syzbot


KCSAN: data-race in fsnotify / fsnotify_detach_mark (5)

Status: auto-closed as invalid on 2020/12/28 12:08
Reported-by: syzbot+25e6de767b2f25a71e64@syzkaller.appspotmail.com
First crash: 698d, last: 683d
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in fsnotify / fsnotify_detach_mark (4) 1 739d 739d 0/24 auto-closed as invalid on 2020/11/02 17:43
upstream KCSAN: data-race in fsnotify / fsnotify_detach_mark (8) 1 286d 286d 0/24 auto-closed as invalid on 2022/01/29 00:14
upstream KCSAN: data-race in fsnotify / fsnotify_detach_mark 6 896d 1042d 0/24 auto-closed as invalid on 2020/06/18 13:43
upstream KCSAN: data-race in fsnotify / fsnotify_detach_mark (7) 1 367d 367d 0/24 auto-closed as invalid on 2021/11/09 20:25
upstream KCSAN: data-race in fsnotify / fsnotify_detach_mark (6) 1 641d 641d 0/24 auto-closed as invalid on 2021/02/08 06:39
upstream KCSAN: data-race in fsnotify / fsnotify_detach_mark (2) 1 833d 833d 0/24 auto-closed as invalid on 2020/07/31 05:33
upstream KCSAN: data-race in fsnotify / fsnotify_detach_mark (3) 1 783d 783d 0/24 auto-closed as invalid on 2020/09/19 20:21

Sample crash report:
==================================================================
BUG: KCSAN: data-race in fsnotify / fsnotify_detach_mark

write to 0xffff88810a82c9d4 of 4 bytes by task 1612 on cpu 0:
 fsnotify_detach_mark+0x80/0x120 fs/notify/mark.c:390
 fsnotify_clear_marks_by_group+0x29b/0x3e0 fs/notify/mark.c:761
 fsnotify_destroy_group+0x51/0x170 fs/notify/group.c:61
 fanotify_release+0x2c5/0x2e0 fs/notify/fanotify/fanotify_user.c:623
 __fput+0x243/0x4d0 fs/file_table.c:281
 ____fput+0x11/0x20 fs/file_table.c:314
 task_work_run+0x8e/0x110 kernel/task_work.c:151
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:164 [inline]
 exit_to_user_mode_prepare+0x13c/0x170 kernel/entry/common.c:191
 syscall_exit_to_user_mode+0x16/0x30 kernel/entry/common.c:266
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88810a82c9d4 of 4 bytes by task 8445 on cpu 1:
 send_to_group fs/notify/fsnotify.c:299 [inline]
 fsnotify+0x803/0xe70 fs/notify/fsnotify.c:506
 fsnotify_parent include/linux/fsnotify.h:71 [inline]
 fsnotify_file include/linux/fsnotify.h:90 [inline]
 fsnotify_modify include/linux/fsnotify.h:255 [inline]
 vfs_write+0x451/0x7c0 fs/read_write.c:609
 ksys_write+0xce/0x180 fs/read_write.c:658
 __do_sys_write fs/read_write.c:670 [inline]
 __se_sys_write fs/read_write.c:667 [inline]
 __x64_sys_write+0x3e/0x50 fs/read_write.c:667
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 8445 Comm: syz-fuzzer Not tainted 5.10.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2020/11/23 12:07 upstream 418baf2c28f3 0d27f508 .config log report info
ci2-upstream-kcsan-gce 2020/11/08 21:51 upstream 9dbc1c03eeb5 cba33199 .config log report info
* Struck through repros no longer work on HEAD.