syzbot

 sign-in | mailing list | source | docs
🐞 Open [971] 🐞 Fixed [3881] 🐞 Invalid [8367] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in free_pid / zap_pid_ns_processes (4)

Status: auto-closed as invalid on 2021/07/19 14:02
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 399d, last: 386d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes (2) 2 519d 533d 0/22 auto-closed as invalid on 2021/03/08 05:19
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes (3) 2 446d 462d 0/22 auto-closed as invalid on 2021/05/20 16:55
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes 12 878d 983d 0/22 auto-closed as invalid on 2020/04/18 12:14

Sample crash report:
==================================================================
BUG: KCSAN: data-race in free_pid / zap_pid_ns_processes

write to 0xffff888127af70b0 of 4 bytes by task 1786 on cpu 0:
 free_pid+0x79/0x190 kernel/pid.c:136
 __change_pid kernel/pid.c:353 [inline]
 detach_pid+0x147/0x160 kernel/pid.c:358
 __unhash_process kernel/exit.c:77 [inline]
 __exit_signal kernel/exit.c:148 [inline]
 release_task+0x6f0/0xbe0 kernel/exit.c:200
 wait_task_zombie kernel/exit.c:1108 [inline]
 wait_consider_task+0x10ce/0x19e0 kernel/exit.c:1335
 do_wait_thread kernel/exit.c:1398 [inline]
 do_wait+0x1d1/0x6b0 kernel/exit.c:1515
 kernel_wait4+0x13c/0x1a0 kernel/exit.c:1678
 __do_sys_wait4 kernel/exit.c:1706 [inline]
 __se_sys_wait4 kernel/exit.c:1702 [inline]
 __x64_sys_wait4+0x7a/0x100 kernel/exit.c:1702
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff888127af70b0 of 4 bytes by task 12872 on cpu 1:
 zap_pid_ns_processes+0x2c9/0x370 kernel/pid_namespace.c:244
 find_child_reaper kernel/exit.c:543 [inline]
 forget_original_parent kernel/exit.c:632 [inline]
 exit_notify kernel/exit.c:669 [inline]
 do_exit+0x13f0/0x1560 kernel/exit.c:846
 do_group_exit+0xce/0x1a0 kernel/exit.c:923
 get_signal+0xfc3/0x1610 kernel/signal.c:2835
 arch_do_signal_or_restart+0x2a/0x220 arch/x86/kernel/signal.c:789
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x109/0x190 kernel/entry/common.c:209
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x56/0x90 arch/x86/entry/common.c:57
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00000002 -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 12872 Comm: syz-executor.4 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/06/14 13:57 upstream 009c9aa5be65 1ba81399 .config log report info KCSAN: data-race in free_pid / zap_pid_ns_processes
ci2-upstream-kcsan-gce 2021/06/01 11:54 upstream c2131f7e73c9 032639db .config log report info KCSAN: data-race in free_pid / zap_pid_ns_processes