syzbot


KCSAN: data-race in unix_notinflight / unix_release_sock (2)

Status: auto-closed as invalid on 2022/01/15 07:41
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 360d, last: 360d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in unix_notinflight / unix_release_sock 1 457d 457d 0/24 auto-closed as invalid on 2021/10/09 20:56

Sample crash report:
==================================================================
BUG: KCSAN: data-race in unix_notinflight / unix_release_sock

write to 0xffffffff86e2e780 of 4 bytes by task 9866 on cpu 0:
 unix_notinflight+0x1f2/0x260 net/unix/scm.c:83
 unix_detach_fds net/unix/scm.c:134 [inline]
 unix_destruct_scm+0xb5/0x190 net/unix/scm.c:145
 skb_release_head_state+0xb3/0x170 net/core/skbuff.c:729
 skb_release_all net/core/skbuff.c:740 [inline]
 __kfree_skb+0x14/0x150 net/core/skbuff.c:756
 kfree_skb+0x4d/0x160 net/core/skbuff.c:774
 __skb_queue_purge include/linux/skbuff.h:2868 [inline]
 unix_gc+0x7d5/0x8a0 net/unix/garbage.c:296
 unix_release_sock+0x5f4/0x680 net/unix/af_unix.c:606
 unix_release+0x4e/0x70 net/unix/af_unix.c:949
 __sock_release net/socket.c:649 [inline]
 sock_close+0x6c/0x150 net/socket.c:1314
 __fput+0x295/0x520 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:164
 get_signal+0x1506/0x1550 kernel/signal.c:2624
 arch_do_signal_or_restart+0x8c/0x2e0 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x113/0x190 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:300
 do_syscall_64+0x50/0xd0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffffff86e2e780 of 4 bytes by task 9849 on cpu 1:
 unix_release_sock+0x5d7/0x680 net/unix/af_unix.c:605
 unix_release+0x4e/0x70 net/unix/af_unix.c:949
 __sock_release net/socket.c:649 [inline]
 sock_close+0x6c/0x150 net/socket.c:1314
 __fput+0x295/0x520 fs/file_table.c:280
 ____fput+0x11/0x20 fs/file_table.c:313
 task_work_run+0x8e/0x110 kernel/task_work.c:164
 get_signal+0x1506/0x1550 kernel/signal.c:2624
 arch_do_signal_or_restart+0x8c/0x2e0 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x113/0x190 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x20/0x40 kernel/entry/common.c:300
 do_syscall_64+0x50/0xd0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000c -> 0x00000006

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 9849 Comm: syz-executor.3 Not tainted 5.16.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/12/11 07:35 upstream 9e65da135b39 49ca1f59 .config log report info KCSAN: data-race in unix_notinflight / unix_release_sock
* Struck through repros no longer work on HEAD.