syzbot

 sign-in | mailing list | source | docs
🐞 Open [977] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12492] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in mptcp_recvmsg / mptcp_subflow_data_available

Status: auto-closed as invalid on 2020/10/17 10:02
Subsystems: mptcp
[Documentation on labels]
First crash: 1319d, last: 1319d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in mptcp_recvmsg / mptcp_subflow_data_available

write to 0xffff888121e04348 of 2 bytes by interrupt on cpu 1:
 subflow_check_data_avail net/mptcp/subflow.c:847 [inline]
 mptcp_subflow_data_available+0x5f6/0x750 net/mptcp/subflow.c:944
 subflow_data_ready+0x122/0x170 net/mptcp/subflow.c:990
 tcp_data_ready net/ipv4/tcp_input.c:4828 [inline]
 tcp_data_queue+0x1b71/0x3160 net/ipv4/tcp_input.c:4893
 tcp_rcv_established+0x667/0x1520 net/ipv4/tcp_input.c:5786
 tcp_v4_do_rcv+0x25e/0x480 net/ipv4/tcp_ipv4.c:1642
 tcp_v4_rcv+0x219b/0x2420 net/ipv4/tcp_ipv4.c:2024
 ip_protocol_deliver_rcu+0x1f9/0x400 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_local_deliver+0x1d6/0x2a0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:449 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_rcv+0x1a6/0x250 net/ipv4/ip_input.c:539
 __netif_receive_skb_one_core net/core/dev.c:5286 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5400
 process_backlog+0x29f/0x4a0 net/core/dev.c:6242
 napi_poll+0x178/0x4f0 net/core/dev.c:6688
 net_rx_action+0x1ba/0x530 net/core/dev.c:6758
 __do_softirq+0x198/0x360 kernel/softirq.c:298
 run_ksoftirqd+0x2f/0x60 kernel/softirq.c:652
 smpboot_thread_fn+0x347/0x530 kernel/smpboot.c:165
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

read to 0xffff888121e04348 of 2 bytes by task 13774 on cpu 0:
 mptcp_subflow_recv_lookup net/mptcp/protocol.c:531 [inline]
 __mptcp_move_skbs net/mptcp/protocol.c:1158 [inline]
 mptcp_recvmsg+0x4e9/0x1160 net/mptcp/protocol.c:1202
 inet_recvmsg+0xa3/0x210 net/ipv4/af_inet.c:848
 ____sys_recvmsg+0x15a/0x2e0 include/linux/uio.h:234
 ___sys_recvmsg net/socket.c:2618 [inline]
 do_recvmmsg+0x35c/0xa30 net/socket.c:2716
 __sys_recvmmsg net/socket.c:2795 [inline]
 __do_sys_recvmmsg net/socket.c:2818 [inline]
 __se_sys_recvmmsg net/socket.c:2811 [inline]
 __x64_sys_recvmmsg+0xcc/0x150 net/socket.c:2811
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 13774 Comm: syz-executor.5 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/09/12 09:59 upstream e8878ab82545 79fb24e2 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.