syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one

Status: auto-closed as invalid on 2020/04/06 17:55
Subsystems: can
[Documentation on labels]
First crash: 1575d, last: 1551d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one (3) can 3 576d 603d 0/26 auto-obsoleted due to no activity on 2022/11/02 20:30
upstream KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one (4) can 1 532d 532d 0/26 auto-obsoleted due to no activity on 2022/12/17 00:46
upstream KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one (2) can 2 761d 759d 0/26 auto-closed as invalid on 2022/05/02 01:04

Sample crash report:
vcan0: j1939_xtp_rx_abort_one: 0x000000009241cfa5: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0x000000004f692378: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0x00000000a8f12934: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
==================================================================
BUG: KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one

read to 0xffff8880af46e2ac of 4 bytes by interrupt on cpu 1:
 j1939_xtp_rx_dat_one+0x13c/0x5d0 net/can/j1939/transport.c:1748
 j1939_xtp_rx_dat net/can/j1939/transport.c:1830 [inline]
 j1939_tp_recv+0x304/0x660 net/can/j1939/transport.c:1995
 j1939_can_recv+0x34e/0x4b0 net/can/j1939/main.c:101
 deliver net/can/af_can.c:569 [inline]
 can_rcv_filter+0x1c7/0x5b0 net/can/af_can.c:603
 can_receive+0x189/0x230 net/can/af_can.c:660
 can_rcv+0xbd/0x120 net/can/af_can.c:686
 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5150
 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5264
 process_backlog+0x207/0x4b0 net/core/dev.c:6095
 napi_poll net/core/dev.c:6532 [inline]
 net_rx_action+0x3ae/0xa90 net/core/dev.c:6600
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 run_ksoftirqd+0x46/0x60 kernel/softirq.c:603
 smpboot_thread_fn+0x37d/0x4a0 kernel/smpboot.c:165
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

write to 0xffff8880af46e2ac of 4 bytes by interrupt on cpu 0:
 j1939_xtp_rx_dat_one+0x27a/0x5d0 net/can/j1939/transport.c:1774
 j1939_xtp_rx_dat net/can/j1939/transport.c:1830 [inline]
 j1939_tp_recv+0x304/0x660 net/can/j1939/transport.c:1995
 j1939_can_recv+0x34e/0x4b0 net/can/j1939/main.c:101
 deliver net/can/af_can.c:569 [inline]
 can_rcv_filter+0x1c7/0x5b0 net/can/af_can.c:603
 can_receive+0x189/0x230 net/can/af_can.c:660
 can_rcv+0xbd/0x120 net/can/af_can.c:686
 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5150
 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5264
 process_backlog+0x207/0x4b0 net/core/dev.c:6095
 napi_poll net/core/dev.c:6532 [inline]
 net_rx_action+0x3ae/0xa90 net/core/dev.c:6600
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082
 do_softirq.part.0+0x6b/0x80 kernel/softirq.c:337
 do_softirq kernel/softirq.c:329 [inline]
 __local_bh_enable_ip+0x76/0x80 kernel/softirq.c:189
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:706 [inline]
 ip_finish_output2+0x421/0xea0 net/ipv4/ip_output.c:229
 __ip_finish_output net/ipv4/ip_output.c:308 [inline]
 __ip_finish_output+0x23a/0x490 net/ipv4/ip_output.c:290
 ip_finish_output+0x41/0x160 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xfe/0x230 net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:436 [inline]
 ip_local_out+0x74/0x90 net/ipv4/ip_output.c:125
 __ip_queue_xmit+0x3a8/0xa40 net/ipv4/ip_output.c:532
 ip_queue_xmit+0x45/0x60 include/net/ip.h:237
 __tcp_transmit_skb+0xea3/0x1df0 net/ipv4/tcp_output.c:1170
 tcp_transmit_skb net/ipv4/tcp_output.c:1186 [inline]
 tcp_write_xmit+0xa74/0x3190 net/ipv4/tcp_output.c:2441
 __tcp_push_pending_frames+0x7b/0x1d0 net/ipv4/tcp_output.c:2617
 tcp_push+0x1f7/0x3e0 net/ipv4/tcp.c:726
 tcp_sendmsg_locked+0x1d71/0x2040 net/ipv4/tcp.c:1405
 tcp_sendmsg+0x39/0x60 net/ipv4/tcp.c:1436
 inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg+0x9f/0xc0 net/socket.c:659
 sock_write_iter+0x16b/0x210 net/socket.c:991
 call_write_iter include/linux/fs.h:1902 [inline]
 new_sync_write+0x388/0x4a0 fs/read_write.c:483
 __vfs_write+0xb1/0xc0 fs/read_write.c:496
 vfs_write fs/read_write.c:558 [inline]
 vfs_write+0x18a/0x390 fs/read_write.c:542
 ksys_write+0x17b/0x1b0 fs/read_write.c:611
 __do_sys_write fs/read_write.c:623 [inline]
 __se_sys_write fs/read_write.c:620 [inline]
 __x64_sys_write+0x4c/0x60 fs/read_write.c:620
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8077 Comm: syz-fuzzer Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/27 17:47 https://github.com/google/ktsan.git kcsan 245a43005292 56cd6c9b .config console log report ci2-upstream-kcsan-gce
2020/01/03 10:35 https://github.com/google/ktsan.git kcsan 245a43005292 9dcc1191 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.