syzbot

 sign-in | mailing list | source | docs
🐞 Open [973] Subsystems 🐞 Fixed [5226] 🐞 Invalid [12479] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __inet_lookup_established / inet_put_port (2)

Status: auto-closed as invalid on 2022/04/20 06:18
Subsystems: net
[Documentation on labels]
First crash: 766d, last: 766d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port (4) net 1 171d 171d 0/26 auto-obsoleted due to no activity on 2023/12/05 17:09
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port (3) net 2 274d 295d 0/26 auto-obsoleted due to no activity on 2023/08/25 03:00
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port net 1 875d 875d 0/26 auto-closed as invalid on 2021/12/31 18:59

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __inet_lookup_established / inet_put_port

write to 0xffff88813b04548e of 2 bytes by interrupt on cpu 1:
 __inet_put_port net/ipv4/inet_hashtables.c:118 [inline]
 inet_put_port+0x112/0x1b0 net/ipv4/inet_hashtables.c:126
 tcp_set_state net/ipv4/tcp.c:2643 [inline]
 tcp_done+0x19f/0x360 net/ipv4/tcp.c:4452
 tcp_reset+0xc6/0x1b0 net/ipv4/tcp_input.c:4314
 tcp_validate_incoming+0xc5b/0xdf0
 tcp_rcv_established+0x6cd/0x10e0 net/ipv4/tcp_input.c:5934
 tcp_v4_do_rcv+0x2a8/0x590 net/ipv4/tcp_ipv4.c:1719
 tcp_v4_rcv+0x2087/0x2720 net/ipv4/tcp_ipv4.c:2119
 ip_protocol_deliver_rcu+0x2a8/0x570 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x1d6/0x2a0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:461 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:429 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_rcv+0x1b1/0x260 net/ipv4/ip_input.c:540
 __netif_receive_skb_one_core net/core/dev.c:5351 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5465
 process_backlog+0x23f/0x3e0 net/core/dev.c:5797
 __napi_poll+0x65/0x3f0 net/core/dev.c:6365
 napi_poll net/core/dev.c:6432 [inline]
 net_rx_action+0x29e/0x650 net/core/dev.c:6519
 __do_softirq+0x158/0x2de kernel/softirq.c:558
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1bf/0x1e0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

read to 0xffff88813b04548c of 4 bytes by interrupt on cpu 0:
 __inet_lookup_established+0x2c5/0x3d0 net/ipv4/inet_hashtables.c:417
 __inet_lookup include/net/inet_hashtables.h:359 [inline]
 __inet_lookup_skb include/net/inet_hashtables.h:401 [inline]
 tcp_v4_rcv+0x86a/0x2720 net/ipv4/tcp_ipv4.c:2007
 ip_protocol_deliver_rcu+0x2a8/0x570 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_local_deliver+0x1d6/0x2a0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:461 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:429 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 ip_rcv+0x1b1/0x260 net/ipv4/ip_input.c:540
 __netif_receive_skb_one_core net/core/dev.c:5351 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5465
 process_backlog+0x23f/0x3e0 net/core/dev.c:5797
 __napi_poll+0x65/0x3f0 net/core/dev.c:6365
 napi_poll net/core/dev.c:6432 [inline]
 net_rx_action+0x29e/0x650 net/core/dev.c:6519
 __do_softirq+0x158/0x2de kernel/softirq.c:558
 do_softirq+0xb1/0xf0 kernel/softirq.c:459
 __local_bh_enable_ip+0x68/0x70 kernel/softirq.c:383
 local_bh_enable+0x1b/0x20 include/linux/bottom_half.h:33
 rcu_read_unlock_bh include/linux/rcupdate.h:764 [inline]
 ip_finish_output2+0x748/0xb70 net/ipv4/ip_output.c:229
 ip_finish_output+0xfb/0x240 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xf3/0x1a0 net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:451 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 __ip_queue_xmit+0xa5f/0xa90 net/ipv4/ip_output.c:532
 ip_queue_xmit+0x34/0x40 net/ipv4/ip_output.c:546
 __tcp_transmit_skb+0x1323/0x1840 net/ipv4/tcp_output.c:1402
 tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
 tcp_send_active_reset+0x26d/0x370 net/ipv4/tcp_output.c:3436
 __tcp_close+0x6af/0x11d0 net/ipv4/tcp.c:2804
 tcp_close+0x24/0xa0 net/ipv4/tcp.c:2929
 inet_release+0xc6/0xe0 net/ipv4/af_inet.c:428
 inet6_release+0x3a/0x50 net/ipv6/af_inet6.c:478
 __sock_release net/socket.c:650 [inline]
 sock_release+0x40/0xd0 net/socket.c:678
 rds_tcp_accept_one+0xd0/0x670 net/rds/tcp_listen.c:226
 rds_tcp_accept_worker+0x21/0x70 net/rds/tcp.c:515
 process_one_work+0x3f6/0x960 kernel/workqueue.c:2307
 worker_thread+0x616/0xa70 kernel/workqueue.c:2454
 kthread+0x1bf/0x1e0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

value changed: 0xbb630140 -> 0x00000140

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 23112 Comm: kworker/u4:29 Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_tcp_accept_worker
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/03/16 06:15 upstream 56e337f2cf13 9e8eaa75 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __inet_lookup_established / inet_put_port
* Struck through repros no longer work on HEAD.