KCSAN: data-race in free_pid / zap_pid_ns

KCSAN: data-race in free_pid / zap_pid_ns_processes (4)
Status: auto-closed as invalid on 2021/07/19 14:02
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 114d, last: 101d

similar bugs (3):
Kernel	Title	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in free_pid / zap_pid_ns_processes (2)	2	234d	248d	0/22	auto-closed as invalid on 2021/03/08 05:19
upstream	KCSAN: data-race in free_pid / zap_pid_ns_processes (3)	2	161d	177d	0/22	auto-closed as invalid on 2021/05/20 16:55
upstream	KCSAN: data-race in free_pid / zap_pid_ns_processes	12	593d	698d	0/22	auto-closed as invalid on 2020/04/18 12:14

Sample crash report:

==================================================================
BUG: KCSAN: data-race in free_pid / zap_pid_ns_processes

write to 0xffff888127af70b0 of 4 bytes by task 1786 on cpu 0:
 free_pid+0x79/0x190 kernel/pid.c:136
 __change_pid kernel/pid.c:353 [inline]
 detach_pid+0x147/0x160 kernel/pid.c:358
 __unhash_process kernel/exit.c:77 [inline]
 __exit_signal kernel/exit.c:148 [inline]
 release_task+0x6f0/0xbe0 kernel/exit.c:200
 wait_task_zombie kernel/exit.c:1108 [inline]
 wait_consider_task+0x10ce/0x19e0 kernel/exit.c:1335
 do_wait_thread kernel/exit.c:1398 [inline]
 do_wait+0x1d1/0x6b0 kernel/exit.c:1515
 kernel_wait4+0x13c/0x1a0 kernel/exit.c:1678
 __do_sys_wait4 kernel/exit.c:1706 [inline]
 __se_sys_wait4 kernel/exit.c:1702 [inline]
 __x64_sys_wait4+0x7a/0x100 kernel/exit.c:1702
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff888127af70b0 of 4 bytes by task 12872 on cpu 1:
 zap_pid_ns_processes+0x2c9/0x370 kernel/pid_namespace.c:244
 find_child_reaper kernel/exit.c:543 [inline]
 forget_original_parent kernel/exit.c:632 [inline]
 exit_notify kernel/exit.c:669 [inline]
 do_exit+0x13f0/0x1560 kernel/exit.c:846
 do_group_exit+0xce/0x1a0 kernel/exit.c:923
 get_signal+0xfc3/0x1610 kernel/signal.c:2835
 arch_do_signal_or_restart+0x2a/0x220 arch/x86/kernel/signal.c:789
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x109/0x190 kernel/entry/common.c:209
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x56/0x90 arch/x86/entry/common.c:57
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00000002 -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 12872 Comm: syz-executor.4 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-upstream-kcsan-gce	2021/06/14 13:57	upstream	009c9aa5be65	1ba81399	.config	log	report			info	KCSAN: data-race in free_pid / zap_pid_ns_processes
ci2-upstream-kcsan-gce	2021/06/01 11:54	upstream	c2131f7e73c9	032639db	.config	log	report			info	KCSAN: data-race in free_pid / zap_pid_ns_processes