syzbot

 sign-in | mailing list | source | docs
🐞 Open [1502]
Subsystems
🐞 Fixed [6532]
🐞 Invalid [16696]
Missing Backports [202]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in free_pid / zap_pid_ns_processes (4)

Status: auto-closed as invalid on 2021/07/19 14:02
Subsystems: kernel
[Documentation on labels]
First crash: 1553d, last: 1540d
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes (2) kernel 6 2 1673d 1687d 0/29 auto-closed as invalid on 2021/03/08 05:19
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes (6) kernel 6 7 352d 433d 0/29 auto-obsoleted due to no activity on 2024/10/19 00:02
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes (5) kernel 6 1 509d 509d 0/29 auto-obsoleted due to no activity on 2024/05/15 08:15
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes (3) kernel 6 2 1599d 1616d 0/29 auto-closed as invalid on 2021/05/20 16:55
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes (7) kernel 6 16 5d19h 176d 0/29 moderation: reported on 2025/03/08 17:45
upstream KCSAN: data-race in free_pid / zap_pid_ns_processes kernel 6 12 2032d 2137d 0/29 auto-closed as invalid on 2020/04/18 12:14

Sample crash report:
==================================================================
BUG: KCSAN: data-race in free_pid / zap_pid_ns_processes

write to 0xffff888127af70b0 of 4 bytes by task 1786 on cpu 0:
 free_pid+0x79/0x190 kernel/pid.c:136
 __change_pid kernel/pid.c:353 [inline]
 detach_pid+0x147/0x160 kernel/pid.c:358
 __unhash_process kernel/exit.c:77 [inline]
 __exit_signal kernel/exit.c:148 [inline]
 release_task+0x6f0/0xbe0 kernel/exit.c:200
 wait_task_zombie kernel/exit.c:1108 [inline]
 wait_consider_task+0x10ce/0x19e0 kernel/exit.c:1335
 do_wait_thread kernel/exit.c:1398 [inline]
 do_wait+0x1d1/0x6b0 kernel/exit.c:1515
 kernel_wait4+0x13c/0x1a0 kernel/exit.c:1678
 __do_sys_wait4 kernel/exit.c:1706 [inline]
 __se_sys_wait4 kernel/exit.c:1702 [inline]
 __x64_sys_wait4+0x7a/0x100 kernel/exit.c:1702
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff888127af70b0 of 4 bytes by task 12872 on cpu 1:
 zap_pid_ns_processes+0x2c9/0x370 kernel/pid_namespace.c:244
 find_child_reaper kernel/exit.c:543 [inline]
 forget_original_parent kernel/exit.c:632 [inline]
 exit_notify kernel/exit.c:669 [inline]
 do_exit+0x13f0/0x1560 kernel/exit.c:846
 do_group_exit+0xce/0x1a0 kernel/exit.c:923
 get_signal+0xfc3/0x1610 kernel/signal.c:2835
 arch_do_signal_or_restart+0x2a/0x220 arch/x86/kernel/signal.c:789
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x109/0x190 kernel/entry/common.c:209
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x56/0x90 arch/x86/entry/common.c:57
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00000002 -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 12872 Comm: syz-executor.4 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/06/14 13:57 upstream 009c9aa5be65 1ba81399 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in free_pid / zap_pid_ns_processes
2021/06/01 11:54 upstream c2131f7e73c9 032639db .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in free_pid / zap_pid_ns_processes
* Struck through repros no longer work on HEAD.