syzbot

 sign-in | mailing list | source | docs
🐞 Open [956] 🐞 Fixed [4035] 🐞 Invalid [8957] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in packet_do_bind / packet_getname (5)

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: e032f7c9c7ce net/packet: annotate accesses to po->ifindex
First crash: 552d, last: 473d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in packet_do_bind / packet_getname 16 973d 1071d 0/24 auto-closed as invalid on 2020/04/11 02:48
upstream KCSAN: data-race in packet_do_bind / packet_getname (3) 8 757d 794d 0/24 auto-closed as invalid on 2020/10/09 06:50
upstream KCSAN: data-race in packet_do_bind / packet_getname (2) 2 866d 888d 0/24 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in packet_do_bind / packet_getname (4) 5 609d 659d 0/24 auto-closed as invalid on 2021/03/06 13:33

Sample crash report:
==================================================================
BUG: KCSAN: data-race in packet_do_bind / packet_getname

write to 0xffff888143ce3cbc of 4 bytes by task 25573 on cpu 1:
 packet_do_bind+0x420/0x7e0 net/packet/af_packet.c:3191
 packet_bind+0xc3/0xd0 net/packet/af_packet.c:3255
 __sys_bind+0x200/0x290 net/socket.c:1637
 __do_sys_bind net/socket.c:1648 [inline]
 __se_sys_bind net/socket.c:1646 [inline]
 __x64_sys_bind+0x3d/0x50 net/socket.c:1646
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff888143ce3cbc of 4 bytes by task 25578 on cpu 0:
 packet_getname+0x5b/0x1a0 net/packet/af_packet.c:3525
 __sys_getsockname+0x10e/0x1a0 net/socket.c:1887
 __do_sys_getsockname net/socket.c:1902 [inline]
 __se_sys_getsockname net/socket.c:1899 [inline]
 __x64_sys_getsockname+0x3e/0x50 net/socket.c:1899
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00000000 -> 0x00000001

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25578 Comm: syz-executor.5 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/06/15 09:02 upstream 009c9aa5be65 1ba81399 .config log report info KCSAN: data-race in packet_do_bind / packet_getname
ci2-upstream-kcsan-gce 2021/05/11 23:23 upstream 88b06399c9c7 b3c3bb8e .config log report info KCSAN: data-race in packet_do_bind / packet_getname
ci2-upstream-kcsan-gce 2021/04/07 10:53 upstream 2d743660786e 6a81331a .config log report info KCSAN: data-race in packet_do_bind / packet_getname
ci2-upstream-kcsan-gce 2021/03/28 02:53 upstream 0f4498cef9f5 a8529b82 .config log report info KCSAN: data-race in packet_do_bind / packet_getname
* Struck through repros no longer work on HEAD.