syzbot

 sign-in | mailing list | source | docs
🐞 Open [1483]
Subsystems
🐞 Fixed [6546]
🐞 Invalid [16750]
Missing Backports [202]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __tty_hangup / tty_hung_up_p (13)

Status: moderation: reported on 2025/09/05 11:41
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+0ddd606c3d58e5663ddd@syzkaller.appspotmail.com
First crash: 1d18h, last: 1d18h
Similar bugs (12)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (4) serial 6 3 1565d 1611d 0/29 auto-closed as invalid on 2021/06/30 05:54
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (10) serial 6 3 822d 868d 0/29 auto-obsoleted due to no activity on 2023/07/13 04:28
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (8) serial 6 1 1332d 1332d 0/29 auto-closed as invalid on 2022/02/17 20:31
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (9) serial 6 1 1165d 1165d 0/29 auto-closed as invalid on 2022/08/03 23:21
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (6) serial 6 1 1423d 1423d 0/29 auto-closed as invalid on 2021/11/19 04:32
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p serial 6 4 2086d 2105d 0/29 auto-closed as invalid on 2020/02/29 07:50
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (11) serial 6 2 519d 530d 0/29 auto-obsoleted due to no activity on 2024/05/10 06:45
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (3) serial 6 1 1675d 1675d 0/29 auto-closed as invalid on 2021/03/12 04:16
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (7) serial 6 1 1381d 1381d 0/29 auto-closed as invalid on 2021/12/30 10:24
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (12) serial 6 1 290d 290d 0/29 auto-obsoleted due to no activity on 2025/01/15 07:11
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (5) serial 6 1 1513d 1513d 0/29 auto-closed as invalid on 2021/08/21 03:58
upstream KCSAN: data-race in __tty_hangup / tty_hung_up_p (2) serial 6 1 1857d 1857d 0/29 auto-closed as invalid on 2020/09/11 06:18

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __tty_hangup / tty_hung_up_p

write to 0xffff888122eb6308 of 8 bytes by task 14256 on cpu 0:
 __tty_hangup+0x1ef/0x540 drivers/tty/tty_io.c:612
 tty_vhangup drivers/tty/tty_io.c:691 [inline]
 tty_ioctl+0x601/0xb80 drivers/tty/tty_io.c:2732
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:584
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:584
 x64_sys_call+0x1816/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888122eb6308 of 8 bytes by task 14251 on cpu 1:
 tty_hung_up_p+0x20/0x50 drivers/tty/tty_io.c:736
 n_tty_poll+0x393/0x450 drivers/tty/n_tty.c:2463
 tty_poll+0x79/0xf0 drivers/tty/tty_io.c:2199
 vfs_poll include/linux/poll.h:82 [inline]
 __io_arm_poll_handler+0x1ee/0xb70 io_uring/poll.c:581
 io_arm_apoll+0x3d2/0x4f0 io_uring/poll.c:691
 io_arm_poll_handler+0x131/0x160 io_uring/poll.c:720
 io_queue_async+0x25b/0x450 io_uring/io_uring.c:2004
 io_queue_sqe io_uring/io_uring.c:2032 [inline]
 io_submit_sqe io_uring/io_uring.c:2285 [inline]
 io_submit_sqes+0xa4d/0x1060 io_uring/io_uring.c:2398
 __do_sys_io_uring_enter io_uring/io_uring.c:3465 [inline]
 __se_sys_io_uring_enter+0x1c1/0x1b70 io_uring/io_uring.c:3399
 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3399
 x64_sys_call+0x2de1/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffffffff858a1f90 -> 0xffffffff858a1e80

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 14251 Comm: syz.4.3765 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/05 11:40 upstream d69eb204c255 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __tty_hangup / tty_hung_up_p
* Struck through repros no longer work on HEAD.