syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in kcm_rcv_ready / kcm_rfree

Status: auto-closed as invalid on 2020/04/24 00:37
Subsystems: net
[Documentation on labels]
First crash: 1532d, last: 1532d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in kcm_rcv_ready / kcm_rfree (2) net 1 1434d 1434d 0/26 closed as invalid on 2020/06/18 14:13
upstream KCSAN: data-race in kcm_rcv_ready / kcm_rfree (3) net 1 694d 694d 0/26 auto-closed as invalid on 2022/07/05 19:59

Sample crash report:
==================================================================
BUG: KCSAN: data-race in kcm_rcv_ready / kcm_rfree

write to 0xffff88809b439f38 of 1 bytes by task 8022 on cpu 1:
 kcm_rcv_ready+0x423/0x4f0 net/kcm/kcmsock.c:164
 unreserve_rx_kcm+0x12a/0x270 net/kcm/kcmsock.c:336
 kcm_read_sock_done+0x29/0x40 net/kcm/kcmsock.c:393
 strp_read_sock+0xfa/0x140 net/strparser/strparser.c:368
 do_strp_work net/strparser/strparser.c:414 [inline]
 strp_work+0x9a/0xe0 net/strparser/strparser.c:423
 process_one_work+0x40b/0x8d0 kernel/workqueue.c:2264
 worker_thread+0xa0/0x800 kernel/workqueue.c:2410
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

read to 0xffff88809b439f38 of 1 bytes by task 12070 on cpu 0:
 kcm_rfree+0xf6/0x1e0 net/kcm/kcmsock.c:180
 skb_release_head_state+0xb8/0x180 net/core/skbuff.c:652
 skb_release_all+0x1f/0x60 net/core/skbuff.c:663
 __kfree_skb net/core/skbuff.c:679 [inline]
 kfree_skb net/core/skbuff.c:697 [inline]
 kfree_skb+0x98/0x210 net/core/skbuff.c:691
 kcm_recvmsg+0x2d1/0x320 net/kcm/kcmsock.c:1162
 sock_recvmsg_nosec net/socket.c:873 [inline]
 ____sys_recvmsg+0x387/0x3a0 net/socket.c:2551
 ___sys_recvmsg+0xb2/0x100 net/socket.c:2595
 do_recvmmsg+0x19a/0x5c0 net/socket.c:2693
 __sys_recvmmsg+0x1ef/0x200 net/socket.c:2772
 __do_sys_recvmmsg net/socket.c:2795 [inline]
 __se_sys_recvmmsg net/socket.c:2788 [inline]
 __x64_sys_recvmmsg+0x89/0xb0 net/socket.c:2788
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 12070 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/14 00:32 https://github.com/google/ktsan.git kcsan 55121bc1808a e6247653 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.