syzbot


KCSAN: data-race in __fput / __tty_hangup (4)

Status: upstream: reported on 2023/04/21 08:18
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+b7c3ba8cdc2f6cf83c21@syzkaller.appspotmail.com
Fix commit: tty: tty_io: fix race between tty_fops and hung_up_tty_fops
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-kvm-arm64 ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb]
First crash: 442d, last: 105d
Discussions (3)
Title Replies (including bot) Last reply
[fs] Are you OK with updating "struct file"->f_op value dynamically? 1 (1) 2024/05/12 13:45
[PATCH] tty: tty_io: remove hung_up_tty_fops 44 (44) 2024/05/04 22:17
[syzbot] [kernel?] KCSAN: data-race in __fput / __tty_hangup (4) 14 (15) 2023/04/25 22:09
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __fput / __tty_hangup (3) serial 2 695d 713d 0/28 auto-closed as invalid on 2022/08/23 04:41
upstream KCSAN: data-race in __fput / __tty_hangup (2) serial 1 751d 751d 0/28 auto-closed as invalid on 2022/06/29 01:31
upstream KCSAN: data-race in __fput / __tty_hangup serial 1 1417d 1417d 0/28 auto-closed as invalid on 2020/08/31 10:07

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __fput / __tty_hangup

write to 0xffff88814bf0d4b0 of 8 bytes by task 15288 on cpu 1:
 __tty_hangup+0x1e8/0x530 drivers/tty/tty_io.c:621
 tty_vhangup+0x17/0x20 drivers/tty/tty_io.c:700
 pty_close+0x262/0x280 drivers/tty/pty.c:79
 tty_release+0x204/0x930 drivers/tty/tty_io.c:1760
 __fput+0x299/0x630 fs/file_table.c:376
 ____fput+0x15/0x20 fs/file_table.c:404
 task_work_run+0x135/0x1a0 kernel/task_work.c:180
 get_signal+0xf04/0x10a0 kernel/signal.c:2669
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:105 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline]
 syscall_exit_to_user_mode+0x58/0x120 kernel/entry/common.c:212
 do_syscall_64+0xda/0x1d0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

read to 0xffff88814bf0d4b0 of 8 bytes by task 15290 on cpu 0:
 __fput+0x273/0x630 fs/file_table.c:375
 ____fput+0x15/0x20 fs/file_table.c:404
 task_work_run+0x135/0x1a0 kernel/task_work.c:180
 get_signal+0xf04/0x10a0 kernel/signal.c:2669
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:105 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline]
 syscall_exit_to_user_mode+0x58/0x120 kernel/entry/common.c:212
 do_syscall_64+0xda/0x1d0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

value changed: 0xffffffff850975f8 -> 0xffffffff85097490

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 15290 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00037-g805d849d7c3c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/02/29 15:32 upstream 805d849d7c3c 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
2023/08/07 04:39 upstream f0ab9f34e59e 4ffcc9ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
2023/03/29 08:37 upstream fcd476ea6a88 fc067f05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
* Struck through repros no longer work on HEAD.