syzbot


KCSAN: data-race in kcm_rcv_strparser / kcm_rfree

Status: closed as invalid on 2020/06/18 14:24
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 992d, last: 804d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in kcm_rcv_strparser / kcm_rfree (4) 4 561d 586d 0/23 auto-closed as invalid on 2021/02/27 15:17
upstream KCSAN: data-race in kcm_rcv_strparser / kcm_rfree (2) 1 776d 776d 0/23 auto-closed as invalid on 2020/07/27 00:03
upstream KCSAN: data-race in kcm_rcv_strparser / kcm_rfree (5) 2 509d 520d 0/23 auto-closed as invalid on 2021/04/19 17:00
upstream KCSAN: data-race in kcm_rcv_strparser / kcm_rfree (3) 1 688d 688d 0/23 auto-closed as invalid on 2020/10/23 10:46

Sample crash report:
==================================================================
BUG: KCSAN: data-race in kcm_rcv_strparser / kcm_rfree

write to 0xffff88808daadb78 of 1 bytes by task 10210 on cpu 1:
 reserve_rx_kcm net/kcm/kcmsock.c:282 [inline]
 kcm_rcv_strparser+0x3a6/0x4d0 net/kcm/kcmsock.c:362
 __strp_recv+0x33e/0xf20 net/strparser/strparser.c:309
 strp_recv+0x77/0x90 net/strparser/strparser.c:343
 tcp_read_sock+0x184/0x690 net/ipv4/tcp.c:1638
 strp_read_sock+0xd8/0x140 net/strparser/strparser.c:366
 do_strp_work net/strparser/strparser.c:414 [inline]
 strp_work+0x90/0xd0 net/strparser/strparser.c:423
 process_one_work+0x424/0x930 kernel/workqueue.c:2268
 worker_thread+0x9a/0x7e0 kernel/workqueue.c:2414
 kthread+0x203/0x230 kernel/kthread.c:268
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

read to 0xffff88808daadb78 of 1 bytes by task 18451 on cpu 0:
 kcm_rfree+0xe7/0x1d0 net/kcm/kcmsock.c:180
 skb_release_head_state+0xb0/0x180 net/core/skbuff.c:651
 skb_release_all+0x1b/0x50 net/core/skbuff.c:662
 __kfree_skb net/core/skbuff.c:678 [inline]
 kfree_skb net/core/skbuff.c:696 [inline]
 kfree_skb+0x93/0x200 net/core/skbuff.c:690
 kcm_recvmsg+0x2d7/0x320 net/kcm/kcmsock.c:1160
 sock_recvmsg_nosec net/socket.c:886 [inline]
 ____sys_recvmsg+0x343/0x350 net/socket.c:2583
 ___sys_recvmsg+0xb2/0x100 net/socket.c:2627
 do_recvmmsg+0x17a/0x540 net/socket.c:2725
 __sys_recvmmsg+0x1f1/0x200 net/socket.c:2804
 __do_sys_recvmmsg net/socket.c:2827 [inline]
 __se_sys_recvmmsg net/socket.c:2820 [inline]
 __x64_sys_recvmmsg+0x82/0xb0 net/socket.c:2820
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 18451 Comm: syz-executor.5 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (21):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2020/05/25 11:32 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 11284182 .config log report
ci2-upstream-kcsan-gce 2020/05/19 12:57 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 6d882fd2 .config log report
ci2-upstream-kcsan-gce 2020/04/07 17:09 https://github.com/google/ktsan.git kcsan 40959e34d670 db9bcd4b .config log report
ci2-upstream-kcsan-gce 2020/04/04 01:10 https://github.com/google/ktsan.git kcsan 40959e34d670 ef26b610 .config log report
ci2-upstream-kcsan-gce 2020/02/14 10:20 https://github.com/google/ktsan.git kcsan b12d66a6c34f 5d7b90f1 .config log report
ci2-upstream-kcsan-gce 2020/02/07 12:53 https://github.com/google/ktsan.git kcsan 245a43005292 06150bf1 .config log report
ci2-upstream-kcsan-gce 2020/02/05 14:17 https://github.com/google/ktsan.git kcsan 245a43005292 662cf49a .config log report
ci2-upstream-kcsan-gce 2020/02/02 02:25 https://github.com/google/ktsan.git kcsan 245a43005292 2274ad39 .config log report
ci2-upstream-kcsan-gce 2020/02/01 10:50 https://github.com/google/ktsan.git kcsan 245a43005292 326d4c78 .config log report
ci2-upstream-kcsan-gce 2020/01/31 20:41 https://github.com/google/ktsan.git kcsan 245a43005292 0eb59c27 .config log report
ci2-upstream-kcsan-gce 2020/01/18 21:07 https://github.com/google/ktsan.git kcsan 245a43005292 bc8bc756 .config log report
ci2-upstream-kcsan-gce 2020/01/15 20:11 https://github.com/google/ktsan.git kcsan 245a43005292 f9b69507 .config log report
ci2-upstream-kcsan-gce 2020/01/12 23:35 https://github.com/google/ktsan.git kcsan 245a43005292 53faa9fe .config log report
ci2-upstream-kcsan-gce 2020/01/12 09:11 https://github.com/google/ktsan.git kcsan 245a43005292 4c04afaa .config log report
ci2-upstream-kcsan-gce 2019/12/23 11:31 https://github.com/google/ktsan.git kcsan 245a43005292 be5c2c81 .config log report
ci2-upstream-kcsan-gce 2019/12/21 07:05 https://github.com/google/ktsan.git kcsan 245a43005292 bc586918 .config log report
ci2-upstream-kcsan-gce 2019/12/19 18:42 https://github.com/google/ktsan.git kcsan 245a43005292 36650b4b .config log report
ci2-upstream-kcsan-gce 2019/12/12 08:44 https://github.com/google/ktsan.git kcsan ef798c30ba4e d973f528 .config log report
ci2-upstream-kcsan-gce 2019/11/24 18:35 https://github.com/google/ktsan.git kcsan 5863cc791e4c 598ca6c8 .config log report
ci2-upstream-kcsan-gce 2019/11/21 14:00 https://github.com/google/ktsan.git kcsan 5863cc791e4c 8098ea0f .config log report
ci2-upstream-kcsan-gce 2019/11/19 01:49 https://github.com/google/ktsan.git kcsan 5863cc791e4c d5696d51 .config log report