syzbot

 sign-in | mailing list | source | docs
🐞 Open [1028] Subsystems 🐞 Fixed [5251] 🐞 Invalid [12570] Missing Backports [86] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (2)

Status: auto-closed as invalid on 2021/01/28 08:27
Subsystems: kernfs
[Documentation on labels]
First crash: 1240d, last: 1227d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (8) kernfs 3 132d 143d 0/26 auto-obsoleted due to no activity on 2024/01/28 04:07
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir kernfs 2 1323d 1341d 0/26 auto-closed as invalid on 2020/10/24 11:06
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (4) kernfs 1 1122d 1122d 0/26 auto-closed as invalid on 2021/05/13 08:58
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (6) kernfs 3 752d 781d 0/26 auto-closed as invalid on 2022/05/18 10:42
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (7) kernfs 1 670d 670d 0/26 auto-closed as invalid on 2022/08/08 13:27
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (5) kernfs 1 927d 927d 0/26 auto-closed as invalid on 2021/11/24 14:49
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (3) kernfs 1 1191d 1191d 0/26 auto-closed as invalid on 2021/03/05 09:25

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __kernfs_remove / cleanup_glue_dir

read-write to 0xffff888140d184c0 of 8 bytes by task 21732 on cpu 0:
 kernfs_unlink_sibling fs/kernfs/dir.c:396 [inline]
 __kernfs_remove+0x587/0x6a0 fs/kernfs/dir.c:1330
 kernfs_remove+0x1d/0x30 fs/kernfs/dir.c:1356
 sysfs_remove_dir+0x7a/0x90 fs/sysfs/dir.c:102
 __kobject_del lib/kobject.c:620 [inline]
 kobject_del+0xb7/0x100 lib/kobject.c:643
 device_del+0x875/0x8f0 drivers/base/core.c:3282
 device_unregister drivers/base/core.c:3303 [inline]
 device_destroy+0x63/0xa0 drivers/base/core.c:3849
 tty_unregister_device+0x4e/0xd0 drivers/tty/tty_io.c:3197
 gsmld_detach_gsm drivers/tty/n_gsm.c:2409 [inline]
 gsmld_close+0x6c/0x140 drivers/tty/n_gsm.c:2478
 tty_ldisc_close drivers/tty/tty_ldisc.c:488 [inline]
 tty_ldisc_kill drivers/tty/tty_ldisc.c:636 [inline]
 tty_ldisc_release+0x1b6/0x400 drivers/tty/tty_ldisc.c:809
 tty_release_struct+0x19/0xb0 drivers/tty/tty_io.c:1618
 tty_release+0x97b/0x9f0 drivers/tty/tty_io.c:1789
 __fput+0x24b/0x4e0 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x16b/0x1a0 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff888140d184c0 of 8 bytes by task 21636 on cpu 1:
 kobject_has_children include/linux/kobject.h:135 [inline]
 cleanup_glue_dir+0xce/0x140 drivers/base/core.c:2790
 device_del+0x880/0x8f0 drivers/base/core.c:3283
 device_unregister drivers/base/core.c:3303 [inline]
 device_destroy+0x63/0xa0 drivers/base/core.c:3849
 tty_unregister_device+0x4e/0xd0 drivers/tty/tty_io.c:3197
 gsmld_detach_gsm drivers/tty/n_gsm.c:2409 [inline]
 gsmld_close+0x6c/0x140 drivers/tty/n_gsm.c:2478
 tty_ldisc_close drivers/tty/tty_ldisc.c:488 [inline]
 tty_ldisc_kill drivers/tty/tty_ldisc.c:636 [inline]
 tty_ldisc_release+0x1b6/0x400 drivers/tty/tty_ldisc.c:809
 tty_release_struct+0x19/0xb0 drivers/tty/tty_io.c:1618
 tty_release+0x97b/0x9f0 drivers/tty/tty_io.c:1789
 __fput+0x24b/0x4e0 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x16b/0x1a0 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 21636 Comm: syz-executor.5 Not tainted 5.10.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/12/24 08:26 upstream 58cf05f597b0 c2c1d1dd .config console log report info ci2-upstream-kcsan-gce
2020/12/11 11:57 upstream 33dc9614dc20 ba24ffcd .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.