syzbot

 sign-in | mailing list | source | docs
🐞 Open [1012] Subsystems 🐞 Fixed [5251] 🐞 Invalid [12562] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in tcp_done / tcp_poll (5)

Status: auto-obsoleted due to no activity on 2023/03/10 14:49
Subsystems: net
[Documentation on labels]
First crash: 461d, last: 461d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in tcp_done / tcp_poll (3) net 1 688d 688d 0/26 auto-closed as invalid on 2022/07/20 02:14
upstream KCSAN: data-race in tcp_done / tcp_poll net 1 994d 994d 0/26 auto-closed as invalid on 2021/09/16 14:47
upstream KCSAN: data-race in tcp_done / tcp_poll (2) net 5 756d 793d 0/26 auto-closed as invalid on 2022/05/12 14:44
upstream KCSAN: data-race in tcp_done / tcp_poll (4) net 1 588d 588d 0/26 auto-obsoleted due to no activity on 2022/10/27 21:35

Sample crash report:
==================================================================
BUG: KCSAN: data-race in tcp_done / tcp_poll

write to 0xffff88812d3a226c of 1 bytes by interrupt on cpu 1:
 tcp_done+0x2ca/0x360 net/ipv4/tcp.c:4650
 tcp_reset+0xc6/0x1b0 net/ipv4/tcp_input.c:4339
 tcp_rcv_synsent_state_process+0x817/0xf50 net/ipv4/tcp_input.c:6230
 tcp_rcv_state_process+0x1a6/0x1030 net/ipv4/tcp_input.c:6501
 tcp_v4_do_rcv+0x457/0x5e0 net/ipv4/tcp_ipv4.c:1744
 tcp_v4_rcv+0x18e6/0x1b40 net/ipv4/tcp_ipv4.c:2142
 ip_protocol_deliver_rcu+0x380/0x710 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x134/0x1a0 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:302 [inline]
 ip_local_deliver+0x100/0x1b0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:454 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
 NF_HOOK include/linux/netfilter.h:302 [inline]
 ip_rcv+0x1b1/0x260 net/ipv4/ip_input.c:569
 __netif_receive_skb_one_core net/core/dev.c:5482 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5596
 process_backlog+0x23f/0x3b0 net/core/dev.c:5924
 __napi_poll+0x65/0x390 net/core/dev.c:6485
 napi_poll net/core/dev.c:6552 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6663
 __do_softirq+0xf2/0x2c7 kernel/softirq.c:571
 do_softirq+0xb1/0xf0 kernel/softirq.c:472
 __local_bh_enable_ip+0x6f/0x80 kernel/softirq.c:396
 local_bh_enable+0x1b/0x20 include/linux/bottom_half.h:33
 rcu_read_unlock_bh include/linux/rcupdate.h:834 [inline]
 ip_finish_output2+0x754/0x850 net/ipv4/ip_output.c:229
 ip_finish_output+0xf3/0x250 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip_output+0xf3/0x1a0 net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:444 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 __ip_queue_xmit+0xa2e/0xa50 net/ipv4/ip_output.c:532
 ip_queue_xmit+0x34/0x40 net/ipv4/ip_output.c:546
 __tcp_transmit_skb+0x1242/0x1730 net/ipv4/tcp_output.c:1399
 __tcp_send_ack+0x1dc/0x2e0 net/ipv4/tcp_output.c:3983
 tcp_send_ack+0x23/0x30 net/ipv4/tcp_output.c:3989
 tcp_rcv_synsent_state_process+0xec3/0xf50 net/ipv4/tcp_input.c:6325
 tcp_rcv_state_process+0x1a6/0x1030 net/ipv4/tcp_input.c:6501
 tcp_v4_do_rcv+0x457/0x5e0 net/ipv4/tcp_ipv4.c:1744
 sk_backlog_rcv include/net/sock.h:1113 [inline]
 __release_sock+0xf2/0x270 net/core/sock.c:2928
 release_sock+0x40/0x110 net/core/sock.c:3485
 inet_stream_connect+0x58/0x70 net/ipv4/af_inet.c:730
 rds_tcp_conn_path_connect+0x360/0x430 net/rds/tcp_connect.c:176
 rds_connect_worker+0x125/0x1a0 net/rds/threads.c:176
 process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
 worker_thread+0x618/0xa70 kernel/workqueue.c:2436
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308

read to 0xffff88812d3a226c of 1 bytes by task 20888 on cpu 0:
 tcp_poll+0xf7/0x560 net/ipv4/tcp.c:543
 sock_poll+0x23e/0x260 net/socket.c:1353
 vfs_poll include/linux/poll.h:88 [inline]
 __io_arm_poll_handler+0x200/0xc80 io_uring/poll.c:598
 io_arm_poll_handler+0x43f/0x570 io_uring/poll.c:722
 io_queue_async+0x81/0x490 io_uring/io_uring.c:2006
 io_queue_sqe io_uring/io_uring.c:2037 [inline]
 io_submit_sqe+0x6fe/0xa50 io_uring/io_uring.c:2286
 io_submit_sqes+0x274/0x550 io_uring/io_uring.c:2397
 __do_sys_io_uring_enter io_uring/io_uring.c:3345 [inline]
 __se_sys_io_uring_enter+0x1ef/0xc40 io_uring/io_uring.c:3277
 __x64_sys_io_uring_enter+0x74/0x80 io_uring/io_uring.c:3277
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00 -> 0x03

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 20888 Comm: syz-executor.2 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/27 14:38 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in tcp_done / tcp_poll
* Struck through repros no longer work on HEAD.