On Thu, 4 Jul 2024 at 16:38, syzbot <syzbot+3195ed1f3a2ab8bea49a@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 22a40d14b572 Linux 6.10-rc6 > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10f94dae980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=5b9537cd00be479e > dashboard link: https://syzkaller.appspot.com/bug?extid=3195ed1f3a2ab8bea49a > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/ebe2f3933faf/disk-22a40d14.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/7227032da0fe/vmlinux-22a40d14.xz > kernel image: https://storage.googleapis.com/syzbot-assets/a330dc1e107b/bzImage-22a40d14.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+3195ed1f3a2ab8bea49a@xxxxxxxxxxxxxxxxxxxxxxxxx Double-checked locking in eventpoll_release_file() should prevent NULL derefs in eventpoll_release_file(), right? If so, it's probably benign-ish. > ================================================================== > BUG: KCSAN: data-race in __ep_remove / __fput > > write to 0xffff88810f2358d0 of 8 bytes by task 6036 on cpu 1: > __ep_remove+0x3c9/0x450 fs/eventpoll.c:826 > ep_remove_safe fs/eventpoll.c:864 [inline] > ep_clear_and_put+0x158/0x260 fs/eventpoll.c:900 > ep_eventpoll_release+0x32/0x50 fs/eventpoll.c:937 > __fput+0x2c2/0x660 fs/file_table.c:422 > ____fput+0x15/0x20 fs/file_table.c:450 > task_work_run+0x13a/0x1a0 kernel/task_work.c:180 > resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] > exit_to_user_mode_loop kernel/entry/common.c:114 [inline] > exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] > __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] > syscall_exit_to_user_mode+0xbe/0x130 kernel/entry/common.c:218 > do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > read to 0xffff88810f2358d0 of 8 bytes by task 6037 on cpu 0: > eventpoll_release include/linux/eventpoll.h:45 [inline] > __fput+0x234/0x660 fs/file_table.c:413 > ____fput+0x15/0x20 fs/file_table.c:450 > task_work_run+0x13a/0x1a0 kernel/task_work.c:180 > resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] > exit_to_user_mode_loop kernel/entry/common.c:114 [inline] > exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] > __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] > syscall_exit_to_user_mode+0xbe/0x130 kernel/entry/common.c:218 > do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > value changed: 0xffff888102f1e010 -> 0x0000000000000000 > > Reported by Kernel Concurrency Sanitizer on: > CPU: 0 PID: 6037 Comm: syz.0.1032 Not tainted 6.10.0-rc6-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 > ================================================================== > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@xxxxxxxxxxxxxxxx. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000fbb100061c6ce567%40google.com.