[moderation] [fs?] KCSAN: data-race in setattr_copy / vfs_write (4)
0 views
Skip to first unread message
syzbot
Sep 29, 2025, 12:42:23 PM (3 days ago) Sep 29
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e5f0a698b34e Linux 6.17
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=155bfae2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c7f65ba98bb01573
dashboard link: https://syzkaller.appspot.com/bug?extid=4fde77d66555ad4c1ef9
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [bra...@kernel.org ja...@suse.cz linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ba163e979014/disk-e5f0a698.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bdc84f9d05a1/vmlinux-e5f0a698.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3a8e9862c64c/bzImage-e5f0a698.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4fde77...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in setattr_copy / vfs_write
write to 0xffff888119ca4f08 of 2 bytes by task 7703 on cpu 1:
setattr_copy+0x199/0x4b0 fs/attr.c:352
shmem_setattr+0x566/0x840 mm/shmem.c:1375
notify_change+0x809/0x890 fs/attr.c:552
chmod_common+0x138/0x270 fs/open.c:650
do_fchmodat+0xcd/0x180 fs/open.c:697
__do_sys_chmod fs/open.c:721 [inline]
__se_sys_chmod fs/open.c:719 [inline]
__x64_sys_chmod+0x38/0x50 fs/open.c:719
x64_sys_call+0x291c/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:91
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff888119ca4f08 of 2 bytes by task 7698 on cpu 0:
file_end_write include/linux/fs.h:3126 [inline]
vfs_write+0x757/0x960 fs/read_write.c:694
ksys_write+0xda/0x1a0 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__x64_sys_write+0x40/0x50 fs/read_write.c:746
x64_sys_call+0x27fe/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x8000 -> 0x8120
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 7698 Comm: syz.3.956 Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: e5f0a698b34e Linux 6.17
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=155bfae2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c7f65ba98bb01573
dashboard link: https://syzkaller.appspot.com/bug?extid=4fde77d66555ad4c1ef9
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [bra...@kernel.org ja...@suse.cz linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ba163e979014/disk-e5f0a698.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bdc84f9d05a1/vmlinux-e5f0a698.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3a8e9862c64c/bzImage-e5f0a698.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4fde77...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in setattr_copy / vfs_write
write to 0xffff888119ca4f08 of 2 bytes by task 7703 on cpu 1:
setattr_copy+0x199/0x4b0 fs/attr.c:352
shmem_setattr+0x566/0x840 mm/shmem.c:1375
notify_change+0x809/0x890 fs/attr.c:552
chmod_common+0x138/0x270 fs/open.c:650
do_fchmodat+0xcd/0x180 fs/open.c:697
__do_sys_chmod fs/open.c:721 [inline]
__se_sys_chmod fs/open.c:719 [inline]
__x64_sys_chmod+0x38/0x50 fs/open.c:719
x64_sys_call+0x291c/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:91
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff888119ca4f08 of 2 bytes by task 7698 on cpu 0:
file_end_write include/linux/fs.h:3126 [inline]
vfs_write+0x757/0x960 fs/read_write.c:694
ksys_write+0xda/0x1a0 fs/read_write.c:738
__do_sys_write fs/read_write.c:749 [inline]
__se_sys_write fs/read_write.c:746 [inline]
__x64_sys_write+0x40/0x50 fs/read_write.c:746
x64_sys_call+0x27fe/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x8000 -> 0x8120
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 7698 Comm: syz.3.956 Tainted: G W syzkaller #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages