syzbot

 sign-in | mailing list | source | docs
🐞 Open [978] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12472] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in mq_clear_sbinfo / test_keyed_super (2)

Status: auto-closed as invalid on 2021/12/06 18:24
Subsystems: kernel
[Documentation on labels]
First crash: 899d, last: 899d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in mq_clear_sbinfo / test_keyed_super kernel 1 1091d 1088d 0/26 auto-closed as invalid on 2021/05/28 16:41
upstream KCSAN: data-race in mq_clear_sbinfo / test_keyed_super (3) kernel 2 791d 813d 0/26 auto-closed as invalid on 2022/03/24 15:37

Sample crash report:
==================================================================
BUG: KCSAN: data-race in mq_clear_sbinfo / test_keyed_super

write to 0xffff888140b17b70 of 8 bytes by task 23031 on cpu 1:
 mq_clear_sbinfo+0x35/0x50 ipc/mqueue.c:1698
 put_ipc_ns+0x28/0xb0 ipc/namespace.c:168
 free_nsproxy+0xb8/0x310 kernel/nsproxy.c:195
 put_nsproxy include/linux/nsproxy.h:105 [inline]
 switch_task_namespaces+0xa5/0xc0 kernel/nsproxy.c:249
 ksys_unshare+0x518/0x740 kernel/fork.c:3102
 __do_sys_unshare kernel/fork.c:3151 [inline]
 __se_sys_unshare kernel/fork.c:3149 [inline]
 __x64_sys_unshare+0x1b/0x20 kernel/fork.c:3149
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff888140b17b70 of 8 bytes by task 23029 on cpu 0:
 test_keyed_super+0x1a/0x40 fs/super.c:1078
 sget_fc+0xe8/0x4e0 fs/super.c:525
 vfs_get_super fs/super.c:1135 [inline]
 get_tree_keyed+0x3f/0x120 fs/super.c:1196
 mqueue_get_tree+0x32/0x40 ipc/mqueue.c:430
 vfs_get_tree+0x4a/0x1a0 fs/super.c:1498
 fc_mount+0x12/0x60 fs/namespace.c:994
 mq_create_mount ipc/mqueue.c:473 [inline]
 mq_init_ns+0x26d/0x310 ipc/mqueue.c:1689
 create_ipc_ns ipc/namespace.c:58 [inline]
 copy_ipcs+0x211/0x360 ipc/namespace.c:84
 create_new_namespaces+0x137/0x560 kernel/nsproxy.c:90
 unshare_nsproxy_namespaces+0xe2/0x120 kernel/nsproxy.c:226
 ksys_unshare+0x371/0x740 kernel/fork.c:3077
 __do_sys_unshare kernel/fork.c:3151 [inline]
 __se_sys_unshare kernel/fork.c:3149 [inline]
 __x64_sys_unshare+0x1b/0x20 kernel/fork.c:3149
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0xffff888105acc000 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 23029 Comm: syz-executor.1 Not tainted 5.15.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/11/01 18:22 upstream 8bb7eca972ad 098b5d53 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in mq_clear_sbinfo / test_keyed_super
* Struck through repros no longer work on HEAD.