syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1319]
Subsystems
🐞 Fixed [7190]
🐞 Invalid [18992]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (4)

Status: auto-obsoleted due to no activity on 2024/04/20 09:12
Subsystems: net
[Documentation on labels]
First crash: 832d, last: 832d
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (6) prio:high net 6 4 86d 105d 0/29 auto-obsoleted due to no activity on 2026/05/27 11:20
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (3) net 6 2 1049d 1032d 0/29 auto-obsoleted due to no activity on 2023/09/15 15:27
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (5) net 6 1 313d 313d 0/29 auto-obsoleted due to no activity on 2025/10/12 11:19
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue (2) net 6 1 1642d 1642d 0/29 auto-closed as invalid on 2022/01/31 12:56
upstream KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue net 6 1 1955d 1955d 0/29 auto-closed as invalid on 2021/03/24 02:52

Sample crash report:
==================================================================
BUG: KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue

write to 0xffff8881037acc00 of 8 bytes by task 21564 on cpu 0:
 __ptr_ring_discard_one include/linux/ptr_ring.h:280 [inline]
 __ptr_ring_consume include/linux/ptr_ring.h:301 [inline]
 __skb_array_consume include/linux/skb_array.h:98 [inline]
 pfifo_fast_dequeue+0x866/0xed0 net/sched/sch_generic.c:760
 dequeue_skb net/sched/sch_generic.c:293 [inline]
 qdisc_restart net/sched/sch_generic.c:398 [inline]
 __qdisc_run+0x1a5/0x1130 net/sched/sch_generic.c:416
 __dev_xmit_skb net/core/dev.c:3762 [inline]
 __dev_queue_xmit+0xec1/0x1dd0 net/core/dev.c:4301
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 llc_build_and_send_ui_pkt+0x1d1/0x1f0 net/llc/llc_output.c:67
 llc_ui_sendmsg+0x68a/0x7e0 net/llc/af_llc.c:988
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x140/0x180 net/socket.c:745
 sock_sendmsg+0x96/0xe0 net/socket.c:768
 splice_to_socket+0x657/0x9d0 fs/splice.c:889
 do_splice_from fs/splice.c:941 [inline]
 direct_splice_actor+0x16c/0x2c0 fs/splice.c:1164
 splice_direct_to_actor+0x305/0x670 fs/splice.c:1108
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 do_syscall_64+0xd3/0x1d0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

read to 0xffff8881037acc00 of 8 bytes by task 21565 on cpu 1:
 __ptr_ring_produce include/linux/ptr_ring.h:106 [inline]
 ptr_ring_produce include/linux/ptr_ring.h:129 [inline]
 skb_array_produce include/linux/skb_array.h:44 [inline]
 pfifo_fast_enqueue+0xcc/0x2b0 net/sched/sch_generic.c:733
 dev_qdisc_enqueue net/core/dev.c:3726 [inline]
 __dev_xmit_skb net/core/dev.c:3768 [inline]
 __dev_queue_xmit+0x7e5/0x1dd0 net/core/dev.c:4301
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 llc_build_and_send_ui_pkt+0x1d1/0x1f0 net/llc/llc_output.c:67
 llc_ui_sendmsg+0x68a/0x7e0 net/llc/af_llc.c:988
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x140/0x180 net/socket.c:745
 sock_sendmsg+0x96/0xe0 net/socket.c:768
 splice_to_socket+0x657/0x9d0 fs/splice.c:889
 do_splice_from fs/splice.c:941 [inline]
 direct_splice_actor+0x16c/0x2c0 fs/splice.c:1164
 splice_direct_to_actor+0x305/0x670 fs/splice.c:1108
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0xd7/0x150 fs/splice.c:1233
 do_sendfile+0x3b9/0x970 fs/read_write.c:1295
 __do_sys_sendfile64 fs/read_write.c:1362 [inline]
 __se_sys_sendfile64 fs/read_write.c:1348 [inline]
 __x64_sys_sendfile64+0x110/0x150 fs/read_write.c:1348
 do_syscall_64+0xd3/0x1d0
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

value changed: 0xffff888139970900 -> 0x0000000000000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 21565 Comm: syz-executor.4 Tainted: G        W          6.8.0-syzkaller-11064-g82affc97affb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/16 09:03 upstream 82affc97affb d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in pfifo_fast_dequeue / pfifo_fast_enqueue
* Struck through repros no longer work on HEAD.