syzbot


KCSAN: data-race in do_epoll_wait / ep_poll_callback

Status: auto-closed as invalid on 2020/08/31 10:40
Reported-by: syzbot+a865334955613363cc13@syzkaller.appspotmail.com
First crash: 958d, last: 912d
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in do_epoll_wait / ep_poll_callback (7) 1 361d 361d 0/24 auto-closed as invalid on 2022/03/12 11:24
upstream KCSAN: data-race in do_epoll_wait / ep_poll_callback (6) 1 403d 403d 0/24 auto-closed as invalid on 2022/01/29 14:05
upstream KCSAN: data-race in do_epoll_wait / ep_poll_callback (2) 2 724d 727d 0/24 auto-closed as invalid on 2021/03/14 02:07
upstream KCSAN: data-race in do_epoll_wait / ep_poll_callback (5) 2 509d 519d 0/24 auto-closed as invalid on 2021/10/15 22:14
upstream KCSAN: data-race in do_epoll_wait / ep_poll_callback (4) 1 602d 602d 0/24 auto-closed as invalid on 2021/07/14 13:56
upstream KCSAN: data-race in do_epoll_wait / ep_poll_callback (3) 1 672d 672d 0/24 auto-closed as invalid on 2021/05/17 11:16
upstream KCSAN: data-race in do_epoll_wait / ep_poll_callback (8) 1 311d 311d 0/24 auto-closed as invalid on 2022/05/01 05:30

Sample crash report:
==================================================================
BUG: KCSAN: data-race in do_epoll_wait / ep_poll_callback

write to 0xffff888120e76050 of 8 bytes by interrupt on cpu 1:
 list_add_tail_lockless fs/eventpoll.c:1158 [inline]
 ep_poll_callback+0x29c/0x510 fs/eventpoll.c:1248
 __wake_up_common+0xbc/0x130 kernel/sched/wait.c:93
 __wake_up_common_lock kernel/sched/wait.c:123 [inline]
 __wake_up_sync_key+0x83/0xc0 kernel/sched/wait.c:190
 sock_def_readable+0x61/0xe0 net/core/sock.c:2909
 tcp_data_ready net/ipv4/tcp_input.c:4796 [inline]
 tcp_rcv_established+0x13c0/0x1520 net/ipv4/tcp_input.c:5725
 tcp_v4_do_rcv+0x25e/0x480 net/ipv4/tcp_ipv4.c:1641
 tcp_v4_rcv+0x219b/0x2420 net/ipv4/tcp_ipv4.c:2023
 ip_protocol_deliver_rcu+0x1f9/0x400 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x1d6/0x2a0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:449 [inline]
 ip_sublist_rcv_finish net/ipv4/ip_input.c:550 [inline]
 ip_list_rcv_finish net/ipv4/ip_input.c:600 [inline]
 ip_sublist_rcv+0x4d4/0x5a0 net/ipv4/ip_input.c:608
 ip_list_rcv+0x262/0x290 net/ipv4/ip_input.c:643
 __netif_receive_skb_list_ptype net/core/dev.c:5324 [inline]
 __netif_receive_skb_list_core+0x34b/0x450 net/core/dev.c:5372
 __netif_receive_skb_list+0x298/0x310 net/core/dev.c:5424
 netif_receive_skb_list_internal+0xda/0x330 net/core/dev.c:5531
 gro_normal_list net/core/dev.c:5642 [inline]
 gro_normal_one net/core/dev.c:5654 [inline]
 napi_skb_finish net/core/dev.c:5982 [inline]
 napi_gro_receive+0x329/0x5a0 net/core/dev.c:6014
 receive_buf+0x7a4/0xcf0 drivers/net/virtio_net.c:1082
 virtnet_receive drivers/net/virtio_net.c:1346 [inline]
 virtnet_poll+0x2fa/0x780 drivers/net/virtio_net.c:1451
 napi_poll+0x178/0x4a0 net/core/dev.c:6684
 net_rx_action+0x1ba/0x530 net/core/dev.c:6752
 __do_softirq+0x198/0x360 kernel/softirq.c:292
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x5d/0x80 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:387 [inline]
 __irq_exit_rcu+0x115/0x120 kernel/softirq.c:417
 common_interrupt+0x14e/0x1e0 arch/x86/kernel/irq.c:239
 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:576

read to 0xffff888120e76050 of 8 bytes by task 8653 on cpu 0:
 list_empty_careful include/linux/list.h:300 [inline]
 ep_events_available fs/eventpoll.c:379 [inline]
 ep_poll fs/eventpoll.c:1855 [inline]
 do_epoll_wait+0x2e2/0x870 fs/eventpoll.c:2333
 __do_sys_epoll_pwait fs/eventpoll.c:2364 [inline]
 __se_sys_epoll_pwait fs/eventpoll.c:2350 [inline]
 __x64_sys_epoll_pwait+0x92/0x150 fs/eventpoll.c:2350
 do_syscall_64+0x51/0xb0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8653 Comm: syz-fuzzer Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (221):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-kcsan-gce 2020/08/03 10:39 upstream bcf876870b95 96dd3623 .config console log report
ci2-upstream-kcsan-gce 2020/08/02 21:12 upstream 142c3326b055 96dd3623 .config console log report
ci2-upstream-kcsan-gce 2020/08/02 07:22 upstream ac3a0c847296 96dd3623 .config console log report
ci2-upstream-kcsan-gce 2020/08/01 18:02 upstream d52daa8620c6 8df85ed9 .config console log report
ci2-upstream-kcsan-gce 2020/08/01 03:15 upstream 7dc6fd0f3b84 8df85ed9 .config console log report
ci2-upstream-kcsan-gce 2020/07/31 11:39 upstream d8b9faec54ae 8df85ed9 .config console log report
ci2-upstream-kcsan-gce 2020/07/30 22:14 upstream e2c46b5762c6 8df85ed9 .config console log report
ci2-upstream-kcsan-gce 2020/07/30 09:52 upstream 83bdc7275e62 b0947553 .config console log report
ci2-upstream-kcsan-gce 2020/07/30 08:13 upstream 83bdc7275e62 233283a1 .config console log report
ci2-upstream-kcsan-gce 2020/07/29 18:57 upstream 6ba1b005ffc3 233283a1 .config console log report
ci2-upstream-kcsan-gce 2020/07/29 06:32 upstream 6ba1b005ffc3 19a8de55 .config console log report
ci2-upstream-kcsan-gce 2020/07/28 19:40 upstream 6ba1b005ffc3 cb93dc6a .config console log report
ci2-upstream-kcsan-gce 2020/07/27 06:12 upstream 92ed30191993 cb93dc6a .config console log report
ci2-upstream-kcsan-gce 2020/07/26 18:40 upstream 1ada9010e578 51265195 .config console log report
ci2-upstream-kcsan-gce 2020/07/26 08:43 upstream 04300d66f0a0 51265195 .config console log report
ci2-upstream-kcsan-gce 2020/07/26 00:45 upstream 04300d66f0a0 1f7cc1ca .config console log report
ci2-upstream-kcsan-gce 2020/07/25 11:22 upstream 23ee3e4e5bd2 1f7cc1ca .config console log report
ci2-upstream-kcsan-gce 2020/07/24 22:22 upstream 68845a55c31b 554af388 .config console log report
ci2-upstream-kcsan-gce 2020/07/24 10:40 upstream f37e99aca03f 554af388 .config console log report
ci2-upstream-kcsan-gce 2020/07/23 21:33 upstream f37e99aca03f 70c104a1 .config console log report
ci2-upstream-kcsan-gce 2020/07/23 15:35 upstream d15be546031c 70c104a1 .config console log report
ci2-upstream-kcsan-gce 2020/07/23 02:17 upstream d15be546031c 340ea530 .config console log report
ci2-upstream-kcsan-gce 2020/07/22 18:55 upstream 8c26c87b0532 128cd85f .config console log report
ci2-upstream-kcsan-gce 2020/07/22 13:54 upstream 4fa640dc5230 128cd85f .config console log report
ci2-upstream-kcsan-gce 2020/07/22 01:58 upstream 4fa640dc5230 21f1765e .config console log report
ci2-upstream-kcsan-gce 2020/07/21 13:51 upstream 4fa640dc5230 e562dd8a .config console log report
ci2-upstream-kcsan-gce 2020/07/21 00:54 upstream 4fa640dc5230 8caeeeb7 .config console log report
ci2-upstream-kcsan-gce 2020/07/20 09:34 upstream 5714ee50bb43 8caeeeb7 .config console log report
ci2-upstream-kcsan-gce 2020/07/19 21:41 upstream 92188b41f139 9c812472 .config console log report
ci2-upstream-kcsan-gce 2020/07/19 08:27 upstream f932d58abc38 9c812472 .config console log report
ci2-upstream-kcsan-gce 2020/07/18 19:00 upstream 6cf7ccba29dc 9c812472 .config console log report
ci2-upstream-kcsan-gce 2020/07/18 04:19 upstream 6a70f89cc58f 9c812472 .config console log report
ci2-upstream-kcsan-gce 2020/07/17 14:01 upstream 8882572675c1 9c812472 .config console log report
ci2-upstream-kcsan-gce 2020/07/17 00:19 upstream 07a56bb875af 54b3c45e .config console log report
ci2-upstream-kcsan-gce 2020/07/16 11:23 upstream f8456690ba8e b090c643 .config console log report
ci2-upstream-kcsan-gce 2020/07/15 23:55 upstream 994e99a96c9b ada108d0 .config console log report
ci2-upstream-kcsan-gce 2020/07/14 22:55 upstream e9919e11e219 ada108d0 .config console log report
ci2-upstream-kcsan-gce 2020/07/14 20:29 upstream e9919e11e219 6f458026 .config console log report
ci2-upstream-kcsan-gce 2020/07/14 10:50 upstream 0dc589da873b 6f458026 .config console log report
ci2-upstream-kcsan-gce 2020/07/14 02:05 upstream 0dc589da873b ce4c95b3 .config console log report
ci2-upstream-kcsan-gce 2020/07/13 20:13 upstream 11ba468877bb ce4c95b3 .config console log report
ci2-upstream-kcsan-gce 2020/06/27 19:13 upstream 6116dea80dfd a2cdad9d .config console log report
ci2-upstream-kcsan-gce 2020/06/27 12:35 upstream 1590a2e1c681 032b4239 .config console log report
ci2-upstream-kcsan-gce 2020/06/18 14:02 upstream 1b5044021070 3ea11d3f .config console log report
* Struck through repros no longer work on HEAD.