syzbot

 sign-in | mailing list | source | docs
🐞 Open [1447]
Subsystems
🐞 Fixed [6880]
🐞 Invalid [17859]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in rwsem_down_write_slowpath / rwsem_down_write_slowpath

Status: moderation: reported on 2026/01/19 04:38
Subsystems: kernfs
[Documentation on labels]
Reported-by: syzbot+f5e0ba366db50663c2e2@syzkaller.appspotmail.com
First crash: 3d18h, last: 3d18h

Sample crash report:
==================================================================
BUG: KCSAN: data-race in rwsem_down_write_slowpath / rwsem_down_write_slowpath

write to 0xffffc90001dbfaf8 of 1 bytes by task 11768 on cpu 1:
 rwsem_try_write_lock kernel/locking/rwsem.c:653 [inline]
 rwsem_down_write_slowpath+0x3ec/0xa80 kernel/locking/rwsem.c:1159
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0xab/0xc0 kernel/locking/rwsem.c:1591
 kernfs_activate+0x48/0xa0 fs/kernfs/dir.c:1430
 kernfs_add_one+0x212/0x280 fs/kernfs/dir.c:839
 __kernfs_create_file+0x145/0x180 fs/kernfs/file.c:1086
 sysfs_add_file_mode_ns+0x132/0x1b0 fs/sysfs/file.c:313
 create_files fs/sysfs/group.c:82 [inline]
 internal_create_group+0x441/0x9e0 fs/sysfs/group.c:189
 internal_create_groups fs/sysfs/group.c:229 [inline]
 sysfs_create_groups+0x3f/0xf0 fs/sysfs/group.c:255
 device_add_groups drivers/base/core.c:2836 [inline]
 device_add_attrs+0x64/0x3f0 drivers/base/core.c:2900
 device_add+0x37a/0x770 drivers/base/core.c:3643
 netdev_register_kobject+0x109/0x230 net/core/net-sysfs.c:2358
 register_netdevice+0x8cf/0xdd0 net/core/dev.c:11406
 __ip_tunnel_create+0x319/0x430 net/ipv4/ip_tunnel.c:268
 ip_tunnel_init_net+0x210/0x490 net/ipv4/ip_tunnel.c:1147
 vti_init_net+0x39/0xf0 net/ipv4/ip_vti.c:517
 ops_init+0x22a/0x2e0 net/core/net_namespace.c:137
 setup_net+0x9f/0x230 net/core/net_namespace.c:446
 copy_net_ns+0x308/0x450 net/core/net_namespace.c:581
 create_new_namespaces+0x20e/0x400 kernel/nsproxy.c:130
 copy_namespaces+0x1ad/0x210 kernel/nsproxy.c:195
 copy_process+0xce5/0x1f10 kernel/fork.c:2224
 kernel_clone+0x16b/0x5b0 kernel/fork.c:2651
 __do_sys_clone kernel/fork.c:2792 [inline]
 __se_sys_clone kernel/fork.c:2776 [inline]
 __x64_sys_clone+0x143/0x180 kernel/fork.c:2776
 x64_sys_call+0x12d0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffc90001dbfaf8 of 1 bytes by task 9429 on cpu 0:
 rwsem_down_write_slowpath+0x463/0xa80 kernel/locking/rwsem.c:1177
 __down_write_common kernel/locking/rwsem.c:1317 [inline]
 __down_write kernel/locking/rwsem.c:1326 [inline]
 down_write+0xab/0xc0 kernel/locking/rwsem.c:1591
 kernfs_remove_by_name_ns+0x5c/0xf0 fs/kernfs/dir.c:1717
 kernfs_remove_by_name include/linux/kernfs.h:633 [inline]
 remove_files fs/sysfs/group.c:28 [inline]
 sysfs_remove_group+0xa5/0x170 fs/sysfs/group.c:328
 sysfs_remove_groups+0x3a/0x80 fs/sysfs/group.c:352
 destroy_gid_attrs drivers/infiniband/core/sysfs.c:1182 [inline]
 ib_free_port_attrs+0x8e/0x260 drivers/infiniband/core/sysfs.c:1407
 remove_one_compat_dev drivers/infiniband/core/device.c:1038 [inline]
 rdma_dev_exit_net+0x1aa/0x290 drivers/infiniband/core/device.c:1176
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x285/0x420 net/core/net_namespace.c:252
 cleanup_net+0x31c/0x550 net/core/net_namespace.c:696
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x581/0x770 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 9429 Comm: kworker/u8:15 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: netns cleanup_net
==================================================================
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_1
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
IPVS: stop unused estimator thread 0...

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/19 04:37 upstream e84d960149e7 20d37d28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in rwsem_down_write_slowpath / rwsem_down_write_slowpath
* Struck through repros no longer work on HEAD.