syzbot

 sign-in | mailing list | source | docs
🐞 Open [1110] 🐞 Fixed [4189] 🐞 Invalid [9319] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown (6)

Status: auto-closed as invalid on 2022/07/22 19:29
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 164d, last: 164d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown (5) 2 526d 534d 0/24 auto-closed as invalid on 2021/07/25 13:18
upstream KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown (4) 1 572d 572d 0/24 auto-closed as invalid on 2021/06/10 09:09
upstream KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown (3) 4 663d 721d 0/24 auto-closed as invalid on 2021/03/10 20:35
upstream KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown (2) 3 782d 818d 0/24 auto-closed as invalid on 2020/11/11 11:35
upstream KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown 8 974d 1111d 0/24 auto-closed as invalid on 2020/06/07 18:23

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown

read-write to 0xffff888128030ce2 of 1 bytes by task 17746 on cpu 0:
 inet_shutdown+0x139/0x1f0 net/ipv4/af_inet.c:888
 __sys_shutdown_sock net/socket.c:2331 [inline]
 __sys_shutdown net/socket.c:2343 [inline]
 __do_sys_shutdown net/socket.c:2351 [inline]
 __se_sys_shutdown+0xf6/0x140 net/socket.c:2349
 __x64_sys_shutdown+0x2d/0x40 net/socket.c:2349
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

read to 0xffff888128030ce2 of 1 bytes by task 17740 on cpu 1:
 __skb_wait_for_more_packets+0xe8/0x2f0 net/core/datagram.c:104
 __skb_recv_udp+0x731/0x850 net/ipv4/udp.c:1789
 udpv6_recvmsg+0x22e/0xd00 net/ipv6/udp.c:346
 inet6_recvmsg+0x9e/0x210 net/ipv6/af_inet6.c:671
 ____sys_recvmsg+0x162/0x2f0
 ___sys_recvmsg net/socket.c:2753 [inline]
 do_recvmmsg+0x53a/0xa30 net/socket.c:2847
 __sys_recvmmsg net/socket.c:2926 [inline]
 __do_sys_recvmmsg net/socket.c:2949 [inline]
 __se_sys_recvmmsg net/socket.c:2942 [inline]
 __x64_sys_recvmmsg+0xde/0x160 net/socket.c:2942
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 17740 Comm: syz-executor.3 Not tainted 5.19.0-rc2-syzkaller-00205-g462abc9de7a1-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/06/17 19:20 upstream 462abc9de7a1 8f633d84 .config log report info KCSAN: data-race in __skb_wait_for_more_packets / inet_shutdown
* Struck through repros no longer work on HEAD.