syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14793]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv (3)

Status: auto-obsoleted due to no activity on 2024/09/11 16:33
Subsystems: tipc
[Documentation on labels]
First crash: 173d, last: 173d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv tipc 1 577d 577d 0/28 auto-obsoleted due to no activity on 2023/08/04 11:38
upstream KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv (2) tipc 1 217d 217d 0/28 auto-obsoleted due to no activity on 2024/07/29 09:10

Sample crash report:
==================================================================
BUG: KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv

read-write to 0xffff888115845776 of 2 bytes by task 8745 on cpu 0:
 tipc_sk_conn_proto_rcv net/tipc/socket.c:1369 [inline]
 tipc_sk_proto_rcv+0x657/0xb20 net/tipc/socket.c:2158
 tipc_sk_filter_rcv+0x18c4/0x19f0 net/tipc/socket.c:2352
 tipc_sk_enqueue net/tipc/socket.c:2445 [inline]
 tipc_sk_rcv+0x48a/0x1020 net/tipc/socket.c:2497
 tipc_node_xmit+0x211/0x840 net/tipc/node.c:1701
 tipc_node_xmit_skb+0x97/0xd0 net/tipc/node.c:1766
 tipc_sk_send_ack+0x262/0x280 net/tipc/socket.c:1826
 tipc_recvstream+0x3b0/0x7e0 net/tipc/socket.c:2095
 sock_recvmsg_nosec net/socket.c:1046 [inline]
 sock_recvmsg+0x13f/0x170 net/socket.c:1068
 ____sys_recvmsg+0xf9/0x280 net/socket.c:2816
 ___sys_recvmsg net/socket.c:2858 [inline]
 __sys_recvmsg+0x1ea/0x280 net/socket.c:2888
 __do_sys_recvmsg net/socket.c:2898 [inline]
 __se_sys_recvmsg net/socket.c:2895 [inline]
 __x64_sys_recvmsg+0x46/0x50 net/socket.c:2895
 x64_sys_call+0xb84/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:48
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888115845776 of 2 bytes by task 8749 on cpu 1:
 tsk_conn_cong net/tipc/socket.c:222 [inline]
 tipc_poll+0x1f6/0x360 net/tipc/socket.c:806
 sock_poll+0x233/0x260 net/socket.c:1409
 vfs_poll include/linux/poll.h:84 [inline]
 __io_arm_poll_handler+0x229/0xf30 io_uring/poll.c:623
 io_arm_poll_handler+0x433/0x5f0 io_uring/poll.c:757
 io_queue_async+0x89/0x370 io_uring/io_uring.c:1902
 io_queue_sqe io_uring/io_uring.c:1931 [inline]
 io_req_task_submit+0xb3/0xc0 io_uring/io_uring.c:1344
 io_poll_task_func+0x6f3/0x8b0
 io_handle_tw_list+0xe3/0x200 io_uring/io_uring.c:1034
 tctx_task_work_run+0x6c/0x1b0 io_uring/io_uring.c:1106
 tctx_task_work+0x40/0x80 io_uring/io_uring.c:1124
 task_work_run+0x13a/0x1a0 kernel/task_work.c:228
 get_signal+0xeee/0x1080 kernel/signal.c:2689
 arch_do_signal_or_restart+0x95/0x4b0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x59/0x130 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x020c -> 0x018a

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 8749 Comm: syz.1.1494 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/07 16:26 upstream d4560686726f 109d2082 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in tipc_poll / tipc_sk_proto_rcv
* Struck through repros no longer work on HEAD.