syzbot


KCSAN: data-race in sctp_poll / sctp_wfree

Status: auto-closed as invalid on 2020/02/16 05:26
Subsystems: sctp
[Documentation on labels]
First crash: 1574d, last: 1572d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in sctp_poll / sctp_wfree (2) sctp 3 1085d 1088d 0/26 auto-closed as invalid on 2021/05/17 10:01
upstream KCSAN: data-race in sctp_poll / sctp_wfree (3) sctp 1 214d 213d 23/26 fixed on 2023/10/12 12:48

Sample crash report:
==================================================================
BUG: KCSAN: data-race in sctp_poll / sctp_wfree

read to 0xffff888121adb7c8 of 4 bytes by task 13898 on cpu 0:
 sctp_writeable net/sctp/socket.c:9130 [inline]
 sctp_poll+0x220/0x500 net/sctp/socket.c:8496
 sock_poll+0xed/0x250 net/socket.c:1256
 vfs_poll include/linux/poll.h:90 [inline]
 do_pollfd fs/select.c:859 [inline]
 do_poll fs/select.c:907 [inline]
 do_sys_poll+0x4ac/0x990 fs/select.c:1001
 __do_sys_poll fs/select.c:1059 [inline]
 __se_sys_poll fs/select.c:1047 [inline]
 __x64_sys_poll+0x77/0x250 fs/select.c:1047
 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

write to 0xffff888121adb7c8 of 4 bytes by task 13906 on cpu 1:
 sctp_wfree+0x15c/0x4e0 net/sctp/socket.c:8973
 skb_release_head_state+0xb8/0x180 net/core/skbuff.c:652
 skb_release_all+0x1f/0x60 net/core/skbuff.c:663
 __kfree_skb net/core/skbuff.c:679 [inline]
 consume_skb net/core/skbuff.c:838 [inline]
 consume_skb+0x92/0x1c0 net/core/skbuff.c:832
 sctp_chunk_destroy net/sctp/sm_make_chunk.c:1454 [inline]
 sctp_chunk_put+0x10b/0x1a0 net/sctp/sm_make_chunk.c:1481
 sctp_datamsg_destroy net/sctp/chunk.c:113 [inline]
 sctp_datamsg_put+0x17c/0x300 net/sctp/chunk.c:130
 sctp_chunk_free+0x40/0x60 net/sctp/sm_make_chunk.c:1466
 sctp_outq_sack+0x657/0xc20 net/sctp/outqueue.c:1345
 sctp_cmd_process_sack net/sctp/sm_sideeffect.c:795 [inline]
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1353 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
 sctp_do_sm+0x222e/0x2ef0 net/sctp/sm_sideeffect.c:1155
 sctp_assoc_bh_rcv+0x291/0x3e0 net/sctp/associola.c:1048
 sctp_inq_push+0x107/0x1a0 net/sctp/inqueue.c:80
 sctp_backlog_rcv+0x112/0x7a0 net/sctp/input.c:344
 sk_backlog_rcv include/net/sock.h:950 [inline]
 __release_sock+0x135/0x1e0 net/core/sock.c:2439
 release_sock+0x61/0x160 net/core/sock.c:2955
 sctp_recvmsg+0x41f/0x720 net/sctp/socket.c:2180
 inet_recvmsg+0xbb/0x250 net/ipv4/af_inet.c:838
 sock_recvmsg_nosec net/socket.c:871 [inline]
 sock_recvmsg net/socket.c:889 [inline]
 sock_recvmsg+0x92/0xb0 net/socket.c:885
 sock_read_iter+0x15f/0x1e0 net/socket.c:967
 call_read_iter include/linux/fs.h:1889 [inline]
 do_iter_readv_writev+0x54b/0x5b0 fs/read_write.c:691
 do_iter_read+0x1fc/0x3d0 fs/read_write.c:933
 vfs_readv+0x9c/0xf0 fs/read_write.c:997
 do_readv+0xe3/0x250 fs/read_write.c:1034
 __do_sys_readv fs/read_write.c:1125 [inline]
 __se_sys_readv fs/read_write.c:1122 [inline]
 __x64_sys_readv+0x4e/0x60 fs/read_write.c:1122
 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 13906 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/08 05:21 https://github.com/google/ktsan.git kcsan ef798c30ba4e 1508f453 .config console log report ci2-upstream-kcsan-gce
2019/12/06 15:50 https://github.com/google/ktsan.git kcsan ef798c30ba4e 12c3b6cd .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.