syzbot

 sign-in | mailing list | source | docs
🐞 Open [973] 🐞 Fixed [3869] 🐞 Invalid [8345] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in ip6_dst_gc / ip6_dst_gc (3)

Status: internal: reported on 2022/04/12 21:21
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: 9cb7c013420f ipv6: make ip6_rt_gc_expire an atomic_t
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 81d, last: 75d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip6_dst_gc / ip6_dst_gc (2) 1 518d 518d 0/22 auto-closed as invalid on 2021/03/02 13:08
upstream KCSAN: data-race in ip6_dst_gc / ip6_dst_gc 12 838d 964d 0/22 auto-closed as invalid on 2020/05/21 16:42

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip6_dst_gc / ip6_dst_gc

read-write to 0xffff8881020ca7c4 of 4 bytes by task 25609 on cpu 0:
 ip6_dst_gc+0x1f3/0x220 net/ipv6/route.c:3311
 dst_alloc+0x9b/0x160 net/core/dst.c:86
 ip6_dst_alloc net/ipv6/route.c:344 [inline]
 icmp6_dst_alloc+0xb2/0x360 net/ipv6/route.c:3261
 mld_sendpack+0x2b9/0x580 net/ipv6/mcast.c:1807
 mld_send_cr net/ipv6/mcast.c:2119 [inline]
 mld_ifc_work+0x576/0x800 net/ipv6/mcast.c:2651
 process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
 worker_thread+0x618/0xa70 kernel/workqueue.c:2436
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

read-write to 0xffff8881020ca7c4 of 4 bytes by task 15311 on cpu 1:
 ip6_dst_gc+0x1f3/0x220 net/ipv6/route.c:3311
 dst_alloc+0x9b/0x160 net/core/dst.c:86
 ip6_dst_alloc net/ipv6/route.c:344 [inline]
 icmp6_dst_alloc+0xb2/0x360 net/ipv6/route.c:3261
 mld_sendpack+0x2b9/0x580 net/ipv6/mcast.c:1807
 mld_send_cr net/ipv6/mcast.c:2119 [inline]
 mld_ifc_work+0x576/0x800 net/ipv6/mcast.c:2651
 process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
 worker_thread+0x618/0xa70 kernel/workqueue.c:2436
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

value changed: 0x0000038c -> 0x0000038a

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 15311 Comm: kworker/1:4 Not tainted 5.18.0-rc2-syzkaller-00050-ga19944809fe9-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: mld mld_ifc_work
==================================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/04/15 00:15 upstream a19944809fe9 b17b2923 .config log report info KCSAN: data-race in ip6_dst_gc / ip6_dst_gc
ci2-upstream-kcsan-gce 2022/04/08 15:46 upstream 42e7a03d3bad c6ff3e05 .config log report info KCSAN: data-race in ip6_dst_gc / ip6_dst_gc