syzbot

 sign-in | mailing list | source | docs
🐞 Open [1412]
Subsystems
🐞 Fixed [6987]
🐞 Invalid [18209]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in __inet6_lookup_established / inet_put_port (2)

Status: auto-obsoleted due to no activity on 2023/10/31 14:26
Subsystems: net
[Documentation on labels]
First crash: 929d, last: 929d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __inet6_lookup_established / inet_put_port (4) net 6 1 143d 143d 0/29 auto-obsoleted due to no activity on 2025/12/17 02:58
upstream KCSAN: data-race in __inet6_lookup_established / inet_put_port (3) net 6 1 713d 713d 0/29 auto-obsoleted due to no activity on 2024/05/04 18:35
upstream KCSAN: data-race in __inet6_lookup_established / inet_put_port net 6 2 1559d 1563d 0/29 auto-closed as invalid on 2022/01/09 18:03

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __inet6_lookup_established / inet_put_port

write to 0xffff88812802260e of 2 bytes by task 4354 on cpu 0:
 __inet_put_port net/ipv4/inet_hashtables.c:190 [inline]
 inet_put_port+0x219/0x3e0 net/ipv4/inet_hashtables.c:209
 tcp_set_state net/ipv4/tcp.c:2635 [inline]
 tcp_disconnect+0x188/0xde0 net/ipv4/tcp.c:2982
 __tcp_close+0xb03/0xfa0 net/ipv4/tcp.c:2798
 tcp_close+0x26/0x90 net/ipv4/tcp.c:2919
 inet_release+0xc9/0xf0 net/ipv4/af_inet.c:427
 inet6_release+0x3e/0x50 net/ipv6/af_inet6.c:480
 __sock_release net/socket.c:654 [inline]
 sock_release+0x44/0xe0 net/socket.c:682
 rds_tcp_accept_one+0xd4/0x680 net/rds/tcp_listen.c:230
 rds_tcp_accept_worker+0x25/0x70 net/rds/tcp.c:532
 process_one_work+0x434/0x860 kernel/workqueue.c:2600
 worker_thread+0x5f2/0xa10 kernel/workqueue.c:2751
 kthread+0x1d7/0x210 kernel/kthread.c:389
 ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

read to 0xffff88812802260c of 4 bytes by interrupt on cpu 1:
 inet6_match include/net/inet6_hashtables.h:115 [inline]
 __inet6_lookup_established+0x4b5/0x6c0 net/ipv6/inet6_hashtables.c:77
 tcp_v6_early_demux+0x267/0x490 net/ipv6/tcp_ipv6.c:1856
 ip6_rcv_finish_core net/ipv6/ip6_input.c:56 [inline]
 ip6_rcv_finish+0x2b3/0x2e0 net/ipv6/ip6_input.c:77
 NF_HOOK include/linux/netfilter.h:303 [inline]
 ipv6_rcv+0x74/0x150 net/ipv6/ip6_input.c:309
 __netif_receive_skb_one_core net/core/dev.c:5452 [inline]
 __netif_receive_skb+0x90/0x1b0 net/core/dev.c:5566
 process_backlog+0x21f/0x380 net/core/dev.c:5894
 __napi_poll+0x60/0x3b0 net/core/dev.c:6460
 napi_poll net/core/dev.c:6527 [inline]
 net_rx_action+0x32b/0x750 net/core/dev.c:6660
 __do_softirq+0xc1/0x265 kernel/softirq.c:553
 do_softirq+0x5e/0x90 kernel/softirq.c:454
 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381
 local_bh_enable+0x1f/0x20 include/linux/bottom_half.h:33
 rcu_read_unlock_bh include/linux/rcupdate.h:819 [inline]
 __dev_queue_xmit+0xabb/0x1d10 net/core/dev.c:4230
 dev_queue_xmit include/linux/netdevice.h:3088 [inline]
 neigh_hh_output include/net/neighbour.h:528 [inline]
 neigh_output include/net/neighbour.h:542 [inline]
 ip6_finish_output2+0x994/0xc50 net/ipv6/ip6_output.c:135
 __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
 ip6_finish_output+0x3a0/0x4f0 net/ipv6/ip6_output.c:207
 NF_HOOK_COND include/linux/netfilter.h:292 [inline]
 ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:228
 dst_output include/net/dst.h:458 [inline]
 NF_HOOK include/linux/netfilter.h:303 [inline]
 ip6_xmit+0x8da/0xb70 net/ipv6/ip6_output.c:344
 inet6_csk_xmit+0x1cf/0x210 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0x1231/0x1710 net/ipv4/tcp_output.c:1401
 tcp_transmit_skb net/ipv4/tcp_output.c:1419 [inline]
 tcp_write_xmit+0x112b/0x2ed0 net/ipv4/tcp_output.c:2735
 __tcp_push_pending_frames net/ipv4/tcp_output.c:2919 [inline]
 tcp_send_fin+0x572/0x7b0 net/ipv4/tcp_output.c:3514
 tcp_shutdown+0xa7/0xc0 net/ipv4/tcp.c:2703
 mptcp_subflow_shutdown+0x142/0x310 net/mptcp/protocol.c:2772
 mptcp_check_send_data_fin net/mptcp/protocol.c:2839 [inline]
 __mptcp_wr_shutdown net/mptcp/protocol.c:2855 [inline]
 __mptcp_close+0x5fe/0x660 net/mptcp/protocol.c:2941
 mptcp_close+0x28/0xf0 net/mptcp/protocol.c:2997
 inet_release+0xc9/0xf0 net/ipv4/af_inet.c:427
 inet6_release+0x3e/0x50 net/ipv6/af_inet6.c:480
 __sock_release net/socket.c:654 [inline]
 sock_close+0x70/0x150 net/socket.c:1386
 __fput+0x2fd/0x600 fs/file_table.c:384
 ____fput+0x15/0x20 fs/file_table.c:412
 task_work_run+0x135/0x1a0 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0xd1/0xe0 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0x6c/0xb0 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:297
 do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x4001dcc8 -> 0x0000dcc8

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 941 Comm: syz-executor.2 Not tainted 6.5.0-rc7-syzkaller-00185-g28f20a19294d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/27 15:49 upstream 28f20a19294d 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __inet6_lookup_established / inet_put_port
* Struck through repros no longer work on HEAD.