345
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1391 [inline]
 __se_sys_clock_nanosleep+0x223/0x260 kernel/time/posix-timers.c:1368
 __x64_sys_clock_nanosleep+0x55/0x70 kernel/time/posix-timers.c:1368
 x64_sys_call+0x146e/0x3020 arch/x86/include/generated/asm/syscalls_64.h:231
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881052257c0 of 1664 bytes by task 5920 on cpu 0:
 dup_mm kernel/fork.c:1528 [inline]
 copy_mm+0xe1/0x370 kernel/fork.c:1586
 copy_process+0x1084/0x23a0 kernel/fork.c:2262
 kernel_clone+0x1a5/0x5e0 kernel/fork.c:2723
 __do_sys_clone kernel/fork.c:2864 [inline]
 __se_sys_clone kernel/fork.c:2848 [inline]
 __x64_sys_clone+0x143/0x180 kernel/fork.c:2848
 x64_sys_call+0x1222/0x3020 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5920 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================

Crashes (49):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/28 12:02 upstream 3b3bea6d4b9c ce741359 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/24 09:57 upstream 45dcf5e28813 9cfb3ca7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/22 04:40 upstream 4ee64205ffaa 0b6ab7ec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/14 00:31 upstream 26ff969926a0 1a086e7c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/13 20:51 upstream 26ff969926a0 9530ccf9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/12 16:36 upstream f5459048c38a 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/08 04:48 upstream 3036cd0d3328 2c961e87 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/05 02:37 upstream 7ca6d1cfec80 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/04/01 23:33 upstream 9147566d8016 0cb124d5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/03/30 12:56 upstream 7aaa8047eafd dcaebc52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/03/23 10:23 upstream c369299895a5 5b92003d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/03/20 18:21 upstream 0e4f8f1a3d08 ac6f1dff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/03/17 02:52 upstream 2d1373e4246d 0737c18f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/03/01 12:38 upstream eb71ab2bf722 43249bac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/24 09:24 upstream 7dff99b35460 41d2fa6a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/21 05:29 upstream a95f71ad3e2e 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/20 12:16 upstream 8bf22c33e7a1 17d780d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/17 10:41 upstream 970296997869 e439b951 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/14 16:14 upstream 770aaedb461a 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/13 14:09 upstream 37a93dd5c49b 6a673c50 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/07 06:26 upstream 2687c848e578 f20fc9f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/06 21:17 upstream b7ff7151e653 97745f52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/06 03:03 upstream 8fdb05de0e2d f03c4191 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/02/04 22:24 upstream 5fd0a1df5d05 ea10c935 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/30 06:21 upstream 4d310797262f bfa73b7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/27 08:55 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/25 03:09 upstream 5dbeeb268b63 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/22 18:33 upstream a66191c590b3 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/18 05:29 upstream d12453c7e281 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/09 05:28 upstream 79b95d74470d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2026/01/07 02:52 upstream f0b9d8eb98df d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/12/19 17:23 upstream dd9b004b7ff3 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/12/15 01:45 upstream 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/12/08 07:52 upstream ba65a4e7120a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/18 20:18 upstream f406055cb18c 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/07 17:45 upstream 971199ad2a0f 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/06 04:23 upstream 7a405dbb0f03 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/10/03 12:33 upstream e406d57be7bd 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/09/16 06:00 upstream 46a51f4f5eda e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/08/13 09:25 upstream 8742b2d8935f 22ec1469 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/31 23:56 upstream 260f6f4fda93 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/26 01:33 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/07/09 17:36 upstream 733923397fd9 f4e5e155 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/24 05:59 upstream 78f4e737a53e e2f27c35 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/20 16:34 upstream 75f5f23f8787 804b3919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/18 01:08 upstream 4663747812d1 e77fae15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/07 01:58 upstream c0c9379f235d 9fa58bba .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/06/06 06:43 upstream e271ed52b344 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
2025/05/11 09:17 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in copy_mm / percpu_counter_destroy_many
* Struck through repros no longer work on HEAD.