On Wed, Mar 19, 2025 at 08:28:27PM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: a7f2e10ecd8f Merge tag 'hwmon-fixes-for-v6.14-rc8/6.14' of.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=166a383f980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=f33d372c4021745 > dashboard link: https://syzkaller.appspot.com/bug?extid=de8b27abd23eac60e15f > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/614aabc71b48/disk-a7f2e10e.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/d47dd90a010a/vmlinux-a7f2e10e.xz > kernel image: https://storage.googleapis.com/syzbot-assets/418d8cf8782b/bzImage-a7f2e10e.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+de8b27abd23eac60e15f@xxxxxxxxxxxxxxxxxxxxxxxxx > > ================================================================== > BUG: KCSAN: data-race in __lookup_mnt / __se_sys_pivot_root > > write to 0xffff888118782d98 of 8 bytes by task 20163 on cpu 0: > unhash_mnt fs/namespace.c:1030 [inline] > __do_sys_pivot_root fs/namespace.c:4456 [inline] > __se_sys_pivot_root+0x850/0x1090 fs/namespace.c:4388 > __x64_sys_pivot_root+0x31/0x40 fs/namespace.c:4388 > x64_sys_call+0x1abf/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:156 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > read to 0xffff888118782d98 of 8 bytes by task 20164 on cpu 1: > __lookup_mnt+0xa0/0xf0 fs/namespace.c:839 > __follow_mount_rcu fs/namei.c:1592 [inline] > handle_mounts fs/namei.c:1622 [inline] > step_into+0x426/0x820 fs/namei.c:1952 > walk_component fs/namei.c:2120 [inline] > link_path_walk+0x50e/0x830 fs/namei.c:2479 > path_lookupat+0x72/0x2b0 fs/namei.c:2635 > filename_lookup+0x150/0x340 fs/namei.c:2665 > user_path_at+0x3c/0x120 fs/namei.c:3072 > __do_sys_pivot_root fs/namespace.c:4404 [inline] > __se_sys_pivot_root+0x10e/0x1090 fs/namespace.c:4388 > __x64_sys_pivot_root+0x31/0x40 fs/namespace.c:4388 > x64_sys_call+0x1abf/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:156 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > value changed: 0xffff888106a31d80 -> 0xffff8881004dccc0 The race is perfectly benign. The change will be detected once the sequence counter will be read in __follow_mount_rcu() which will cause a drop-out of RCU into REF mode.
