syzbot


KCSAN: data-race in __nf_conntrack_alloc / __nf_conntrack_find_get

Status: auto-closed as invalid on 2020/04/02 17:02
Subsystems: netfilter
[Documentation on labels]
First crash: 1543d, last: 1543d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __nf_conntrack_alloc / __nf_conntrack_find_get (2) netfilter 2 1219d 1222d 0/26 auto-closed as invalid on 2021/01/16 23:05
upstream KCSAN: data-race in __nf_conntrack_alloc / __nf_conntrack_find_get (3) netfilter 2 859d 859d 20/26 fixed on 2022/03/08 16:11

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __nf_conntrack_alloc / __nf_conntrack_find_get

read to 0xffff88811f86bb7f of 1 bytes by task 24765 on cpu 1:
 nf_ct_tuplehash_to_ctrack include/net/netfilter/nf_conntrack.h:113 [inline]
 ____nf_conntrack_find net/netfilter/nf_conntrack_core.c:744 [inline]
 __nf_conntrack_find_get+0x268/0x880 net/netfilter/nf_conntrack_core.c:776
 resolve_normal_ct net/netfilter/nf_conntrack_core.c:1545 [inline]
 nf_conntrack_in+0x2ef/0xa80 net/netfilter/nf_conntrack_core.c:1707
 ipv6_conntrack_local+0x27/0x40 net/netfilter/nf_conntrack_proto.c:530
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x83/0x160 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ip6_xmit+0x91a/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xea3/0x1df0 net/ipv4/tcp_output.c:1170
 tcp_transmit_skb net/ipv4/tcp_output.c:1186 [inline]
 tcp_write_xmit+0xa74/0x3190 net/ipv4/tcp_output.c:2441
 tcp_push_one+0x95/0xb0 net/ipv4/tcp_output.c:2631
 tcp_sendmsg_locked+0x11b6/0x2040 net/ipv4/tcp.c:1385
 tcp_sendmsg+0x39/0x60 net/ipv4/tcp.c:1436
 inet6_sendmsg+0x6d/0x90 net/ipv6/af_inet6.c:576
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg+0x9f/0xc0 net/socket.c:659
 __sys_sendto+0x21f/0x320 net/socket.c:1985
 __do_sys_sendto net/socket.c:1997 [inline]
 __se_sys_sendto net/socket.c:1993 [inline]
 __x64_sys_sendto+0x89/0xb0 net/socket.c:1993
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

write to 0xffff88811f86bb58 of 40 bytes by task 24757 on cpu 0:
 __nf_conntrack_alloc+0x177/0x380 net/netfilter/nf_conntrack_core.c:1377
 init_conntrack.isra.0+0x8bb/0x8f0 net/netfilter/nf_conntrack_core.c:1449
 resolve_normal_ct net/netfilter/nf_conntrack_core.c:1547 [inline]
 nf_conntrack_in+0x652/0xa80 net/netfilter/nf_conntrack_core.c:1707
 ipv6_conntrack_local+0x27/0x40 net/netfilter/nf_conntrack_proto.c:530
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_slow+0x83/0x160 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:262 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ip6_xmit+0x91a/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xea3/0x1df0 net/ipv4/tcp_output.c:1170
 __tcp_send_ack+0x246/0x300 net/ipv4/tcp_output.c:3697
 tcp_send_ack+0x34/0x40 net/ipv4/tcp_output.c:3703
 tcp_cleanup_rbuf+0x130/0x360 net/ipv4/tcp.c:1578
 tcp_recvmsg+0x5a3/0x1c90 net/ipv4/tcp.c:2094
 inet6_recvmsg+0xbb/0x240 net/ipv6/af_inet6.c:592
 sock_recvmsg_nosec net/socket.c:873 [inline]
 sock_recvmsg net/socket.c:891 [inline]
 sock_recvmsg+0x92/0xb0 net/socket.c:887
 __sys_recvfrom+0x1ae/0x2d0 net/socket.c:2042
 __do_sys_recvfrom net/socket.c:2060 [inline]
 __se_sys_recvfrom net/socket.c:2056 [inline]
 __x64_sys_recvfrom+0x89/0xb0 net/socket.c:2056
 do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 24757 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/01/23 17:00 https://github.com/google/ktsan.git kcsan 245a43005292 11ebf937 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.