syzbot


KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (3)

Status: auto-closed as invalid on 2021/03/05 09:25
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 567d, last: 567d
similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir 2 699d 717d 0/23 auto-closed as invalid on 2020/10/24 11:06
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (4) 1 498d 498d 0/23 auto-closed as invalid on 2021/05/13 08:58
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (6) 3 128d 156d 0/23 auto-closed as invalid on 2022/05/18 10:42
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (2) 2 603d 616d 0/23 auto-closed as invalid on 2021/01/28 08:27
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (7) 1 46d 46d 0/23 auto-closed as invalid on 2022/08/08 13:27
upstream KCSAN: data-race in __kernfs_remove / cleanup_glue_dir (5) 1 303d 303d 0/23 auto-closed as invalid on 2021/11/24 14:49

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __kernfs_remove / cleanup_glue_dir

read-write to 0xffff88800ca0b040 of 8 bytes by task 15058 on cpu 1:
 kernfs_unlink_sibling fs/kernfs/dir.c:396 [inline]
 __kernfs_remove+0x587/0x6a0 fs/kernfs/dir.c:1330
 kernfs_remove+0x1d/0x30 fs/kernfs/dir.c:1356
 sysfs_remove_dir+0x7a/0x90 fs/sysfs/dir.c:102
 __kobject_del lib/kobject.c:620 [inline]
 kobject_del+0xb7/0x100 lib/kobject.c:643
 device_del+0x875/0x8f0 drivers/base/core.c:3300
 device_unregister+0x11/0x30 drivers/base/core.c:3321
 wakeup_source_sysfs_remove+0x21/0x30 drivers/base/power/wakeup_stats.c:208
 wakeup_source_unregister+0xea/0x110 drivers/base/power/wakeup.c:248
 ep_remove+0x2b2/0x340 fs/eventpoll.c:710
 ep_free+0x18b/0x210 fs/eventpoll.c:765
 ep_eventpoll_release+0x2e/0x40 fs/eventpoll.c:782
 __fput+0x24b/0x4e0 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x16b/0x1a0 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88800ca0b040 of 8 bytes by task 15057 on cpu 0:
 kobject_has_children include/linux/kobject.h:135 [inline]
 cleanup_glue_dir+0xce/0x140 drivers/base/core.c:2808
 device_del+0x880/0x8f0 drivers/base/core.c:3301
 device_unregister+0x11/0x30 drivers/base/core.c:3321
 wakeup_source_sysfs_remove+0x21/0x30 drivers/base/power/wakeup_stats.c:208
 wakeup_source_unregister+0xea/0x110 drivers/base/power/wakeup.c:248
 ep_free+0x1f3/0x210 fs/eventpoll.c:773
 ep_eventpoll_release+0x2e/0x40 fs/eventpoll.c:782
 __fput+0x24b/0x4e0 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x16b/0x1a0 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:302
 do_syscall_64+0x45/0x80 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 15057 Comm: syz-executor.3 Not tainted 5.11.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/01/29 09:20 upstream bec4c2968fce 6593fd32 .config log report info KCSAN: data-race in __kernfs_remove / cleanup_glue_dir