syzbot

 sign-in | mailing list | source | docs
🐞 Open [1155] 🐞 Fixed [4318] 🐞 Invalid [9655] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in udpv6_sendmsg / udpv6_sendmsg (2)

Status: auto-closed as invalid on 2020/10/10 02:50
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 880d, last: 880d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in udpv6_sendmsg / udpv6_sendmsg 1 928d 928d 0/24 auto-closed as invalid on 2020/08/23 02:37
upstream KCSAN: data-race in udpv6_sendmsg / udpv6_sendmsg (3) 1 642d 642d 0/24 auto-closed as invalid on 2021/06/05 06:06
upstream KCSAN: data-race in udpv6_sendmsg / udpv6_sendmsg (4) 1 586d 581d 0/24 auto-closed as invalid on 2021/09/03 03:58

Sample crash report:
==================================================================
BUG: KCSAN: data-race in udpv6_sendmsg / udpv6_sendmsg

write to 0xffff8880990783c8 of 4 bytes by task 9969 on cpu 1:
 udpv6_sendmsg+0x14af/0x1780 net/ipv6/udp.c:1546
 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:638
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg net/socket.c:671 [inline]
 kernel_sendmsg+0x97/0xd0 net/socket.c:691
 sock_no_sendpage+0x7f/0xb0 net/core/sock.c:2852
 kernel_sendpage net/socket.c:3642 [inline]
 sock_sendpage+0x84/0xc0 net/socket.c:944
 pipe_to_sendpage+0x128/0x160 fs/splice.c:448
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x1f7/0x4f0 fs/splice.c:626
 splice_from_pipe fs/splice.c:661 [inline]
 generic_splice_sendpage+0x80/0xb0 fs/splice.c:834
 do_splice_from fs/splice.c:846 [inline]
 direct_splice_actor+0x95/0x160 fs/splice.c:1016
 splice_direct_to_actor+0x365/0x660 fs/splice.c:971
 do_splice_direct+0xf2/0x170 fs/splice.c:1059
 do_sendfile+0x56a/0xba0 fs/read_write.c:1540
 __do_sys_sendfile64 fs/read_write.c:1601 [inline]
 __se_sys_sendfile64 fs/read_write.c:1587 [inline]
 __x64_sys_sendfile64+0xf2/0x130 fs/read_write.c:1587
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880990783c8 of 4 bytes by task 9967 on cpu 0:
 udpv6_sendmsg+0x1eb/0x1780 net/ipv6/udp.c:1326
 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:638
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg net/socket.c:671 [inline]
 ____sys_sendmsg+0x360/0x4d0 net/socket.c:2353
 ___sys_sendmsg net/socket.c:2407 [inline]
 __sys_sendmmsg+0x322/0x4b0 net/socket.c:2497
 __do_sys_sendmmsg net/socket.c:2526 [inline]
 __se_sys_sendmmsg net/socket.c:2523 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2523
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 9967 Comm: syz-executor.4 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-kcsan-gce 2020/09/05 02:45 upstream c70672d8d316 abf9ba4f .config console log report
* Struck through repros no longer work on HEAD.