syzbot


KCSAN: data-race in rxrpc_send_data / rxrpc_set_call_completion

Status: fixed on 2023/06/08 14:41
Subsystems: afs net
[Documentation on labels]
Reported-by: syzbot+ebc945fdb4acd72cba78@syzkaller.appspotmail.com
Fix commit: 2b5fdc0f5caa rxrpc: Fix potential data race in rxrpc_wait_to_be_connected()
First crash: 455d, last: 448d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH 6.3 022/246] rxrpc: Fix potential data race in rxrpc_wait_to_be_connected() 2 (2) 2023/05/17 03:38
[PATCH 6.2 031/242] rxrpc: Fix potential data race in rxrpc_wait_to_be_connected() 1 (1) 2023/05/15 16:25
[PATCH net] rxrpc: Fix potential data race in rxrpc_wait_to_be_connected() 2 (2) 2023/04/27 08:10
[syzbot] [afs?] [net?] KCSAN: data-race in rxrpc_send_data / rxrpc_set_call_completion 2 (3) 2023/04/24 16:05

Sample crash report:
==================================================================
BUG: KCSAN: data-race in rxrpc_send_data / rxrpc_set_call_completion

write to 0xffff888159cf3c50 of 4 bytes by task 25673 on cpu 1:
 rxrpc_set_call_completion+0x71/0x1c0 net/rxrpc/call_state.c:22
 rxrpc_send_data_packet+0xba9/0x1650 net/rxrpc/output.c:479
 rxrpc_transmit_one+0x1e/0x130 net/rxrpc/output.c:714
 rxrpc_decant_prepared_tx net/rxrpc/call_event.c:326 [inline]
 rxrpc_transmit_some_data+0x496/0x600 net/rxrpc/call_event.c:350
 rxrpc_input_call_event+0x564/0x1220 net/rxrpc/call_event.c:464
 rxrpc_io_thread+0x307/0x1d80 net/rxrpc/io_thread.c:461
 kthread+0x1ac/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

read to 0xffff888159cf3c50 of 4 bytes by task 25672 on cpu 0:
 rxrpc_send_data+0x29e/0x1950 net/rxrpc/sendmsg.c:296
 rxrpc_do_sendmsg+0xb7a/0xc20 net/rxrpc/sendmsg.c:726
 rxrpc_sendmsg+0x413/0x520 net/rxrpc/af_rxrpc.c:565
 sock_sendmsg_nosec net/socket.c:724 [inline]
 sock_sendmsg net/socket.c:747 [inline]
 ____sys_sendmsg+0x375/0x4c0 net/socket.c:2501
 ___sys_sendmsg net/socket.c:2555 [inline]
 __sys_sendmmsg+0x263/0x500 net/socket.c:2641
 __do_sys_sendmmsg net/socket.c:2670 [inline]
 __se_sys_sendmmsg net/socket.c:2667 [inline]
 __x64_sys_sendmmsg+0x57/0x60 net/socket.c:2667
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000000 -> 0xffffffea

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25672 Comm: syz-executor.5 Not tainted 6.3.0-rc5-syzkaller-00005-g148341f0a2f5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/04/03 23:35 upstream 148341f0a2f5 41147e3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in rxrpc_send_data / rxrpc_set_call_completion
2023/03/28 13:30 upstream 3a93e40326c8 47f3aaf1 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in rxrpc_send_data / rxrpc_set_call_completion
* Struck through repros no longer work on HEAD.