syzbot

 sign-in | mailing list | source | docs
🐞 Open [1487]
Subsystems
🐞 Fixed [6563]
🐞 Invalid [16798]
Missing Backports [203]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in audit_log_start / audit_receive (3)

Status: moderation: reported on 2025/07/13 12:27
Subsystems: audit
[Documentation on labels]
Reported-by: syzbot+6d907adde6b34c3139e0@syzkaller.appspotmail.com
First crash: 60d, last: 8d09h
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in audit_log_start / audit_receive (2) audit 6 8 118d 318d 0/29 auto-obsoleted due to no activity on 2025/07/12 01:35
upstream KCSAN: data-race in audit_log_start / audit_receive kernel 6 1 1375d 1375d 0/29 auto-closed as invalid on 2022/01/10 10:36

Sample crash report:
==================================================================
BUG: KCSAN: data-race in audit_log_start / audit_receive

write to 0xffffffff88e5e470 of 8 bytes by task 10374 on cpu 1:
 audit_ctl_lock kernel/audit.c:235 [inline]
 audit_receive+0x78/0x2180 kernel/audit.c:1569
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x142/0x180 net/socket.c:729
 sock_sendmsg+0xc1/0x130 net/socket.c:752
 splice_to_socket+0x5fe/0x9a0 fs/splice.c:886
 do_splice_from fs/splice.c:938 [inline]
 direct_splice_actor+0x156/0x2a0 fs/splice.c:1161
 splice_direct_to_actor+0x312/0x680 fs/splice.c:1105
 do_splice_direct_actor fs/splice.c:1204 [inline]
 do_splice_direct+0xda/0x150 fs/splice.c:1230
 do_sendfile+0x380/0x650 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1431 [inline]
 __se_sys_sendfile64 fs/read_write.c:1417 [inline]
 __x64_sys_sendfile64+0x105/0x150 fs/read_write.c:1417
 x64_sys_call+0x2bb0/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:41
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e5e470 of 8 bytes by task 3035 on cpu 0:
 audit_ctl_owner_current kernel/audit.c:256 [inline]
 audit_log_start+0x129/0x6c0 kernel/audit.c:1881
 common_lsm_audit+0x66/0x230 security/lsm_audit.c:442
 slow_avc_audit+0x104/0x140 security/selinux/avc.c:779
 avc_audit security/selinux/include/avc.h:131 [inline]
 avc_has_perm+0x13a/0x180 security/selinux/avc.c:1198
 sock_has_perm security/selinux/hooks.c:4789 [inline]
 selinux_socket_recvmsg+0x175/0x1b0 security/selinux/hooks.c:5136
 security_socket_recvmsg+0x50/0x90 security/security.c:4721
 sock_recvmsg+0x38/0x170 net/socket.c:1085
 ____sys_recvmsg+0xf5/0x280 net/socket.c:2834
 ___sys_recvmsg+0x11f/0x370 net/socket.c:2876
 __sys_recvmsg net/socket.c:2909 [inline]
 __do_sys_recvmsg net/socket.c:2915 [inline]
 __se_sys_recvmsg net/socket.c:2912 [inline]
 __x64_sys_recvmsg+0xd1/0x160 net/socket.c:2912
 x64_sys_call+0x2b42/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:48
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000000 -> 0xffff888109a8e300

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3035 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================
audit: audit_backlog=65 > audit_backlog_limit=64
audit: audit_lost=676 audit_rate_limit=0 audit_backlog_limit=64
audit: backlog limit exceeded
audit: audit_backlog=65 > audit_backlog_limit=64
audit: audit_lost=677 audit_rate_limit=0 audit_backlog_limit=64
audit: audit_backlog=65 > audit_backlog_limit=64
audit: audit_lost=3704 audit_rate_limit=0 audit_backlog_limit=64
audit: backlog limit exceeded
audit: audit_backlog=65 > audit_backlog_limit=64

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/04 00:34 upstream ec299e4dc21e 96a211bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in audit_log_start / audit_receive
2025/08/25 06:05 upstream 69fd6b99b8f8 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in audit_log_start / audit_receive
2025/08/11 20:04 upstream 8f5ae30d69d7 c06e8995 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in audit_log_start / audit_receive
2025/08/08 23:22 upstream 37816488247d 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in audit_log_start / audit_receive
2025/07/18 13:31 upstream 6832a9317eee 88248e14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in audit_log_start / audit_receive
2025/07/15 14:59 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in audit_log_start / audit_receive
2025/07/13 12:26 upstream 3f31a806a62e 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in audit_log_start / audit_receive
* Struck through repros no longer work on HEAD.