syzbot

 sign-in | mailing list | source | docs
🐞 Open [1021] Subsystems 🐞 Fixed [5251] 🐞 Invalid [12565] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __inet_lookup_established / inet_put_port (4)

Status: auto-obsoleted due to no activity on 2023/12/05 17:09
Subsystems: net
[Documentation on labels]
First crash: 185d, last: 185d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port (2) net 1 779d 766d 0/26 auto-closed as invalid on 2022/04/20 06:18
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port (3) net 2 288d 309d 0/26 auto-obsoleted due to no activity on 2023/08/25 03:00
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port net 1 889d 889d 0/26 auto-closed as invalid on 2021/12/31 18:59

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __inet_lookup_established / inet_put_port

write to 0xffff8881085aba8e of 2 bytes by task 47 on cpu 0:
 __inet_put_port net/ipv4/inet_hashtables.c:197 [inline]
 inet_put_port+0x21e/0x3f0 net/ipv4/inet_hashtables.c:216
 tcp_set_state net/ipv4/tcp.c:2637 [inline]
 __tcp_close+0x4e6/0x1040 net/ipv4/tcp.c:2796
 tcp_close+0x26/0x90 net/ipv4/tcp.c:2921
 inet_release+0xc9/0xf0 net/ipv4/af_inet.c:433
 inet6_release+0x3e/0x50 net/ipv6/af_inet6.c:484
 __sock_release net/socket.c:659 [inline]
 sock_release+0x44/0xe0 net/socket.c:687
 rds_tcp_accept_one+0xd4/0x680 net/rds/tcp_listen.c:230
 rds_tcp_accept_worker+0x25/0x70 net/rds/tcp.c:532
 process_one_work kernel/workqueue.c:2630 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
 worker_thread+0x525/0x730 kernel/workqueue.c:2784
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

read to 0xffff8881085aba8c of 4 bytes by interrupt on cpu 1:
 inet_match include/net/inet_hashtables.h:364 [inline]
 __inet_lookup_established+0x11b/0x480 net/ipv4/inet_hashtables.c:518
 __inet_lookup include/net/inet_hashtables.h:424 [inline]
 __inet_lookup_skb include/net/inet_hashtables.h:511 [inline]
 tcp_v4_rcv+0x973/0x1d60 net/ipv4/tcp_ipv4.c:2025
 ip_protocol_deliver_rcu+0x356/0x6d0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x13c/0x1a0 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:304 [inline]
 ip_local_deliver+0xec/0x1c0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:468 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
 NF_HOOK include/linux/netfilter.h:304 [inline]
 ip_rcv+0x197/0x270 net/ipv4/ip_input.c:569
 __netif_receive_skb_one_core net/core/dev.c:5552 [inline]
 __netif_receive_skb+0x90/0x1b0 net/core/dev.c:5666
 process_backlog+0x21f/0x380 net/core/dev.c:5994
 __napi_poll+0x60/0x3b0 net/core/dev.c:6556
 napi_poll net/core/dev.c:6623 [inline]
 net_rx_action+0x32b/0x750 net/core/dev.c:6756
 __do_softirq+0xc4/0x279 kernel/softirq.c:553
 do_softirq+0x5e/0x90 kernel/softirq.c:454
 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:817 [inline]
 __dev_queue_xmit+0xad9/0x1e20 net/core/dev.c:4396
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 neigh_hh_output include/net/neighbour.h:526 [inline]
 neigh_output include/net/neighbour.h:540 [inline]
 ip_finish_output2+0x72f/0x880 net/ipv4/ip_output.c:233
 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:321
 NF_HOOK_COND include/linux/netfilter.h:293 [inline]
 ip_output+0xab/0x170 net/ipv4/ip_output.c:431
 dst_output include/net/dst.h:458 [inline]
 ip_local_out net/ipv4/ip_output.c:127 [inline]
 __ip_queue_xmit+0xb09/0xb30 net/ipv4/ip_output.c:533
 ip_queue_xmit+0x38/0x40 net/ipv4/ip_output.c:547
 __tcp_transmit_skb+0x1245/0x1740 net/ipv4/tcp_output.c:1415
 tcp_transmit_skb net/ipv4/tcp_output.c:1433 [inline]
 tcp_write_xmit+0x1155/0x2f50 net/ipv4/tcp_output.c:2762
 __tcp_push_pending_frames+0x6a/0x1a0 net/ipv4/tcp_output.c:2947
 tcp_sendmsg_locked+0x1a05/0x2690 net/ipv4/tcp.c:1286
 tcp_sendmsg+0x30/0x50 net/ipv4/tcp.c:1340
 inet_sendmsg+0x63/0x80 net/ipv4/af_inet.c:846
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x37c/0x4d0 net/socket.c:2558
 ___sys_sendmsg net/socket.c:2612 [inline]
 __sys_sendmsg+0x1e9/0x270 net/socket.c:2641
 __do_sys_sendmsg net/socket.c:2650 [inline]
 __se_sys_sendmsg net/socket.c:2648 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2648
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

value changed: 0x4001cccf -> 0x0000cccf

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 28549 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-03860-g5a6a09e97199 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/10/31 17:07 upstream 5a6a09e97199 58499c95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __inet_lookup_established / inet_put_port
* Struck through repros no longer work on HEAD.