syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in io_file_get_flags / setattr_copy

Status: moderation: reported on 2025/04/18 16:26
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+2f48b74991237f4efa40@syzkaller.appspotmail.com
First crash: 28d, last: 11d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in io_file_get_flags / setattr_copy

write to 0xffff888118be2f00 of 2 bytes by task 25 on cpu 0:
 setattr_copy+0x199/0x4b0 fs/attr.c:352
 shmem_setattr+0x566/0x840 mm/shmem.c:1343
 notify_change+0x806/0x890 fs/attr.c:552
 handle_remove drivers/base/devtmpfs.c:345 [inline]
 handle drivers/base/devtmpfs.c:391 [inline]
 devtmpfs_work_loop+0x5b6/0x840 drivers/base/devtmpfs.c:404
 devtmpfsd+0x48/0x50 drivers/base/devtmpfs.c:446
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff888118be2f00 of 2 bytes by task 11079 on cpu 1:
 io_file_get_flags+0x25/0xc0 io_uring/io_uring.c:1654
 io_rw_init_file+0x9a/0x600 io_uring/rw.c:849
 io_write+0x135/0xd30 io_uring/rw.c:1123
 __io_issue_sqe io_uring/io_uring.c:1740 [inline]
 io_issue_sqe+0x15d/0xb70 io_uring/io_uring.c:1759
 io_queue_sqe io_uring/io_uring.c:1975 [inline]
 io_req_task_submit+0x6b/0xc0 io_uring/io_uring.c:1375
 io_handle_tw_list+0x18d/0x1c0 io_uring/io_uring.c:1062
 tctx_task_work_run+0x6d/0x1a0 io_uring/io_uring.c:1127
 tctx_task_work+0x3f/0x80 io_uring/io_uring.c:1145
 task_work_run+0x12e/0x1a0 kernel/task_work.c:227
 get_signal+0xe13/0xf70 kernel/signal.c:2807
 arch_do_signal_or_restart+0x97/0x480 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x68/0xb0 kernel/entry/common.c:218
 do_syscall_64+0xdd/0x1a0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x2180 -> 0x2000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 11079 Comm: syz.1.2911 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/05 20:28 upstream 01f95500a162 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in io_file_get_flags / setattr_copy
2025/04/18 16:25 upstream fc96b232f8e7 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in io_file_get_flags / setattr_copy
* Struck through repros no longer work on HEAD.