KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one (2)
4 views
Skip to first unread message
syzbot
Mar 29, 2022, 5:53:26 PM3/29/22
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f82da161ea75 powerpc: restore removed #endif
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11a0e5bd700000
kernel config: https://syzkaller.appspot.com/x/.config?x=9eae1e9bc921d771
dashboard link: https://syzkaller.appspot.com/bug?extid=416ef4a2288867b76017
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [da...@davemloft.net ker...@pengutronix.de ku...@kernel.org linu...@vger.kernel.org linux-...@vger.kernel.org li...@rempel-privat.de m...@pengutronix.de net...@vger.kernel.org pab...@redhat.com ro...@protonic.nl sock...@hartkopp.net]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+416ef4...@syzkaller.appspotmail.com
vcan0: j1939_xtp_rx_dat_one: 0xffff88812a638c00: last 00
vcan0: j1939_xtp_rx_dat: no rx connection found
==================================================================
BUG: KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one
write to 0xffff88812b4af6ac of 4 bytes by interrupt on cpu 1:
j1939_xtp_rx_dat_one+0x889/0x1040 net/can/j1939/transport.c:1875
j1939_xtp_rx_dat net/can/j1939/transport.c:1939 [inline]
j1939_tp_recv+0x2b8/0xa20 net/can/j1939/transport.c:2123
j1939_can_recv+0x3f9/0x4e0 net/can/j1939/main.c:108
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0x254/0x520 net/can/af_can.c:608
can_receive+0x1a2/0x220 net/can/af_can.c:665
can_rcv+0x9e/0x170 net/can/af_can.c:696
__netif_receive_skb_one_core net/core/dev.c:5405 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5519
process_backlog+0x23f/0x3c0 net/core/dev.c:5847
__napi_poll+0x65/0x3f0 net/core/dev.c:6413
napi_poll net/core/dev.c:6480 [inline]
net_rx_action+0x29e/0x650 net/core/dev.c:6567
__do_softirq+0x158/0x2de kernel/softirq.c:558
run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
kthread+0x1bf/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
read to 0xffff88812b4af6ac of 4 bytes by interrupt on cpu 0:
j1939_xtp_rx_dat_one+0x857/0x1040 net/can/j1939/transport.c:1874
j1939_xtp_rx_dat net/can/j1939/transport.c:1939 [inline]
j1939_tp_recv+0x2b8/0xa20 net/can/j1939/transport.c:2123
j1939_can_recv+0x3f9/0x4e0 net/can/j1939/main.c:108
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0x254/0x520 net/can/af_can.c:608
can_receive+0x1a2/0x220 net/can/af_can.c:665
can_rcv+0x9e/0x170 net/can/af_can.c:696
__netif_receive_skb_one_core net/core/dev.c:5405 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5519
process_backlog+0x23f/0x3c0 net/core/dev.c:5847
__napi_poll+0x65/0x3f0 net/core/dev.c:6413
napi_poll net/core/dev.c:6480 [inline]
net_rx_action+0x29e/0x650 net/core/dev.c:6567
__do_softirq+0x158/0x2de kernel/softirq.c:558
run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
kthread+0x1bf/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
value changed: 0x00000133 -> 0x00000134
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G W 5.17.0-syzkaller-11406-gf82da161ea75-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_abort_one: 0xffff88812b19b400: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff88812a04c200: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_tp_rxtimer: 0xffff88812b151a00: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0xffff888129f1f400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff888129f1f200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff888129f1f000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_tp_rxtimer: 0xffff88812b151a00: abort rx timeout. Force session deactivation
vcan0: j1939_tp_rxtimer: 0xffff88812a17b600: rx timeout, send abort
vcan0: j1939_tp_rxtimer: 0xffff88812b66b600: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0xffff88812a17b600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff88812b66b600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: f82da161ea75 powerpc: restore removed #endif
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11a0e5bd700000
kernel config: https://syzkaller.appspot.com/x/.config?x=9eae1e9bc921d771
dashboard link: https://syzkaller.appspot.com/bug?extid=416ef4a2288867b76017
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [da...@davemloft.net ker...@pengutronix.de ku...@kernel.org linu...@vger.kernel.org linux-...@vger.kernel.org li...@rempel-privat.de m...@pengutronix.de net...@vger.kernel.org pab...@redhat.com ro...@protonic.nl sock...@hartkopp.net]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+416ef4...@syzkaller.appspotmail.com
vcan0: j1939_xtp_rx_dat_one: 0xffff88812a638c00: last 00
vcan0: j1939_xtp_rx_dat: no rx connection found
==================================================================
BUG: KCSAN: data-race in j1939_xtp_rx_dat_one / j1939_xtp_rx_dat_one
write to 0xffff88812b4af6ac of 4 bytes by interrupt on cpu 1:
j1939_xtp_rx_dat_one+0x889/0x1040 net/can/j1939/transport.c:1875
j1939_xtp_rx_dat net/can/j1939/transport.c:1939 [inline]
j1939_tp_recv+0x2b8/0xa20 net/can/j1939/transport.c:2123
j1939_can_recv+0x3f9/0x4e0 net/can/j1939/main.c:108
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0x254/0x520 net/can/af_can.c:608
can_receive+0x1a2/0x220 net/can/af_can.c:665
can_rcv+0x9e/0x170 net/can/af_can.c:696
__netif_receive_skb_one_core net/core/dev.c:5405 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5519
process_backlog+0x23f/0x3c0 net/core/dev.c:5847
__napi_poll+0x65/0x3f0 net/core/dev.c:6413
napi_poll net/core/dev.c:6480 [inline]
net_rx_action+0x29e/0x650 net/core/dev.c:6567
__do_softirq+0x158/0x2de kernel/softirq.c:558
run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
kthread+0x1bf/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
read to 0xffff88812b4af6ac of 4 bytes by interrupt on cpu 0:
j1939_xtp_rx_dat_one+0x857/0x1040 net/can/j1939/transport.c:1874
j1939_xtp_rx_dat net/can/j1939/transport.c:1939 [inline]
j1939_tp_recv+0x2b8/0xa20 net/can/j1939/transport.c:2123
j1939_can_recv+0x3f9/0x4e0 net/can/j1939/main.c:108
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0x254/0x520 net/can/af_can.c:608
can_receive+0x1a2/0x220 net/can/af_can.c:665
can_rcv+0x9e/0x170 net/can/af_can.c:696
__netif_receive_skb_one_core net/core/dev.c:5405 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5519
process_backlog+0x23f/0x3c0 net/core/dev.c:5847
__napi_poll+0x65/0x3f0 net/core/dev.c:6413
napi_poll net/core/dev.c:6480 [inline]
net_rx_action+0x29e/0x650 net/core/dev.c:6567
__do_softirq+0x158/0x2de kernel/softirq.c:558
run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
kthread+0x1bf/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
value changed: 0x00000133 -> 0x00000134
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G W 5.17.0-syzkaller-11406-gf82da161ea75-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_dat_one: 0xffff88812b19b400: no skb found
vcan0: j1939_xtp_rx_abort_one: 0xffff88812b19b400: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_xtp_rx_abort_one: 0xffff88812a04c200: 0x00000: (5) Maximal retransmit request limit reached
vcan0: j1939_tp_rxtimer: 0xffff88812b151a00: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0xffff888129f1f400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff888129f1f200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff888129f1f000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_tp_rxtimer: 0xffff88812b151a00: abort rx timeout. Force session deactivation
vcan0: j1939_tp_rxtimer: 0xffff88812a17b600: rx timeout, send abort
vcan0: j1939_tp_rxtimer: 0xffff88812b66b600: rx timeout, send abort
vcan0: j1939_xtp_rx_abort_one: 0xffff88812a17b600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
vcan0: j1939_xtp_rx_abort_one: 0xffff88812b66b600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 1, 2022, 9:04:22 PM5/1/22
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages