syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one (3)

Status: auto-obsoleted due to no activity on 2022/11/02 20:30
Subsystems: can
[Documentation on labels]
First crash: 601d, last: 574d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one (4) can 1 530d 530d 0/26 auto-obsoleted due to no activity on 2022/12/17 00:46
upstream KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one can 2 1549d 1573d 0/26 auto-closed as invalid on 2020/04/06 17:55
upstream KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one (2) can 2 759d 757d 0/26 auto-closed as invalid on 2022/05/02 01:04

Sample crash report:
vcan0: j1939_xtp_rx_dat: no rx connection found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812e837e00: last 00
vcan0: j1939_xtp_rx_dat: no rx connection found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812e837e00: last 00
==================================================================
BUG: KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one

write to 0xffff88812e837eac of 4 bytes by interrupt on cpu 0:
 j1939_xtp_rx_dat_one+0x47d/0x9c0 net/can/j1939/transport.c:1881
 j1939_xtp_rx_dat net/can/j1939/transport.c:1935 [inline]
 j1939_tp_recv+0x24c/0xa20 net/can/j1939/transport.c:2129
 j1939_can_recv+0x3dd/0x4c0 net/can/j1939/main.c:108
 deliver net/can/af_can.c:574 [inline]
 can_rcv_filter+0x234/0x4e0 net/can/af_can.c:608
 can_receive+0x182/0x1f0 net/can/af_can.c:665
 can_rcv+0x9e/0x170 net/can/af_can.c:696
 __netif_receive_skb_one_core net/core/dev.c:5485 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5599
 process_backlog+0x23f/0x3b0 net/core/dev.c:5927
 __napi_poll+0x65/0x390 net/core/dev.c:6511
 napi_poll net/core/dev.c:6578 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6689
 __do_softirq+0x158/0x2e3 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

read to 0xffff88812e837eac of 4 bytes by interrupt on cpu 1:
 j1939_xtp_rx_dat_one+0x205/0x9c0 net/can/j1939/transport.c:1841
 j1939_xtp_rx_dat net/can/j1939/transport.c:1935 [inline]
 j1939_tp_recv+0x24c/0xa20 net/can/j1939/transport.c:2129
 j1939_can_recv+0x3dd/0x4c0 net/can/j1939/main.c:108
 deliver net/can/af_can.c:574 [inline]
 can_rcv_filter+0x234/0x4e0 net/can/af_can.c:608
 can_receive+0x182/0x1f0 net/can/af_can.c:665
 can_rcv+0x9e/0x170 net/can/af_can.c:696
 __netif_receive_skb_one_core net/core/dev.c:5485 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5599
 process_backlog+0x23f/0x3b0 net/core/dev.c:5927
 __napi_poll+0x65/0x390 net/core/dev.c:6511
 napi_poll net/core/dev.c:6578 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6689
 __do_softirq+0x158/0x2e3 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

value changed: 0x000000ab -> 0x000000ac

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19 Comm: ksoftirqd/1 Tainted: G        W          6.0.0-rc7-syzkaller-00068-g49c13ed0316d-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
==================================================================
vcan0: j1939_xtp_rx_dat_one: 0xffff88812e837e00: should have been completed
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2800: last 14
vcan0: j1939_xtp_rx_dat_one: 0xffff888132ee2600: last 14
vcan0: j1939_xtp_rx_abort_one: 0xffff888132ee2800: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff8881253a9600: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff888132ee2600: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff8881253a9800: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff8881248e6c00: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff888125397c00: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff888125397e00: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff888131596400: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff888131596600: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_tp_rxtimer: 0xffff888133a49a00: abort rx timeout. Force session deactivation
vcan0: j1939_tp_rxtimer: 0xffff8881253a9e00: rx timeout, send abort
vcan0: j1939_tp_rxtimer: 0xffff888131596a00: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0xffff8881253a9e00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff888131596a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_dat: no tx connection found
vcan0: j1939_tp_rxtimer: 0xffff88813137e400: rx timeout, send abort
vcan0: j1939_tp_rxtimer: 0xffff88813137e400: abort rx timeout. Force session deactivation

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/09/28 20:21 upstream 49c13ed0316d a41a2080 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one
2022/09/28 14:31 upstream 46452d3786a8 75c78242 .config console log report info [disk image] [vmlinux] ci2-upstream-kcsan-gce KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one
2022/09/02 00:34 upstream 2880e1a175b9 86c46e46 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one
* Struck through repros no longer work on HEAD.