syzbot


KCSAN: data-race in __fput / __tty_hangup (4)

Status: upstream: reported on 2023/04/21 08:18
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+b7c3ba8cdc2f6cf83c21@syzkaller.appspotmail.com
Fix commit: tty: tty_io: fix race between tty_fops and hung_up_tty_fops
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 562d, last: 7d16h
Discussions (4)
Title Replies (including bot) Last reply
[PATCH] tty: tty_io: fix race between tty_fops and hung_up_tty_fops 3 (3) 2024/07/22 16:10
[fs] Are you OK with updating "struct file"->f_op value dynamically? 1 (1) 2024/05/12 13:45
[PATCH] tty: tty_io: remove hung_up_tty_fops 44 (44) 2024/05/04 22:17
[syzbot] [kernel?] KCSAN: data-race in __fput / __tty_hangup (4) 14 (15) 2023/04/25 22:09
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __fput / __tty_hangup (3) serial 2 815d 833d 0/28 auto-closed as invalid on 2022/08/23 04:41
upstream KCSAN: data-race in __fput / __tty_hangup (2) serial 1 870d 870d 0/28 auto-closed as invalid on 2022/06/29 01:31
upstream KCSAN: data-race in __fput / __tty_hangup serial 1 1537d 1537d 0/28 auto-closed as invalid on 2020/08/31 10:07

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __fput / __tty_hangup

write to 0xffff8881132a6d90 of 8 bytes by task 5396 on cpu 1:
 __tty_hangup+0x1d6/0x530 drivers/tty/tty_io.c:615
 tty_vhangup+0x17/0x20 drivers/tty/tty_io.c:694
 pty_close+0x262/0x280 drivers/tty/pty.c:79
 tty_release+0x206/0x930 drivers/tty/tty_io.c:1754
 __fput+0x17a/0x6d0 fs/file_table.c:431
 ____fput+0x1c/0x30 fs/file_table.c:459
 task_work_run+0x13a/0x1a0 kernel/task_work.c:228
 get_signal+0xee9/0x1070 kernel/signal.c:2690
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881132a6d90 of 8 bytes by task 5400 on cpu 0:
 __fput+0x14e/0x6d0 fs/file_table.c:430
 ____fput+0x1c/0x30 fs/file_table.c:459
 task_work_run+0x13a/0x1a0 kernel/task_work.c:228
 get_signal+0xee9/0x1070 kernel/signal.c:2690
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0xffffffff8569ce58 -> 0xffffffff8569ccf0

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5400 Comm: syz.0.10025 Tainted: G        W          6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
==================================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/04 01:16 upstream 7ec462100ef9 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
2024/08/09 16:39 upstream ee9a43b7cfe2 a83d9288 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
2024/06/15 14:19 upstream 44ef20baed8e f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
2024/02/29 15:32 upstream 805d849d7c3c 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
2023/08/07 04:39 upstream f0ab9f34e59e 4ffcc9ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
2023/03/29 08:37 upstream fcd476ea6a88 fc067f05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __fput / __tty_hangup
* Struck through repros no longer work on HEAD.