[moderation] [kernfs?] KCSAN: data-race in kernfs_iop_permission / kernfs_iop_permission (9)
0 views
Skip to first unread message
syzbot
Oct 22, 2025, 8:44:35 PM (2 days ago) Oct 22
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: dd72c8fcf6d3 Merge tag 'platform-drivers-x86-v6.18-2' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13c53734580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68b6063e8fdfb838
dashboard link: https://syzkaller.appspot.com/bug?extid=aa6f6995d1fff4b3826f
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [gre...@linuxfoundation.org linux-...@vger.kernel.org t...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2067cef02ad5/disk-dd72c8fc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d8fecaabf99a/vmlinux-dd72c8fc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c330f30889e9/bzImage-dd72c8fc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+aa6f69...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in kernfs_iop_permission / kernfs_iop_permission
write to 0xffff8881006c2070 of 4 bytes by task 20072 on cpu 1:
inode_set_atime_to_ts include/linux/fs.h:1805 [inline]
set_inode_attr fs/kernfs/inode.c:163 [inline]
kernfs_refresh_inode fs/kernfs/inode.c:179 [inline]
kernfs_iop_permission+0x12b/0x220 fs/kernfs/inode.c:290
do_inode_permission fs/namei.c:526 [inline]
inode_permission+0x1ca/0x310 fs/namei.c:593
may_lookup fs/namei.c:1873 [inline]
link_path_walk+0x63c/0x900 fs/namei.c:2467
path_parentat fs/namei.c:2723 [inline]
__filename_parentat+0x15c/0x3f0 fs/namei.c:2747
filename_parentat fs/namei.c:2765 [inline]
do_unlinkat+0x99/0x480 fs/namei.c:4712
__do_sys_unlink fs/namei.c:4783 [inline]
__se_sys_unlink fs/namei.c:4781 [inline]
__x64_sys_unlink+0x2e/0x40 fs/namei.c:4781
x64_sys_call+0x2dcf/0x3000 arch/x86/include/generated/asm/syscalls_64.h:88
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
write to 0xffff8881006c2070 of 4 bytes by task 13947 on cpu 0:
inode_set_atime_to_ts include/linux/fs.h:1805 [inline]
set_inode_attr fs/kernfs/inode.c:163 [inline]
kernfs_refresh_inode fs/kernfs/inode.c:179 [inline]
kernfs_iop_permission+0x12b/0x220 fs/kernfs/inode.c:290
do_inode_permission fs/namei.c:526 [inline]
inode_permission+0x1ca/0x310 fs/namei.c:593
may_lookup fs/namei.c:1873 [inline]
link_path_walk+0x63c/0x900 fs/namei.c:2467
path_lookupat+0x63/0x2a0 fs/namei.c:2675
filename_lookup+0x147/0x340 fs/namei.c:2705
user_path_at+0x3e/0x130 fs/namei.c:3215
ksys_umount fs/namespace.c:2061 [inline]
__do_sys_umount fs/namespace.c:2069 [inline]
__se_sys_umount fs/namespace.c:2067 [inline]
__x64_sys_umount+0x85/0xe0 fs/namespace.c:2067
x64_sys_call+0xdd2/0x3000 arch/x86/include/generated/asm/syscalls_64.h:167
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x32f93ca6 -> 0x08a77da5
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13947 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: dd72c8fcf6d3 Merge tag 'platform-drivers-x86-v6.18-2' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13c53734580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68b6063e8fdfb838
dashboard link: https://syzkaller.appspot.com/bug?extid=aa6f6995d1fff4b3826f
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [gre...@linuxfoundation.org linux-...@vger.kernel.org t...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2067cef02ad5/disk-dd72c8fc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d8fecaabf99a/vmlinux-dd72c8fc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c330f30889e9/bzImage-dd72c8fc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+aa6f69...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in kernfs_iop_permission / kernfs_iop_permission
write to 0xffff8881006c2070 of 4 bytes by task 20072 on cpu 1:
inode_set_atime_to_ts include/linux/fs.h:1805 [inline]
set_inode_attr fs/kernfs/inode.c:163 [inline]
kernfs_refresh_inode fs/kernfs/inode.c:179 [inline]
kernfs_iop_permission+0x12b/0x220 fs/kernfs/inode.c:290
do_inode_permission fs/namei.c:526 [inline]
inode_permission+0x1ca/0x310 fs/namei.c:593
may_lookup fs/namei.c:1873 [inline]
link_path_walk+0x63c/0x900 fs/namei.c:2467
path_parentat fs/namei.c:2723 [inline]
__filename_parentat+0x15c/0x3f0 fs/namei.c:2747
filename_parentat fs/namei.c:2765 [inline]
do_unlinkat+0x99/0x480 fs/namei.c:4712
__do_sys_unlink fs/namei.c:4783 [inline]
__se_sys_unlink fs/namei.c:4781 [inline]
__x64_sys_unlink+0x2e/0x40 fs/namei.c:4781
x64_sys_call+0x2dcf/0x3000 arch/x86/include/generated/asm/syscalls_64.h:88
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
write to 0xffff8881006c2070 of 4 bytes by task 13947 on cpu 0:
inode_set_atime_to_ts include/linux/fs.h:1805 [inline]
set_inode_attr fs/kernfs/inode.c:163 [inline]
kernfs_refresh_inode fs/kernfs/inode.c:179 [inline]
kernfs_iop_permission+0x12b/0x220 fs/kernfs/inode.c:290
do_inode_permission fs/namei.c:526 [inline]
inode_permission+0x1ca/0x310 fs/namei.c:593
may_lookup fs/namei.c:1873 [inline]
link_path_walk+0x63c/0x900 fs/namei.c:2467
path_lookupat+0x63/0x2a0 fs/namei.c:2675
filename_lookup+0x147/0x340 fs/namei.c:2705
user_path_at+0x3e/0x130 fs/namei.c:3215
ksys_umount fs/namespace.c:2061 [inline]
__do_sys_umount fs/namespace.c:2069 [inline]
__se_sys_umount fs/namespace.c:2067 [inline]
__x64_sys_umount+0x85/0xe0 fs/namespace.c:2067
x64_sys_call+0xdd2/0x3000 arch/x86/include/generated/asm/syscalls_64.h:167
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x32f93ca6 -> 0x08a77da5
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 13947 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages