syzbot |
sign-in | mailing list | source | docs |
================================================================== BUG: KCSAN: data-race in free_mnt_ns / rb_erase write to 0xffff88811a218c58 of 8 bytes by task 26782 on cpu 0: __rb_erase_augmented include/linux/rbtree_augmented.h:317 [inline] rb_erase+0x267/0x680 lib/rbtree.c:443 ns_tree_node_del kernel/nstree.c:147 [inline] __ns_tree_remove+0x5e/0x220 kernel/nstree.c:244 mnt_ns_tree_remove fs/namespace.c:156 [inline] free_mnt_ns+0x8e/0xb0 fs/namespace.c:4053 namespace_unlock+0x393/0x4c0 fs/namespace.c:1707 class_namespace_excl_destructor fs/namespace.c:96 [inline] put_mnt_ns+0x101/0x140 fs/namespace.c:6039 nsproxy_free+0x20/0x3a0 kernel/nsproxy.c:65 deactivate_nsproxy kernel/nsproxy.c:79 [inline] put_nsproxy include/linux/nsproxy.h:110 [inline] switch_task_namespaces+0x9a/0xe0 kernel/nsproxy.c:252 exit_nsproxy_namespaces+0x17/0x20 kernel/nsproxy.c:257 do_exit+0x461/0x1590 kernel/exit.c:970 do_group_exit+0xfe/0x140 kernel/exit.c:1112 get_signal+0xe4f/0xf60 kernel/signal.c:3034 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x1d3/0x2a0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff88811a218c58 of 8 bytes by task 26777 on cpu 1: mnt_ns_tree_remove fs/namespace.c:155 [inline] free_mnt_ns+0x5f/0xb0 fs/namespace.c:4053 namespace_unlock+0x393/0x4c0 fs/namespace.c:1707 class_namespace_excl_destructor fs/namespace.c:96 [inline] put_mnt_ns+0x101/0x140 fs/namespace.c:6039 nsproxy_free+0x20/0x3a0 kernel/nsproxy.c:65 deactivate_nsproxy kernel/nsproxy.c:79 [inline] put_nsproxy include/linux/nsproxy.h:110 [inline] switch_task_namespaces+0x9a/0xe0 kernel/nsproxy.c:252 exit_nsproxy_namespaces+0x17/0x20 kernel/nsproxy.c:257 do_exit+0x461/0x1590 kernel/exit.c:970 do_group_exit+0xfe/0x140 kernel/exit.c:1112 get_signal+0xe4f/0xf60 kernel/signal.c:3034 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:75 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline] do_syscall_64+0x1d3/0x2a0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0xffff88811b0a7e58 -> 0xffff88811acf5a59 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 26777 Comm: syz.4.6991 Tainted: G W syzkaller #0 PREEMPT(voluntary) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/02/06 03:27 | upstream | 8fdb05de0e2d | f03c4191 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-kcsan-gce | KCSAN: data-race in free_mnt_ns / rb_erase |