syzbot

 sign-in | mailing list | source | docs
🐞 Open [1659]
Subsystems
🐞 Fixed [5984]
🐞 Invalid [14726]
Missing Backports [131]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in igmp_gq_start_timer / igmp_gq_timer_expire

Status: auto-obsoleted due to no activity on 2025/01/16 22:34
Subsystems: net
[Documentation on labels]
First crash: 60d, last: 60d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in igmp_gq_start_timer / igmp_gq_timer_expire

write to 0xffff88811922dc69 of 1 bytes by interrupt on cpu 0:
 igmp_gq_timer_expire+0x1d/0x90 net/ipv4/igmp.c:803
 call_timer_fn+0x3a/0x300 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1844 [inline]
 __run_timers kernel/time/timer.c:2418 [inline]
 __run_timer_base+0x417/0x640 kernel/time/timer.c:2430
 run_timer_base kernel/time/timer.c:2439 [inline]
 run_timer_softirq+0x31/0x70 kernel/time/timer.c:2449
 handle_softirqs+0xbf/0x280 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:655
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x73/0x80 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 kcsan_setup_watchpoint+0x404/0x410 kernel/kcsan/core.c:705
 folios_put_refs+0x85/0x2b0 mm/swap.c:947
 free_pages_and_swap_cache+0x291/0x410 mm/swap_state.c:332
 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu+0x2cf/0x440 mm/mmu_gather.c:373
 zap_pte_range mm/memory.c:1700 [inline]
 zap_pmd_range mm/memory.c:1739 [inline]
 zap_pud_range mm/memory.c:1768 [inline]
 zap_p4d_range mm/memory.c:1789 [inline]
 unmap_page_range+0x1f3c/0x22d0 mm/memory.c:1810
 unmap_single_vma+0x142/0x1d0 mm/memory.c:1856
 unmap_vmas+0x18d/0x2b0 mm/memory.c:1900
 exit_mmap+0x18a/0x680 mm/mmap.c:1923
 __mmput+0x28/0x1b0 kernel/fork.c:1348
 mmput+0x4c/0x60 kernel/fork.c:1370
 exit_mm+0xe4/0x190 kernel/exit.c:570
 do_exit+0x55e/0x17f0 kernel/exit.c:925
 do_group_exit+0x142/0x150 kernel/exit.c:1087
 __do_sys_exit_group kernel/exit.c:1098 [inline]
 __se_sys_exit_group kernel/exit.c:1096 [inline]
 __x64_sys_exit_group+0x1f/0x20 kernel/exit.c:1096
 x64_sys_call+0x2db8/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811922dc69 of 1 bytes by task 15464 on cpu 1:
 igmp_gq_start_timer+0x48/0x130 net/ipv4/igmp.c:230
 igmp_heard_query net/ipv4/igmp.c:1028 [inline]
 igmp_rcv+0x12ec/0x1390 net/ipv4/igmp.c:1100
 ip_protocol_deliver_rcu+0x3f8/0x720 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x17d/0x210 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ip_local_deliver+0xec/0x1d0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:460 [inline]
 ip_sublist_rcv_finish net/ipv4/ip_input.c:580 [inline]
 ip_list_rcv_finish net/ipv4/ip_input.c:622 [inline]
 ip_sublist_rcv+0x3c7/0x640 net/ipv4/ip_input.c:638
 ip_list_rcv+0x25e/0x290 net/ipv4/ip_input.c:672
 __netif_receive_skb_list_ptype net/core/dev.c:5713 [inline]
 __netif_receive_skb_list_core+0x4f0/0x520 net/core/dev.c:5760
 __netif_receive_skb_list net/core/dev.c:5812 [inline]
 netif_receive_skb_list_internal+0x4e4/0x660 net/core/dev.c:5903
 netif_receive_skb_list+0x31/0x230 net/core/dev.c:5955
 xdp_recv_frames net/bpf/test_run.c:280 [inline]
 xdp_test_run_batch net/bpf/test_run.c:361 [inline]
 bpf_test_run_xdp_live+0xe0d/0x1040 net/bpf/test_run.c:390
 bpf_prog_test_run_xdp+0x51d/0x8b0 net/bpf/test_run.c:1318
 bpf_prog_test_run+0x20f/0x3a0 kernel/bpf/syscall.c:4266
 __sys_bpf+0x400/0x7a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5758
 x64_sys_call+0x2914/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x01 -> 0x00

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 15464 Comm: syz.7.4188 Not tainted 6.12.0-syzkaller-03657-g43fb83c17ba2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/21 22:24 upstream 43fb83c17ba2 4b25d554 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in igmp_gq_start_timer / igmp_gq_timer_expire
* Struck through repros no longer work on HEAD.