syzbot

 sign-in | mailing list | source | docs
🐞 Open [977] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12490] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in can_send / can_send (3)

Status: auto-closed as invalid on 2020/12/25 11:24
Subsystems: can
[Documentation on labels]
Reported-by: syzbot+add1dbcbe9d4ffe6bf3c@syzkaller.appspotmail.com
First crash: 1262d, last: 1262d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in can_send / can_send (4) can 1278 1d18h 728d 0/26 moderation: reported on 2022/04/26 02:08
upstream KCSAN: data-race in can_send / can_send (2) can 1 1517d 1517d 0/26 auto-closed as invalid on 2020/05/07 07:35
upstream KCSAN: data-race in can_send / can_send can 1 1616d 1616d 0/26 auto-closed as invalid on 2020/01/28 10:46

Sample crash report:
vcan0: j1939_tp_rxtimer: 0x00000000f768a425: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0x00000000f768a425: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
==================================================================
BUG: KCSAN: data-race in can_send / can_send

read-write to 0xffff888022adbf90 of 8 bytes by interrupt on cpu 0:
 can_send+0x3fd/0x490 net/can/af_can.c:290
 j1939_send_one+0x189/0x1b0 net/can/j1939/main.c:340
 j1939_tp_tx_dat net/can/j1939/transport.c:623 [inline]
 j1939_session_tx_dat net/can/j1939/transport.c:813 [inline]
 j1939_xtp_txnext_transmiter net/can/j1939/transport.c:869 [inline]
 j1939_tp_txtimer+0x147d/0x2ad0 net/can/j1939/transport.c:1117
 __run_hrtimer+0x133/0x420 kernel/time/hrtimer.c:1519
 __hrtimer_run_queues kernel/time/hrtimer.c:1583 [inline]
 hrtimer_run_softirq+0x1c9/0x2a0 kernel/time/hrtimer.c:1600
 __do_softirq+0x12c/0x2b1 kernel/softirq.c:298
 run_ksoftirqd+0x13/0x20 kernel/softirq.c:653
 smpboot_thread_fn+0x34f/0x520 kernel/smpboot.c:165
 kthread+0x1fa/0x220 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

read-write to 0xffff888022adbf90 of 8 bytes by interrupt on cpu 1:
 can_send+0x3fd/0x490 net/can/af_can.c:290
 j1939_send_one+0x189/0x1b0 net/can/j1939/main.c:340
 j1939_tp_tx_dat net/can/j1939/transport.c:623 [inline]
 j1939_session_tx_dat net/can/j1939/transport.c:813 [inline]
 j1939_xtp_txnext_transmiter net/can/j1939/transport.c:869 [inline]
 j1939_tp_txtimer+0x147d/0x2ad0 net/can/j1939/transport.c:1117
 __run_hrtimer+0x133/0x420 kernel/time/hrtimer.c:1519
 __hrtimer_run_queues kernel/time/hrtimer.c:1583 [inline]
 hrtimer_run_softirq+0x1c9/0x2a0 kernel/time/hrtimer.c:1600
 __do_softirq+0x12c/0x2b1 kernel/softirq.c:298
 run_ksoftirqd+0x13/0x20 kernel/softirq.c:653
 smpboot_thread_fn+0x34f/0x520 kernel/smpboot.c:165
 kthread+0x1fa/0x220 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/11/07 18:28 upstream 659caaf65dc9 cba33199 .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.