syzbot

 sign-in | mailing list | source | docs
🐞 Open [1665]
Subsystems
🐞 Fixed [5974]
🐞 Invalid [14662]
Missing Backports [127]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __ep_remove / __fput (5)

Status: fixed on 2024/12/16 09:50
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+3b6b32dc50537a49bb4a@syzkaller.appspotmail.com
Fix commit: 6474353a5e3d epoll: annotate racy check
First crash: 116d, last: 116d
Discussions (7)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 5.15 1/6] epoll: annotate racy check 1 (1) 2024/11/24 12:41
[PATCH AUTOSEL 6.1 1/7] epoll: annotate racy check 1 (1) 2024/11/24 12:41
[PATCH AUTOSEL 6.6 1/9] epoll: annotate racy check 1 (1) 2024/11/24 12:40
[PATCH AUTOSEL 6.11 04/16] epoll: annotate racy check 1 (1) 2024/11/24 12:39
[PATCH AUTOSEL 6.12 04/19] epoll: annotate racy check 1 (1) 2024/11/24 12:38
[PATCH] epoll: annotate racy check 3 (3) 2024/09/25 14:56
[syzbot] [fs?] KCSAN: data-race in __ep_remove / __fput (5) 0 (1) 2024/09/20 22:46
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __ep_remove / __fput (3) fs 1 341d 341d 0/28 auto-obsoleted due to no activity on 2024/03/14 21:07
upstream KCSAN: data-race in __ep_remove / __fput fs 1 569d 569d 0/28 auto-obsoleted due to no activity on 2023/07/30 19:06
upstream KCSAN: data-race in __ep_remove / __fput (2) fs 1 528d 528d 0/28 auto-obsoleted due to no activity on 2023/09/09 12:48
upstream KCSAN: data-race in __ep_remove / __fput (4) fs 1 197d 194d 0/28 auto-obsoleted due to no activity on 2024/08/05 15:52

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __ep_remove / __fput

write to 0xffff888117ce4690 of 8 bytes by task 3797 on cpu 1:
 __ep_remove+0x3c8/0x450 fs/eventpoll.c:826
 ep_remove_safe fs/eventpoll.c:864 [inline]
 ep_clear_and_put+0x158/0x260 fs/eventpoll.c:900
 ep_eventpoll_release+0x2c/0x40 fs/eventpoll.c:937
 __fput+0x17a/0x6d0 fs/file_table.c:431
 ____fput+0x1c/0x30 fs/file_table.c:459
 task_work_run+0x13a/0x1a0 kernel/task_work.c:228
 get_signal+0xf87/0x1100 kernel/signal.c:2690
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888117ce4690 of 8 bytes by task 3795 on cpu 0:
 eventpoll_release include/linux/eventpoll.h:45 [inline]
 __fput+0xee/0x6d0 fs/file_table.c:422
 ____fput+0x1c/0x30 fs/file_table.c:459
 task_work_run+0x13a/0x1a0 kernel/task_work.c:228
 get_signal+0xf87/0x1100 kernel/signal.c:2690
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff888103209140 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3795 Comm: syz.3.142 Not tainted 6.11.0-syzkaller-07341-gbaeb9a7d8b60 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/20 15:42 upstream baeb9a7d8b60 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __ep_remove / __fput
* Struck through repros no longer work on HEAD.