syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14793]
Missing Backports [136]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in sctp_association_free / sctp_wait_for_connect

Status: auto-closed as invalid on 2020/04/25 04:20
Subsystems: sctp
[Documentation on labels]
Reported-by: syzbot+8c5bd58e908220eaca32@syzkaller.appspotmail.com
First crash: 1907d, last: 1808d
Similar bugs (9)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (9) sctp 3 294d 329d 0/28 auto-obsoleted due to no activity on 2024/05/13 21:41
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (10) sctp 1 200d 200d 0/28 auto-obsoleted due to no activity on 2024/08/15 02:20
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (5) sctp 2 974d 988d 0/28 auto-closed as invalid on 2022/07/03 08:54
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (6) kernel 1 720d 720d 0/28 auto-obsoleted due to no activity on 2023/03/21 10:51
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (3) sctp 1 1418d 1418d 0/28 auto-closed as invalid on 2021/04/15 05:09
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (7) sctp 1 663d 663d 0/28 auto-obsoleted due to no activity on 2023/05/10 22:22
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (4) sctp 1 1170d 1170d 0/28 auto-closed as invalid on 2021/12/19 15:10
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (2) sctp 1 1595d 1595d 0/28 auto-closed as invalid on 2020/10/20 15:22
upstream KCSAN: data-race in sctp_association_free / sctp_wait_for_connect (8) sctp 1 575d 575d 0/28 auto-obsoleted due to no activity on 2023/08/06 09:15

Sample crash report:
==================================================================
BUG: KCSAN: data-race in sctp_association_free / sctp_wait_for_connect

write to 0xffff8880aa6ec01c of 1 bytes by task 16849 on cpu 1:
 sctp_association_free+0x101/0x480 net/sctp/associola.c:336
 sctp_cmd_delete_tcb net/sctp/sm_sideeffect.c:930 [inline]
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1318 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1185 [inline]
 sctp_do_sm+0x2857/0x2fd0 net/sctp/sm_sideeffect.c:1156
 sctp_primitive_SHUTDOWN+0x7b/0xa0 net/sctp/primitive.c:89
 sctp_close+0x2a2/0x5e0 net/sctp/socket.c:1514
 inet_release+0x86/0x100 net/ipv4/af_inet.c:427
 __sock_release+0x85/0x160 net/socket.c:605
 sock_close+0x24/0x30 net/socket.c:1283
 __fput+0x1e1/0x520 fs/file_table.c:280
 ____fput+0x1f/0x30 fs/file_table.c:313
 task_work_run+0xf6/0x130 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x2b4/0x2c0 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:278 [inline]
 do_syscall_64+0x384/0x3a0 arch/x86/entry/common.c:304
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880aa6ec01c of 1 bytes by task 16845 on cpu 0:
 sctp_wait_for_connect+0x19d/0x330 net/sctp/socket.c:9269
 sctp_sendmsg_to_asoc+0x13c3/0x1420 net/sctp/socket.c:1870
 sctp_sendmsg+0xbeb/0x14f0 net/sctp/socket.c:2016
 inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0x9f/0xc0 net/socket.c:672
 __sys_sendto+0x21f/0x320 net/socket.c:1998
 __do_sys_sendto net/socket.c:2010 [inline]
 __se_sys_sendto net/socket.c:2006 [inline]
 __x64_sys_sendto+0x89/0xb0 net/socket.c:2006
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 16845 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/15 04:19 https://github.com/google/ktsan.git kcsan b12d66a6c34f 5d7b90f1 .config console log report ci2-upstream-kcsan-gce
2020/02/06 12:12 https://github.com/google/ktsan.git kcsan 245a43005292 5be3a391 .config console log report ci2-upstream-kcsan-gce
2020/02/05 12:13 https://github.com/google/ktsan.git kcsan 245a43005292 93e5e335 .config console log report ci2-upstream-kcsan-gce
2019/12/24 10:34 https://github.com/google/ktsan.git kcsan 245a43005292 be5c2c81 .config console log report ci2-upstream-kcsan-gce
2019/12/21 21:39 https://github.com/google/ktsan.git kcsan 245a43005292 bc586918 .config console log report ci2-upstream-kcsan-gce
2019/12/01 18:13 https://github.com/google/ktsan.git kcsan ef798c30ba4e a76bf83f .config console log report ci2-upstream-kcsan-gce
2019/11/24 23:13 https://github.com/google/ktsan.git kcsan 5863cc791e4c 598ca6c8 .config console log report ci2-upstream-kcsan-gce
2019/11/08 19:44 https://github.com/google/ktsan.git kcsan 94c006602e13 1e35461e .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.