syzbot


KCSAN: data-race in __packet_rcv_has_room / copy_page_from_iter

Status: auto-closed as invalid on 2022/01/10 16:02
Reported-by: syzbot+b5b6fdf0602b33029c5d@syzkaller.appspotmail.com
First crash: 364d, last: 364d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __packet_rcv_has_room / copy_page_from_iter

read to 0xffff888137fb0000 of 8 bytes by interrupt on cpu 0:
 __packet_get_status net/packet/af_packet.c:437 [inline]
 packet_lookup_frame net/packet/af_packet.c:525 [inline]
 __tpacket_has_room net/packet/af_packet.c:1256 [inline]
 __packet_rcv_has_room+0x279/0x450 net/packet/af_packet.c:1297
 tpacket_rcv+0x2da/0x24e0 net/packet/af_packet.c:2272
 deliver_skb net/core/dev.c:2218 [inline]
 __netif_receive_skb_core+0x415/0x1df0 net/core/dev.c:5309
 __netif_receive_skb_one_core net/core/dev.c:5463 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5579
 process_backlog+0x23f/0x3e0 net/core/dev.c:6455
 __napi_poll+0x65/0x3f0 net/core/dev.c:7023
 napi_poll net/core/dev.c:7090 [inline]
 net_rx_action+0x29e/0x650 net/core/dev.c:7177
 __do_softirq+0x158/0x2de kernel/softirq.c:558
 do_softirq+0xb1/0xf0 kernel/softirq.c:459
 __local_bh_enable_ip+0x68/0x70 kernel/softirq.c:383
 local_bh_enable+0x1b/0x20 include/linux/bottom_half.h:33
 rcu_read_unlock_bh include/linux/rcupdate.h:758 [inline]
 __dev_queue_xmit+0x597/0xf70 net/core/dev.c:4256
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4262
 batadv_send_skb_packet+0x23f/0x2a0 net/batman-adv/send.c:108
 batadv_send_broadcast_skb+0x20/0x30 net/batman-adv/send.c:127
 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline]
 batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0x40e/0x4c0 net/batman-adv/bat_iv_ogm.c:1701
 process_one_work+0x3fc/0x980 kernel/workqueue.c:2298
 worker_thread+0x616/0xa70 kernel/workqueue.c:2445
 kthread+0x2c7/0x2e0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30

write to 0xffff888137fb0000 of 4096 bytes by task 11881 on cpu 1:
 instrument_copy_from_user include/linux/instrumented.h:136 [inline]
 copyin lib/iov_iter.c:167 [inline]
 copy_page_from_iter_iovec lib/iov_iter.c:312 [inline]
 copy_page_from_iter+0x24e/0x510 lib/iov_iter.c:902
 process_vm_rw_pages mm/process_vm_access.c:43 [inline]
 process_vm_rw_single_vec+0x274/0x460 mm/process_vm_access.c:117
 process_vm_rw_core mm/process_vm_access.c:215 [inline]
 process_vm_rw+0x3dd/0x570 mm/process_vm_access.c:283
 __do_sys_process_vm_writev mm/process_vm_access.c:303 [inline]
 __se_sys_process_vm_writev mm/process_vm_access.c:298 [inline]
 __x64_sys_process_vm_writev+0x76/0x90 mm/process_vm_access.c:298
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 11881 Comm: syz-executor.2 Not tainted 5.16.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/12/06 16:01 upstream 0fcfb00b28c0 579a8754 .config log report info KCSAN: data-race in __packet_rcv_has_room / copy_page_from_iter
* Struck through repros no longer work on HEAD.