syzbot


KCSAN: data-race in udp6_lib_lookup2 / udpv6_queue_rcv_one_skb

Status: fixed on 2019/11/23 02:56
Subsystems: net
[Documentation on labels]
Fix commit: 7170a977743b net: annotate accesses to sk->sk_incoming_cpu
First crash: 1677d, last: 1677d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in udp6_lib_lookup2 / udpv6_queue_rcv_one_skb

write to 0xffff8880a727207c of 4 bytes by interrupt on cpu 0:
 sk_incoming_cpu_update include/net/sock.h:953 [inline]
 __udpv6_queue_rcv_skb net/ipv6/udp.c:572 [inline]
 udpv6_queue_rcv_one_skb+0x8db/0xb40 net/ipv6/udp.c:672
 udpv6_queue_rcv_skb+0xb5/0x400 net/ipv6/udp.c:689
 udp6_unicast_rcv_skb.isra.0+0xd7/0x180 net/ipv6/udp.c:832
 __udp6_lib_rcv+0x69c/0x1770 net/ipv6/udp.c:913
 udplitev6_rcv+0x2b/0x40 net/ipv6/udplite.c:17
 ip6_protocol_deliver_rcu+0x22a/0xbe0 net/ipv6/ip6_input.c:409
 ip6_input_finish+0x30/0x50 net/ipv6/ip6_input.c:450
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_input+0x177/0x190 net/ipv6/ip6_input.c:459
 dst_input include/net/dst.h:442 [inline]
 ip6_rcv_finish+0x110/0x140 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ipv6_rcv+0x1a1/0x1b0 net/ipv6/ip6_input.c:284
 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5010
 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5124
 process_backlog+0x1d3/0x420 net/core/dev.c:5955
 napi_poll net/core/dev.c:6392 [inline]
 net_rx_action+0x3ae/0xa90 net/core/dev.c:6460

read to 0xffff8880a727207c of 4 bytes by interrupt on cpu 1:
 compute_score net/ipv6/udp.c:138 [inline]
 udp6_lib_lookup2+0x2d5/0x6c0 net/ipv6/udp.c:158
 __udp6_lib_lookup+0x1eb/0x480 net/ipv6/udp.c:194
 __udp6_lib_lookup_skb net/ipv6/udp.c:219 [inline]
 __udp6_lib_rcv+0x627/0x1770 net/ipv6/udp.c:909
 udplitev6_rcv+0x2b/0x40 net/ipv6/udplite.c:17
 ip6_protocol_deliver_rcu+0x22a/0xbe0 net/ipv6/ip6_input.c:409
 ip6_input_finish+0x30/0x50 net/ipv6/ip6_input.c:450
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_input+0x177/0x190 net/ipv6/ip6_input.c:459
 dst_input include/net/dst.h:442 [inline]
 ip6_rcv_finish+0x110/0x140 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ipv6_rcv+0x1a1/0x1b0 net/ipv6/ip6_input.c:284
 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5010
 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5124
 process_backlog+0x1d3/0x420 net/core/dev.c:5955
 napi_poll net/core/dev.c:6392 [inline]
 net_rx_action+0x3ae/0xa90 net/core/dev.c:6460

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/24 13:39 https://github.com/google/ktsan.git kcsan 05f2236801fe d01bb02a .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.