syzbot

 sign-in | mailing list | source | docs
🐞 Open [1594]
Subsystems
🐞 Fixed [6264]
🐞 Invalid [15872]
Missing Backports [186]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in ep_poll_callback / ep_try_send_events

Status: moderation: reported on 2025/05/26 19:13
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+84b4d46b117e167639d5@syzkaller.appspotmail.com
First crash: 3d14h, last: 3d14h

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ep_poll_callback / ep_try_send_events

write to 0xffff888118890768 of 4 bytes by task 13014 on cpu 0:
 ep_send_events fs/eventpoll.c:1920 [inline]
 ep_try_send_events+0x4f2/0x710 fs/eventpoll.c:1993
 ep_poll fs/eventpoll.c:2058 [inline]
 do_epoll_wait+0x371/0x940 fs/eventpoll.c:2532
 do_epoll_pwait fs/eventpoll.c:2562 [inline]
 __do_sys_epoll_pwait fs/eventpoll.c:2575 [inline]
 __se_sys_epoll_pwait+0x157/0x270 fs/eventpoll.c:2569
 __x64_sys_epoll_pwait+0x78/0x90 fs/eventpoll.c:2569
 x64_sys_call+0x298e/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:282
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888118890768 of 4 bytes by task 13015 on cpu 1:
 ep_poll_callback+0x512/0x630 fs/eventpoll.c:1420
 __wake_up_common kernel/sched/wait.c:89 [inline]
 __wake_up_common_lock kernel/sched/wait.c:106 [inline]
 __wake_up+0x66/0xb0 kernel/sched/wait.c:127
 tty_wakeup+0xb1/0xc0 drivers/tty/tty_io.c:521
 tty_port_default_wakeup+0x7f/0xd0 drivers/tty/tty_port.c:69
 tty_port_tty_wakeup+0x35/0x50 drivers/tty/tty_port.c:435
 uart_flush_buffer+0x253/0x3b0 drivers/tty/serial/serial_core.c:688
 uart_hangup+0x97/0x270 drivers/tty/serial/serial_core.c:1874
 __tty_hangup+0x4ae/0x510 drivers/tty/tty_io.c:647
 tty_vhangup drivers/tty/tty_io.c:694 [inline]
 tty_ioctl+0x601/0xb80 drivers/tty/tty_io.c:2742
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xce/0x140 fs/ioctl.c:892
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:892
 x64_sys_call+0x19a8/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x40002018 -> 0x40000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 13015 Comm: syz.6.2407 Not tainted 6.15.0-syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/26 19:12 upstream 0ff41df1cb26 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ep_poll_callback / ep_try_send_events
* Struck through repros no longer work on HEAD.