syzbot


KCSAN: data-race in __lookup_mnt / umount_tree (8)

Status: moderation: reported on 2024/07/04 15:13
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+e12a5cdf6763ceb240a6@syzkaller.appspotmail.com
First crash: 8d17h, last: 8d17h
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __lookup_mnt / umount_tree (4) fs 1 676d 676d 0/27 auto-obsoleted due to no activity on 2022/10/10 17:50
upstream KCSAN: data-race in __lookup_mnt / umount_tree (3) fs 1 830d 830d 0/27 auto-closed as invalid on 2022/05/09 13:18
upstream KCSAN: data-race in __lookup_mnt / umount_tree (2) fs 1 977d 977d 0/27 auto-closed as invalid on 2021/12/13 12:07
upstream KCSAN: data-race in __lookup_mnt / umount_tree fs 1 1149d 1149d 0/27 auto-closed as invalid on 2021/06/25 00:51
upstream KCSAN: data-race in __lookup_mnt / umount_tree (5) fs 1 311d 311d 0/27 auto-obsoleted due to no activity on 2023/10/10 19:57
upstream KCSAN: data-race in __lookup_mnt / umount_tree (7) fs 1 95d 95d 0/27 auto-obsoleted due to no activity on 2024/05/14 04:41
upstream KCSAN: data-race in __lookup_mnt / umount_tree (6) fs 3 233d 216d 0/27 auto-obsoleted due to no activity on 2023/12/27 23:51

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __lookup_mnt / umount_tree

write to 0xffff888104103218 of 8 bytes by task 4547 on cpu 1:
 unhash_mnt fs/namespace.c:892 [inline]
 umount_mnt fs/namespace.c:906 [inline]
 umount_tree+0x63f/0x910 fs/namespace.c:1673
 path_umount+0x98a/0xa10 fs/namespace.c:1896
 ksys_umount fs/namespace.c:1919 [inline]
 __do_sys_umount fs/namespace.c:1924 [inline]
 __se_sys_umount fs/namespace.c:1922 [inline]
 __x64_sys_umount+0xb9/0xe0 fs/namespace.c:1922
 x64_sys_call+0x3af/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:167
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888104103218 of 8 bytes by task 4548 on cpu 0:
 __lookup_mnt+0xa0/0xf0 fs/namespace.c:701
 __follow_mount_rcu fs/namei.c:1506 [inline]
 handle_mounts fs/namei.c:1536 [inline]
 step_into+0x434/0x810 fs/namei.c:1842
 walk_component fs/namei.c:2010 [inline]
 link_path_walk+0x49d/0x810 fs/namei.c:2331
 path_lookupat+0x72/0x2b0 fs/namei.c:2492
 filename_lookup+0x127/0x300 fs/namei.c:2522
 user_path_at_empty+0x42/0x120 fs/namei.c:2929
 user_path_at include/linux/namei.h:58 [inline]
 ksys_umount fs/namespace.c:1916 [inline]
 __do_sys_umount fs/namespace.c:1924 [inline]
 __se_sys_umount fs/namespace.c:1922 [inline]
 __x64_sys_umount+0x88/0xe0 fs/namespace.c:1922
 x64_sys_call+0x3af/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:167
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff888108806b40 -> 0xffff888108806d80

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 4548 Comm: syz.4.338 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/04 15:12 upstream 795c58e4c7fc 3f2748a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __lookup_mnt / umount_tree
* Struck through repros no longer work on HEAD.