syzbot


KCSAN: data-race in pfkey_send_acquire / xfrm_probe_algs (3)

Status: auto-closed as invalid on 2022/06/09 14:13
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 216d, last: 216d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in pfkey_send_acquire / xfrm_probe_algs (2) 1 651d 651d 0/24 auto-closed as invalid on 2021/03/31 08:16
upstream KCSAN: data-race in pfkey_send_acquire / xfrm_probe_algs 1 710d 710d 0/24 auto-closed as invalid on 2021/01/31 19:05

Sample crash report:
==================================================================
BUG: KCSAN: data-race in pfkey_send_acquire / xfrm_probe_algs

write to 0xffffffff85e11000 of 1 bytes by task 11910 on cpu 0:
 xfrm_probe_algs+0xa8/0x2c0 net/xfrm/xfrm_algo.c:826
 pfkey_register+0xc6/0x3e0 net/key/af_key.c:1700
 pfkey_process net/key/af_key.c:2837 [inline]
 pfkey_sendmsg+0x6ba/0x890 net/key/af_key.c:3676
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x38f/0x500 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x195/0x230 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0x42/0x50 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffffff85e11000 of 1 bytes by task 11929 on cpu 1:
 dump_ah_combs net/key/af_key.c:2953 [inline]
 pfkey_send_acquire+0x959/0x1000 net/key/af_key.c:3221
 km_query+0x65/0xc0 net/xfrm/xfrm_state.c:2247
 xfrm_state_find+0x148f/0x1b80 net/xfrm/xfrm_state.c:1165
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2393 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2438 [inline]
 xfrm_resolve_and_create_bundle+0x522/0x1bf0 net/xfrm/xfrm_policy.c:2728
 xfrm_lookup_with_ifid+0x3be/0x1880 net/xfrm/xfrm_policy.c:3062
 xfrm_lookup net/xfrm/xfrm_policy.c:3191 [inline]
 xfrm_lookup_route+0x37/0x100 net/xfrm/xfrm_policy.c:3202
 ip_route_output_flow+0x123/0x160 net/ipv4/route.c:2874
 udp_sendmsg+0xd8b/0x1200 net/ipv4/udp.c:1220
 inet_sendmsg+0x5f/0x80 net/ipv4/af_inet.c:819
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x38f/0x500 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmmsg+0x27c/0x4a0 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 11929 Comm: syz-executor.3 Not tainted 5.18.0-rc5-syzkaller-00028-ga7391ad35724-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/05/05 14:04 upstream a7391ad35724 b3f09415 .config log report info KCSAN: data-race in pfkey_send_acquire / xfrm_probe_algs
* Struck through repros no longer work on HEAD.