syzbot


KCSAN: data-race in netlink_recvmsg / netlink_recvmsg

Status: auto-closed as invalid on 2020/03/29 12:33
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+6dedf50d68e5713a1f65@syzkaller.appspotmail.com
First crash: 1622d, last: 1548d
Discussions (1)
Title Replies (including bot) Last reply
KCSAN: data-race in netlink_recvmsg / netlink_recvmsg 0 (1) 2019/11/07 18:55
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (6) net 2 381d 378d 22/26 fixed on 2023/06/08 14:41
upstream KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (3) net 30 972d 1128d 0/26 auto-closed as invalid on 2021/09/22 07:53
upstream KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (2) net 1 1250d 1221d 0/26 auto-closed as invalid on 2020/12/25 11:25
upstream KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (4) net 13 827d 927d 0/26 auto-closed as invalid on 2022/02/13 19:27
upstream KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (7) net 1 200d 195d 25/26 fixed on 2023/12/22 15:08
upstream KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (5) net 12 458d 711d 22/26 fixed on 2023/02/24 13:50

Sample crash report:
==================================================================
BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg

read to 0xffff8880a3f31320 of 8 bytes by task 13703 on cpu 0:
 netlink_recvmsg+0xf3/0x910 net/netlink/af_netlink.c:1964
 sock_recvmsg_nosec net/socket.c:873 [inline]
 sock_recvmsg net/socket.c:891 [inline]
 sock_recvmsg+0x92/0xb0 net/socket.c:887
 __sys_recvfrom+0x1ae/0x2d0 net/socket.c:2042
 __do_sys_recvfrom net/socket.c:2060 [inline]
 __se_sys_recvfrom net/socket.c:2056 [inline]
 __x64_sys_recvfrom+0x89/0xb0 net/socket.c:2056
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

write to 0xffff8880a3f31320 of 8 bytes by task 13707 on cpu 1:
 netlink_recvmsg+0x124/0x910 net/netlink/af_netlink.c:1965
 sock_recvmsg_nosec net/socket.c:873 [inline]
 ____sys_recvmsg+0x387/0x3a0 net/socket.c:2551
 ___sys_recvmsg+0xb2/0x100 net/socket.c:2595
 do_recvmmsg+0x19a/0x5c0 net/socket.c:2693
 __sys_recvmmsg+0x1ef/0x200 net/socket.c:2772
 __do_sys_recvmmsg net/socket.c:2795 [inline]
 __se_sys_recvmmsg net/socket.c:2788 [inline]
 __x64_sys_recvmmsg+0x89/0xb0 net/socket.c:2788
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 13707 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/19 12:32 https://github.com/google/ktsan.git kcsan 245a43005292 bc8bc756 .config console log report ci2-upstream-kcsan-gce
2019/11/29 14:02 https://github.com/google/ktsan.git kcsan ef798c30ba4e 4f7e1d0f .config console log report ci2-upstream-kcsan-gce
2019/11/18 17:03 https://github.com/google/ktsan.git kcsan 5863cc791e4c d5696d51 .config console log report ci2-upstream-kcsan-gce
2019/11/07 04:09 https://github.com/google/ktsan.git kcsan 94c006602e13 d797d201 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.