syzbot

 sign-in | mailing list | source | docs
🐞 Open [1489]
Subsystems
🐞 Fixed [6609]
🐞 Invalid [16911]
Missing Backports [208]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in cleanup_glue_dir / kernfs_unlink_sibling

Status: moderation: reported on 2025/09/25 05:47
Subsystems: kernfs
[Documentation on labels]
Reported-by: syzbot+dc219afe3f428b005692@syzkaller.appspotmail.com
First crash: 1d15h, last: 1d15h

Sample crash report:
smc: removing ib device !yz!
==================================================================
BUG: KCSAN: data-race in cleanup_glue_dir / kernfs_unlink_sibling

read-write to 0xffff8881184081d8 of 8 bytes by task 51 on cpu 1:
 kernfs_unlink_sibling+0xbb/0x160 fs/kernfs/dir.c:426
 __kernfs_remove+0x1c7/0x2e0 fs/kernfs/dir.c:1514
 kernfs_remove+0x58/0x70 fs/kernfs/dir.c:1550
 sysfs_remove_dir+0x7d/0xa0 fs/sysfs/dir.c:101
 __kobject_del+0x97/0x190 lib/kobject.c:604
 kobject_del+0x2e/0x50 lib/kobject.c:627
 device_del+0x725/0x790 drivers/base/core.c:3898
 cdev_device_del+0x1b/0x90 fs/char_dev.c:580
 ib_umad_kill_port+0xad/0x210 drivers/infiniband/core/user_mad.c:1355
 ib_umad_remove_one+0x10e/0x190 drivers/infiniband/core/user_mad.c:1443
 remove_client_context+0x9f/0x1a0 drivers/infiniband/core/device.c:812
 disable_device+0xca/0x260 drivers/infiniband/core/device.c:1318
 __ib_unregister_device+0x1fb/0x2d0 drivers/infiniband/core/device.c:1555
 ib_unregister_work+0x19/0x30 drivers/infiniband/core/device.c:1667
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff8881184081d8 of 8 bytes by task 10141 on cpu 0:
 kobject_has_children drivers/base/core.c:3347 [inline]
 cleanup_glue_dir+0xe9/0x170 drivers/base/core.c:3413
 device_del+0x730/0x790 drivers/base/core.c:3899
 cdev_device_del+0x1b/0x90 fs/char_dev.c:580
 ib_umad_kill_port+0xad/0x210 drivers/infiniband/core/user_mad.c:1355
 ib_umad_remove_one+0x10e/0x190 drivers/infiniband/core/user_mad.c:1443
 remove_client_context+0x9f/0x1a0 drivers/infiniband/core/device.c:812
 disable_device+0xca/0x260 drivers/infiniband/core/device.c:1318
 __ib_unregister_device+0x1fb/0x2d0 drivers/infiniband/core/device.c:1555
 ib_unregister_work+0x19/0x30 drivers/infiniband/core/device.c:1667
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x0000000000000001 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 10141 Comm: kworker/u8:61 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: ib-unreg-wq ib_unregister_work
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/25 05:46 upstream 4ea5af085908 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in cleanup_glue_dir / kernfs_unlink_sibling
* Struck through repros no longer work on HEAD.