syzbot

 sign-in | mailing list | source | docs
🐞 Open [988] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in cleanup_glue_dir.part.0 / kernfs_unlink_sibling

Status: closed as invalid on 2020/06/18 14:13
Subsystems: kernfs
[Documentation on labels]
First crash: 1431d, last: 1427d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in cleanup_glue_dir.part.0 / kernfs_unlink_sibling

write to 0xffff8880a6164640 of 8 bytes by task 19001 on cpu 0:
 kernfs_unlink_sibling+0xa1/0xf0 fs/kernfs/dir.c:396
 __kernfs_remove.part.0+0x2b6/0x3d0 fs/kernfs/dir.c:1331
 __kernfs_remove fs/kernfs/dir.c:1293 [inline]
 kernfs_remove+0x6e/0x90 fs/kernfs/dir.c:1357
 sysfs_remove_dir+0x87/0xa0 fs/sysfs/dir.c:102
 kobject_del+0x6e/0xd0 lib/kobject.c:623
 device_del+0x5a0/0x780 drivers/base/core.c:2722
 hci_unregister_dev+0x18d/0x490 net/bluetooth/hci_core.c:3618
 hci_uart_tty_close+0x17e/0x180 drivers/bluetooth/hci_ldisc.c:545
 tty_ldisc_close.isra.0+0x6f/0x90 drivers/tty/tty_ldisc.c:489
 tty_ldisc_kill+0x3b/0x80 drivers/tty/tty_ldisc.c:637
 tty_ldisc_release+0xae/0x250 drivers/tty/tty_ldisc.c:809
 tty_release_struct+0x20/0x60 drivers/tty/tty_io.c:1614
 tty_release+0x808/0x8e0 drivers/tty/tty_io.c:1785
 __fput+0x1e9/0x500 fs/file_table.c:280
 ____fput+0x1b/0x30 fs/file_table.c:313
 task_work_run+0xba/0x120 kernel/task_work.c:123
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x2ae/0x2c0 arch/x86/entry/common.c:165
 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:279 [inline]
 do_syscall_64+0x38b/0x3b0 arch/x86/entry/common.c:305
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880a6164640 of 8 bytes by task 18995 on cpu 1:
 kobject_has_children include/linux/kobject.h:136 [inline]
 cleanup_glue_dir.part.0+0xb3/0x140 drivers/base/core.c:2195
 cleanup_glue_dir drivers/base/core.c:1138 [inline]
 device_del+0x655/0x780 drivers/base/core.c:2723
 hci_unregister_dev+0x18d/0x490 net/bluetooth/hci_core.c:3618
 hci_uart_tty_close+0x17e/0x180 drivers/bluetooth/hci_ldisc.c:545
 tty_ldisc_close.isra.0+0x6f/0x90 drivers/tty/tty_ldisc.c:489
 tty_ldisc_kill+0x3b/0x80 drivers/tty/tty_ldisc.c:637
 tty_ldisc_release+0xae/0x250 drivers/tty/tty_ldisc.c:809
 tty_release_struct+0x20/0x60 drivers/tty/tty_io.c:1614
 tty_release+0x808/0x8e0 drivers/tty/tty_io.c:1785
 __fput+0x1e9/0x500 fs/file_table.c:280
 ____fput+0x1b/0x30 fs/file_table.c:313
 task_work_run+0xba/0x120 kernel/task_work.c:123
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x2ae/0x2c0 arch/x86/entry/common.c:165
 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:279 [inline]
 do_syscall_64+0x38b/0x3b0 arch/x86/entry/common.c:305
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 18995 Comm: syz-executor.1 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/29 15:24 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 bed08304 .config console log report ci2-upstream-kcsan-gce
2020/05/26 02:01 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 8ca3b7d2 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.