syzbot

 sign-in | mailing list | source | docs
🐞 Open [1645]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in sk_common_release / xfrm_lookup_with_ifid

Status: auto-closed as invalid on 2020/01/14 20:50
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+232e56b42dcf79e03352@syzkaller.appspotmail.com
First crash: 1911d, last: 1911d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in sk_common_release / xfrm_lookup_with_ifid

write to 0xffff888121172668 of 8 bytes by task 22196 on cpu 0:
 xfrm_sk_free_policy include/net/xfrm.h:1193 [inline]
 sk_common_release+0x18c/0x1d0 net/core/sock.c:3198
 udp_lib_close+0x1f/0x30 include/net/udp.h:202
 inet_release+0x86/0x100 net/ipv4/af_inet.c:427
 inet6_release+0x4a/0x70 net/ipv6/af_inet6.c:470
 __sock_release+0x85/0x160 net/socket.c:590
 sock_close+0x24/0x30 net/socket.c:1268
 __fput+0x1e1/0x520 fs/file_table.c:280
 ____fput+0x1f/0x30 fs/file_table.c:313
 task_work_run+0xf6/0x130 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x2b4/0x2c0 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x353/0x370 arch/x86/entry/common.c:300
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff888121172668 of 8 bytes by task 22201 on cpu 1:
 xfrm_lookup_with_ifid+0xc0/0x1310 net/xfrm/xfrm_policy.c:3035
 xfrm_lookup net/xfrm/xfrm_policy.c:3174 [inline]
 xfrm_lookup_route+0x44/0x100 net/xfrm/xfrm_policy.c:3185
 ip6_dst_lookup_flow+0xde/0x120 net/ipv6/ip6_output.c:1159
 inet6_csk_route_socket+0x2f7/0x420 net/ipv6/inet6_connection_sock.c:106
 inet6_csk_xmit+0x91/0x1f0 net/ipv6/inet6_connection_sock.c:121
 l2tp_xmit_core net/l2tp/l2tp_core.c:1030 [inline]
 l2tp_xmit_skb+0x8c9/0x8e0 net/l2tp/l2tp_core.c:1132
 pppol2tp_sendmsg+0x2fc/0x3c0 net/l2tp/l2tp_ppp.c:325
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0x9f/0xc0 net/socket.c:657
 ___sys_sendmsg+0x2b7/0x5d0 net/socket.c:2311
 __sys_sendmmsg+0x123/0x350 net/socket.c:2413
 __do_sys_sendmmsg net/socket.c:2442 [inline]
 __se_sys_sendmmsg net/socket.c:2439 [inline]
 __x64_sys_sendmmsg+0x64/0x80 net/socket.c:2439
 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 22201 Comm: syz-executor.5 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/05 20:49 https://github.com/google/ktsan.git kcsan 94c006602e13 af5c522d .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.