syzbot

 sign-in | mailing list | source | docs
🐞 Open [1285] Subsystems 🐞 Fixed [5450] 🐞 Invalid [12908] Missing Backports [110] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

KCSAN: data-race in d_delete / lookup_fast (7)

Status: moderation: reported on 2024/07/01 17:10
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+70c2f73d091a888a745b@syzkaller.appspotmail.com
First crash: 2d20h, last: 4h39m
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in d_delete / lookup_fast (6) fs 288 85d 210d 0/27 auto-obsoleted due to no activity on 2024/05/14 15:32
upstream KCSAN: data-race in d_delete / lookup_fast (5) fs 3 1044d 1057d 0/27 auto-closed as invalid on 2021/09/28 20:03
upstream KCSAN: data-race in d_delete / lookup_fast (2) fs 2 1334d 1305d 0/27 auto-closed as invalid on 2020/12/21 11:52
upstream KCSAN: data-race in d_delete / lookup_fast (4) fs 12 1099d 1175d 0/27 auto-closed as invalid on 2021/08/05 10:35
upstream KCSAN: data-race in d_delete / lookup_fast fs 33 1618d 1714d 0/27 auto-closed as invalid on 2020/04/08 11:57
upstream KCSAN: data-race in d_delete / lookup_fast (3) fs 1 1256d 1256d 0/27 auto-closed as invalid on 2021/02/28 15:17

Sample crash report:
==================================================================
BUG: KCSAN: data-race in d_delete / lookup_fast

read-write to 0xffff888112132900 of 4 bytes by task 3073 on cpu 0:
 d_delete+0x6c/0xf0 fs/dcache.c:2388
 d_delete_notify+0x34/0x100 include/linux/fsnotify.h:330
 vfs_unlink+0x320/0x430 fs/namei.c:4364
 do_unlinkat+0x236/0x4c0 fs/namei.c:4413
 __do_sys_unlink fs/namei.c:4461 [inline]
 __se_sys_unlink fs/namei.c:4459 [inline]
 __x64_sys_unlink+0x30/0x40 fs/namei.c:4459
 x64_sys_call+0x28a3/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:88
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888112132900 of 4 bytes by task 2785 on cpu 1:
 d_revalidate fs/namei.c:860 [inline]
 lookup_fast+0xd9/0x2a0 fs/namei.c:1641
 walk_component+0x3f/0x230 fs/namei.c:2000
 lookup_last fs/namei.c:2469 [inline]
 path_lookupat+0x10a/0x2b0 fs/namei.c:2493
 filename_lookup+0x127/0x300 fs/namei.c:2522
 user_path_at_empty+0x42/0x120 fs/namei.c:2929
 do_readlinkat+0x92/0x210 fs/stat.c:499
 __do_sys_readlink fs/stat.c:532 [inline]
 __se_sys_readlink fs/stat.c:529 [inline]
 __x64_sys_readlink+0x47/0x60 fs/stat.c:529
 x64_sys_call+0x264b/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:90
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00600108 -> 0x00008008

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 2785 Comm: udevd Tainted: G        W          6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/04 08:47 upstream 795c58e4c7fc 3f2748a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in d_delete / lookup_fast
2024/07/03 19:21 upstream 8a9c6c40432e f76a75f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in d_delete / lookup_fast
2024/07/01 17:09 upstream 22a40d14b572 b294e901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in d_delete / lookup_fast
* Struck through repros no longer work on HEAD.