syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv (2)

Status: auto-obsoleted due to no activity on 2024/07/29 09:10
Subsystems: tipc
[Documentation on labels]
First crash: 218d, last: 218d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv tipc 1 578d 578d 0/28 auto-obsoleted due to no activity on 2023/08/04 11:38
upstream KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv (3) tipc 1 174d 174d 0/28 auto-obsoleted due to no activity on 2024/09/11 16:33

Sample crash report:
==================================================================
BUG: KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv

read-write to 0xffff88810488ef76 of 2 bytes by task 5558 on cpu 0:
 tipc_sk_conn_proto_rcv net/tipc/socket.c:1369 [inline]
 tipc_sk_proto_rcv+0x657/0xb30 net/tipc/socket.c:2158
 tipc_sk_filter_rcv+0x18c4/0x19f0 net/tipc/socket.c:2352
 tipc_sk_enqueue net/tipc/socket.c:2445 [inline]
 tipc_sk_rcv+0x48a/0x1020 net/tipc/socket.c:2497
 tipc_node_xmit+0x211/0x840 net/tipc/node.c:1701
 tipc_node_xmit_skb+0x97/0xd0 net/tipc/node.c:1766
 tipc_sk_send_ack+0x262/0x280 net/tipc/socket.c:1826
 tipc_recvstream+0x3b0/0x7e0 net/tipc/socket.c:2095
 sock_recvmsg_nosec net/socket.c:1046 [inline]
 sock_recvmsg+0x13f/0x170 net/socket.c:1068
 ____sys_recvmsg+0xf9/0x280 net/socket.c:2804
 ___sys_recvmsg net/socket.c:2846 [inline]
 __sys_recvmsg+0x1ea/0x280 net/socket.c:2876
 __do_sys_recvmsg net/socket.c:2886 [inline]
 __se_sys_recvmsg net/socket.c:2883 [inline]
 __x64_sys_recvmsg+0x46/0x50 net/socket.c:2883
 x64_sys_call+0x2c31/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:48
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88810488ef76 of 2 bytes by task 5562 on cpu 1:
 tsk_conn_cong net/tipc/socket.c:222 [inline]
 tipc_poll+0x1f6/0x360 net/tipc/socket.c:806
 sock_poll+0x233/0x260 net/socket.c:1409
 vfs_poll include/linux/poll.h:84 [inline]
 __io_arm_poll_handler+0x229/0xf30 io_uring/poll.c:622
 io_arm_poll_handler+0x411/0x5d0 io_uring/poll.c:756
 io_queue_async+0x89/0x320 io_uring/io_uring.c:1943
 io_queue_sqe io_uring/io_uring.c:1972 [inline]
 io_req_task_submit+0xb3/0xc0 io_uring/io_uring.c:1385
 io_poll_task_func+0x68e/0x840
 io_handle_tw_list+0xe3/0x200 io_uring/io_uring.c:1083
 tctx_task_work_run+0x6c/0x1b0 io_uring/io_uring.c:1155
 tctx_task_work+0x40/0x80 io_uring/io_uring.c:1173
 task_work_run+0x13a/0x1a0 kernel/task_work.c:180
 get_signal+0xeee/0x1080 kernel/signal.c:2681
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x020b -> 0x0189

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 5562 Comm: syz-executor.3 Not tainted 6.10.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/24 09:00 upstream f2661062f16b edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv
* Struck through repros no longer work on HEAD.