syzbot

 sign-in | mailing list | source | docs
🐞 Open [1518]
Subsystems
🐞 Fixed [6645]
🐞 Invalid [17028]
Missing Backports [214]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in fasync_remove_entry / kill_fasync (11)

Status: auto-obsoleted due to no activity on 2024/09/21 19:37
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+ef32ebc6b63bdc3d9e5c@syzkaller.appspotmail.com
First crash: 451d, last: 422d
Similar bugs (13)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (2) fs 6 1 1877d 1877d 0/29 auto-closed as invalid on 2020/09/27 12:17
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (10) fs 6 1 839d 839d 0/29 auto-obsoleted due to no activity on 2023/08/01 22:11
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (12) fs 6 1 338d 338d 0/29 auto-obsoleted due to no activity on 2025/01/04 10:04
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (4) fs 6 1 1608d 1608d 0/29 auto-closed as invalid on 2021/06/23 11:06
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (5) fs 6 2 1539d 1541d 0/29 auto-closed as invalid on 2021/08/31 22:21
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (9) fs 6 1 1058d 1058d 0/29 auto-obsoleted due to no activity on 2023/01/02 11:50
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (13) fs 6 1 272d 272d 0/29 auto-obsoleted due to no activity on 2025/03/11 12:00
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (3) fs 6 1 1760d 1760d 0/29 auto-closed as invalid on 2021/01/22 14:57
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (6) fs 6 1 1478d 1478d 0/29 auto-closed as invalid on 2021/10/31 16:09
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (7) fs 6 4 1399d 1438d 0/29 auto-closed as invalid on 2022/01/18 10:05
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (8) fs 6 3 1344d 1353d 0/29 auto-closed as invalid on 2022/03/14 14:59
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync fs 6 82 1931d 2089d 0/29 auto-closed as invalid on 2020/08/04 12:11
upstream KCSAN: data-race in fasync_remove_entry / kill_fasync (14) fs 6 2 45d 52d 0/29 moderation: reported on 2025/08/22 22:35

Sample crash report:
==================================================================
BUG: KCSAN: data-race in fasync_remove_entry / kill_fasync

write to 0xffff888115b7d470 of 8 bytes by task 5305 on cpu 0:
 fasync_remove_entry+0xd2/0x130 fs/fcntl.c:909
 fasync_helper+0x96/0xc0 fs/fcntl.c:1008
 perf_fasync+0x64/0x90 kernel/events/core.c:6706
 __fput+0x68e/0x6f0 fs/file_table.c:419
 ____fput+0x15/0x20 fs/file_table.c:450
 task_work_run+0x13a/0x1a0 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xbe/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888115b7d470 of 8 bytes by interrupt on cpu 1:
 kill_fasync+0x24/0x150 fs/fcntl.c:1047
 perf_event_wakeup kernel/events/core.c:6738 [inline]
 perf_pending_irq+0x1ed/0x260 kernel/events/core.c:6844
 irq_work_single kernel/irq_work.c:221 [inline]
 irq_work_run_list kernel/irq_work.c:252 [inline]
 irq_work_run+0xdf/0x2c0 kernel/irq_work.c:261
 __sysvec_irq_work+0x23/0x1a0 arch/x86/kernel/irq_work.c:22
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0x66/0x80 arch/x86/kernel/irq_work.c:17
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
 task_work_add+0x5/0x2e0 kernel/task_work.c:56
 fput+0xdc/0x180 fs/file_table.c:482
 fput_light include/linux/file.h:35 [inline]
 __sys_recvmsg+0x239/0x280 net/socket.c:2890
 __do_sys_recvmsg net/socket.c:2898 [inline]
 __se_sys_recvmsg net/socket.c:2895 [inline]
 __x64_sys_recvmsg+0x46/0x50 net/socket.c:2895
 x64_sys_call+0xb84/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:48
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff88810ed363c0 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5306 Comm: syz.2.557 Not tainted 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/17 19:36 upstream e5fa841af679 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in fasync_remove_entry / kill_fasync
2024/08/05 11:44 upstream de9c2c66ad8e e35c337f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in fasync_remove_entry / kill_fasync
2024/07/20 03:24 upstream 4305ca0087dd 890ce4f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in fasync_remove_entry / kill_fasync
* Struck through repros no longer work on HEAD.