syzbot

 sign-in | mailing list | source | docs
🐞 Open [1643]
Subsystems
🐞 Fixed [5949]
🐞 Invalid [14552]
Missing Backports [116]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __lookup_mnt / attach_recursive_mnt

Status: moderation: reported on 2024/12/30 03:55
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+ed521050420ad9c8b0ac@syzkaller.appspotmail.com
First crash: 5d20h, last: 5d20h

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __lookup_mnt / attach_recursive_mnt

write to 0xffff888118555398 of 8 bytes by task 29882 on cpu 1:
 unhash_mnt fs/namespace.c:998 [inline]
 attach_recursive_mnt+0x81a/0xff0 fs/namespace.c:2500
 do_move_mount+0x478/0x550 fs/namespace.c:3346
 do_move_mount_old+0xa0/0xd0 fs/namespace.c:3378
 path_mount+0x536/0xb30 fs/namespace.c:3832
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x27c/0x2d0 fs/namespace.c:4034
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4034
 x64_sys_call+0x2c84/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888118555398 of 8 bytes by task 29883 on cpu 0:
 __lookup_mnt+0xa0/0xf0 fs/namespace.c:807
 __follow_mount_rcu fs/namei.c:1591 [inline]
 handle_mounts fs/namei.c:1621 [inline]
 step_into+0x434/0x840 fs/namei.c:1950
 walk_component+0x169/0x230 fs/namei.c:2118
 lookup_last fs/namei.c:2610 [inline]
 path_lookupat+0x10a/0x2b0 fs/namei.c:2634
 filename_lookup+0x150/0x340 fs/namei.c:2663
 kern_path+0x39/0x120 fs/namei.c:2771
 do_move_mount_old+0x5d/0xd0 fs/namespace.c:3374
 path_mount+0x536/0xb30 fs/namespace.c:3832
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x27c/0x2d0 fs/namespace.c:4034
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4034
 x64_sys_call+0x2c84/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffff888137c98b40 -> 0xffff888119c47cc0

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 29883 Comm: syz.8.7922 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/30 03:55 upstream 4099a71718b0 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __lookup_mnt / attach_recursive_mnt
* Struck through repros no longer work on HEAD.