syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1378]
Subsystems
🐞 Fixed [7041]
🐞 Invalid [18394]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in detach_pid / perf_event_switch_output (5)

Status: moderation: reported on 2026/04/01 09:03
Subsystems: perf
[Documentation on labels]
Reported-by: syzbot+f9f3a7d6c14160cbfbef@syzkaller.appspotmail.com
First crash: 3d01h, last: 3d01h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
407101cb-1c4d-4f25-894f-ec3679e99689 assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in detach_pid / perf_event_switch_output (5) 2026/04/01 09:03 2026/04/01 09:03 2026/04/01 09:28 fb8b2c26b05b4a51d0e03288ba6ec54a8231726d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in detach_pid / perf_event_switch_output perf 6 16 1652d 1803d 0/29 auto-closed as invalid on 2021/10/29 19:05
upstream KCSAN: data-race in detach_pid / perf_event_switch_output (4) perf 6 1 777d 777d 0/29 auto-obsoleted due to no activity on 2024/03/23 04:37
upstream KCSAN: data-race in detach_pid / perf_event_switch_output (2) perf 6 1 1567d 1567d 0/29 auto-closed as invalid on 2022/01/22 22:51
upstream KCSAN: data-race in detach_pid / perf_event_switch_output (3) perf 6 1 931d 931d 0/29 auto-obsoleted due to no activity on 2023/10/20 14:02

Sample crash report:
==================================================================
BUG: KCSAN: data-race in detach_pid / perf_event_switch_output

write to 0xffff88811a1d2798 of 8 bytes by task 5621 on cpu 1:
 __change_pid kernel/pid.c:405 [inline]
 detach_pid+0xf0/0x1a0 kernel/pid.c:417
 __unhash_process kernel/exit.c:141 [inline]
 __exit_signal kernel/exit.c:212 [inline]
 release_task+0x65b/0xb60 kernel/exit.c:265
 wait_task_zombie kernel/exit.c:1280 [inline]
 wait_consider_task+0x1160/0x1670 kernel/exit.c:1507
 do_wait_thread kernel/exit.c:1570 [inline]
 __do_wait+0xf9/0x510 kernel/exit.c:1688
 do_wait+0xb6/0x260 kernel/exit.c:1722
 kernel_wait4+0x19f/0x210 kernel/exit.c:1881
 __do_sys_wait4 kernel/exit.c:1909 [inline]
 __se_sys_wait4 kernel/exit.c:1905 [inline]
 __x64_sys_wait4+0x91/0x120 kernel/exit.c:1905
 x64_sys_call+0x2aee/0x3020 arch/x86/include/generated/asm/syscalls_64.h:62
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811a1d2798 of 8 bytes by task 3000 on cpu 0:
 pid_alive include/linux/pid.h:267 [inline]
 perf_event_pid_type kernel/events/core.c:1533 [inline]
 perf_event_pid kernel/events/core.c:1540 [inline]
 perf_event_switch_output+0x1a4/0x3a0 kernel/events/core.c:10029
 perf_iterate_sb_cpu kernel/events/core.c:8922 [inline]
 perf_iterate_sb+0x368/0x650 kernel/events/core.c:8951
 perf_event_switch kernel/events/core.c:10076 [inline]
 __perf_event_task_sched_in+0xa2c/0xad0 kernel/events/core.c:4322
 perf_event_task_sched_in include/linux/perf_event.h:1639 [inline]
 finish_task_switch+0x1f8/0x280 kernel/sched/core.c:5150
 context_switch kernel/sched/core.c:5301 [inline]
 __schedule+0x93c/0xd40 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0x5e/0xd0 kernel/sched/core.c:7008
 schedule_hrtimeout_range_clock+0xd5/0x1a0 kernel/time/sleep_timeout.c:216
 schedule_hrtimeout_range+0x28/0x40 kernel/time/sleep_timeout.c:263
 ep_poll fs/eventpoll.c:2028 [inline]
 do_epoll_wait+0x854/0x950 fs/eventpoll.c:2462
 __do_sys_epoll_wait fs/eventpoll.c:2470 [inline]
 __se_sys_epoll_wait fs/eventpoll.c:2465 [inline]
 __x64_sys_epoll_wait+0x15e/0x190 fs/eventpoll.c:2465
 x64_sys_call+0x273e/0x3020 arch/x86/include/generated/asm/syscalls_64.h:233
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff888103f1a0c0 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 3000 Comm: udevd Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/01 09:03 upstream dbf00d8d23b4 fb8b2c26 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in detach_pid / perf_event_switch_output
* Struck through repros no longer work on HEAD.