syzbot

 sign-in | mailing list | source | docs
🐞 Open [981] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (4)

Status: auto-closed as invalid on 2021/05/13 08:58
Subsystems: kernfs
[Documentation on labels]
First crash: 1112d, last: 1112d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (8) kernfs 3 122d 133d 0/26 auto-obsoleted due to no activity on 2024/01/28 04:07
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir kernfs 2 1313d 1331d 0/26 auto-closed as invalid on 2020/10/24 11:06
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (6) kernfs 3 742d 771d 0/26 auto-closed as invalid on 2022/05/18 10:42
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (2) kernfs 2 1217d 1230d 0/26 auto-closed as invalid on 2021/01/28 08:27
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (7) kernfs 1 660d 660d 0/26 auto-closed as invalid on 2022/08/08 13:27
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (5) kernfs 1 917d 917d 0/26 auto-closed as invalid on 2021/11/24 14:49
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (3) kernfs 1 1181d 1181d 0/26 auto-closed as invalid on 2021/03/05 09:25

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __kernfs_remove / cleanup_glue_dir

write to 0xffff8881010ada40 of 8 bytes by task 25672 on cpu 0:
 kernfs_unlink_sibling fs/kernfs/dir.c:396 [inline]
 __kernfs_remove+0x592/0x6a0 fs/kernfs/dir.c:1332
 kernfs_remove+0x1d/0x30 fs/kernfs/dir.c:1358
 sysfs_remove_dir+0x7a/0x90 fs/sysfs/dir.c:102
 __kobject_del lib/kobject.c:620 [inline]
 kobject_del+0xb7/0x110 lib/kobject.c:643
 device_del+0x875/0x8f0 drivers/base/core.c:3433
 device_unregister drivers/base/core.c:3454 [inline]
 device_destroy+0x63/0xa0 drivers/base/core.c:4000
 tty_unregister_device+0x4e/0xd0 drivers/tty/tty_io.c:3340
 gsmld_detach_gsm drivers/tty/n_gsm.c:2409 [inline]
 gsmld_close+0x6c/0x140 drivers/tty/n_gsm.c:2478
 tty_ldisc_close drivers/tty/tty_ldisc.c:488 [inline]
 tty_ldisc_kill drivers/tty/tty_ldisc.c:636 [inline]
 tty_ldisc_hangup+0x363/0x4b0 drivers/tty/tty_ldisc.c:756
 __tty_hangup+0x467/0x610 drivers/tty/tty_io.c:639
 tty_vhangup+0x13/0x20 drivers/tty/tty_io.c:712
 pty_close+0x28f/0x2b0 drivers/tty/pty.c:78
 tty_release+0x255/0xa00 drivers/tty/tty_io.c:1779
 __fput+0x263/0x4f0 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x17c/0x1b0 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:301
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff8881010ada40 of 8 bytes by task 25523 on cpu 1:
 kobject_has_children include/linux/kobject.h:135 [inline]
 cleanup_glue_dir+0xce/0x140 drivers/base/core.c:2941
 device_del+0x880/0x8f0 drivers/base/core.c:3434
 device_unregister drivers/base/core.c:3454 [inline]
 device_destroy+0x63/0xa0 drivers/base/core.c:4000
 tty_unregister_device+0x4e/0xd0 drivers/tty/tty_io.c:3340
 gsmld_detach_gsm drivers/tty/n_gsm.c:2409 [inline]
 gsmld_close+0x6c/0x140 drivers/tty/n_gsm.c:2478
 tty_ldisc_close drivers/tty/tty_ldisc.c:488 [inline]
 tty_ldisc_kill drivers/tty/tty_ldisc.c:636 [inline]
 tty_ldisc_hangup+0x363/0x4b0 drivers/tty/tty_ldisc.c:756
 __tty_hangup+0x467/0x610 drivers/tty/tty_io.c:639
 tty_vhangup+0x13/0x20 drivers/tty/tty_io.c:712
 pty_close+0x28f/0x2b0 drivers/tty/pty.c:78
 tty_release+0x255/0xa00 drivers/tty/tty_io.c:1779
 __fput+0x263/0x4f0 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x17c/0x1b0 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:301
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 25523 Comm: syz-executor.0 Not tainted 5.12.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/08 08:51 upstream 454859c552da 6a81331a .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __kernfs_remove / cleanup_glue_dir
* Struck through repros no longer work on HEAD.