syzbot

 sign-in | mailing list | source | docs
🐞 Open [1037] Subsystems 🐞 Fixed [5279] 🐞 Invalid [12607] Missing Backports [87] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in _copy_to_iter / hsr_create_tagged_frame

Status: auto-closed as invalid on 2022/01/28 08:52
Subsystems: net
[Documentation on labels]
First crash: 868d, last: 868d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in _copy_to_iter / hsr_create_tagged_frame

write to 0xffff888117e52050 of 2 bytes by interrupt on cpu 1:
 set_hsr_tag_path net/hsr/hsr_main.h:79 [inline]
 hsr_set_path_id net/hsr/hsr_forward.c:246 [inline]
 hsr_create_tagged_frame+0xaa/0x500 net/hsr/hsr_forward.c:292
 hsr_forward_do net/hsr/hsr_forward.c:459 [inline]
 hsr_forward_skb+0x77e/0xec0 net/hsr/hsr_forward.c:620
 send_hsr_supervision_frame+0x38c/0x460 net/hsr/hsr_device.c:324
 hsr_announce+0x6f/0x110 net/hsr/hsr_device.c:382
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1421
 expire_timers+0x116/0x240 kernel/time/timer.c:1466
 __run_timers+0x368/0x410 kernel/time/timer.c:1734
 run_timer_softirq+0x2e/0x60 kernel/time/timer.c:1747
 __do_softirq+0x158/0x2de kernel/softirq.c:558
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0x37/0x70 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20
 should_watch kernel/kcsan/core.c:271 [inline]
 check_access kernel/kcsan/core.c:640 [inline]
 __tsan_read4+0x144/0x180 kernel/kcsan/core.c:863
 nd_jump_root+0x15a/0x280 fs/namei.c:970
 path_init+0x24e/0x9b0 fs/namei.c:2359
 path_openat+0xdf/0x1eb0 fs/namei.c:3554
 do_filp_open+0x105/0x220 fs/namei.c:3586
 do_sys_openat2+0xb5/0x2b0 fs/open.c:1212
 do_sys_open fs/open.c:1228 [inline]
 __do_sys_openat fs/open.c:1244 [inline]
 __se_sys_openat fs/open.c:1239 [inline]
 __x64_sys_openat+0xef/0x110 fs/open.c:1239
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff888117e52042 of 60 bytes by task 6735 on cpu 0:
 instrument_copy_to_user include/linux/instrumented.h:119 [inline]
 copyout lib/iov_iter.c:156 [inline]
 _copy_to_iter+0x197/0xbe0 lib/iov_iter.c:667
 copy_to_iter include/linux/uio.h:155 [inline]
 simple_copy_to_iter+0x4c/0x60 net/core/datagram.c:519
 __skb_datagram_iter+0xac/0x520 net/core/datagram.c:425
 skb_copy_datagram_iter+0x36/0xf0 net/core/datagram.c:533
 skb_copy_datagram_msg include/linux/skbuff.h:3657 [inline]
 packet_recvmsg+0x24e/0xa30 net/packet/af_packet.c:3451
 sock_recvmsg_nosec net/socket.c:944 [inline]
 sock_recvmsg net/socket.c:962 [inline]
 __sys_recvfrom+0x204/0x2c0 net/socket.c:2093
 __do_sys_recvfrom net/socket.c:2111 [inline]
 __se_sys_recvfrom net/socket.c:2107 [inline]
 __x64_sys_recvfrom+0x74/0x90 net/socket.c:2107
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 6735 Comm: syz-executor.0 Not tainted 5.16.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/12/24 08:51 upstream 996a18eb796a 6caa12e4 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in _copy_to_iter / hsr_create_tagged_frame
* Struck through repros no longer work on HEAD.