syzbot

 sign-in | mailing list | source | docs
🐞 Open [1016] Subsystems 🐞 Fixed [5251] 🐞 Invalid [12563] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in __inet_lookup_established / inet_put_port (3)

Status: auto-obsoleted due to no activity on 2023/08/25 03:00
Subsystems: net
[Documentation on labels]
First crash: 308d, last: 287d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port (4) net 1 184d 184d 0/26 auto-obsoleted due to no activity on 2023/12/05 17:09
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port (2) net 1 779d 766d 0/26 auto-closed as invalid on 2022/04/20 06:18
upstream KCSAN: data-race in __inet_lookup_established / inet_put_port net 1 888d 888d 0/26 auto-closed as invalid on 2021/12/31 18:59

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __inet_lookup_established / inet_put_port

write to 0xffff888129d4720e of 2 bytes by task 3641 on cpu 1:
 __inet_put_port net/ipv4/inet_hashtables.c:190 [inline]
 inet_put_port+0x219/0x3e0 net/ipv4/inet_hashtables.c:209
 tcp_set_state net/ipv4/tcp.c:2635 [inline]
 __tcp_close+0x4c2/0xfa0 net/ipv4/tcp.c:2794
 tcp_close+0x26/0x90 net/ipv4/tcp.c:2919
 inet_release+0xc9/0xf0 net/ipv4/af_inet.c:427
 inet6_release+0x3e/0x50 net/ipv6/af_inet6.c:480
 __sock_release net/socket.c:654 [inline]
 sock_release+0x44/0xe0 net/socket.c:682
 rds_tcp_accept_one+0xd4/0x680 net/rds/tcp_listen.c:230
 rds_tcp_accept_worker+0x25/0x70 net/rds/tcp.c:532
 process_one_work+0x434/0x860 kernel/workqueue.c:2597
 worker_thread+0x5f2/0xa10 kernel/workqueue.c:2748
 kthread+0x1d7/0x210 kernel/kthread.c:389
 ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:296

read to 0xffff888129d4720c of 4 bytes by interrupt on cpu 0:
 inet_match include/net/inet_hashtables.h:364 [inline]
 __inet_lookup_established+0x11b/0x480 net/ipv4/inet_hashtables.c:492
 __inet_lookup include/net/inet_hashtables.h:403 [inline]
 __inet_lookup_skb include/net/inet_hashtables.h:445 [inline]
 tcp_v4_rcv+0x95f/0x1b70 net/ipv4/tcp_ipv4.c:2024
 ip_protocol_deliver_rcu+0x356/0x6d0 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x13c/0x1a0 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:303 [inline]
 ip_local_deliver+0xec/0x1c0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:468 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
 NF_HOOK include/linux/netfilter.h:303 [inline]
 ip_rcv+0x197/0x270 net/ipv4/ip_input.c:569
 __netif_receive_skb_one_core net/core/dev.c:5452 [inline]
 __netif_receive_skb+0x90/0x1b0 net/core/dev.c:5566
 process_backlog+0x21f/0x380 net/core/dev.c:5894
 __napi_poll+0x60/0x3b0 net/core/dev.c:6460
 napi_poll net/core/dev.c:6527 [inline]
 net_rx_action+0x32b/0x750 net/core/dev.c:6660
 __do_softirq+0xc1/0x265 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0x3b/0x90 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x6d/0x80 arch/x86/kernel/apic/apic.c:1109
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline]
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x3d/0x50 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 pcpu_alloc+0x81e/0x1280 mm/percpu.c:1843
 __alloc_percpu_gfp+0x26/0x30 mm/percpu.c:1930
 ip_tunnel_init+0x59/0x270 net/ipv4/ip_tunnel.c:1249
 ipgre_tunnel_init+0x352/0x370 net/ipv4/ip_gre.c:1012
 register_netdevice+0x217/0xcd0 net/core/dev.c:9981
 ip_tunnel_newlink+0x3f2/0x730 net/ipv4/ip_tunnel.c:1172
 ipgre_newlink+0x1ce/0x210 net/ipv4/ip_gre.c:1366
 rtnl_newlink_create net/core/rtnetlink.c:3472 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3689 [inline]
 rtnl_newlink+0xe83/0x1600 net/core/rtnetlink.c:3702
 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6424
 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2549
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6442
 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
 netlink_unicast+0x56f/0x640 net/netlink/af_netlink.c:1365
 netlink_sendmsg+0x665/0x770 net/netlink/af_netlink.c:1914
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg net/socket.c:748 [inline]
 ____sys_sendmsg+0x37c/0x4d0 net/socket.c:2494
 ___sys_sendmsg net/socket.c:2548 [inline]
 __sys_sendmsg+0x1e9/0x270 net/socket.c:2577
 __do_sys_sendmsg net/socket.c:2586 [inline]
 __se_sys_sendmsg net/socket.c:2584 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2584
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x4001e3c1 -> 0x0000e3c1

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 6715 Comm: syz-executor.1 Not tainted 6.5.0-rc2-syzkaller-00184-g57f1f9dd3abe #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/07/21 02:57 upstream 57f1f9dd3abe 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __inet_lookup_established / inet_put_port
2023/06/30 02:23 upstream c6b0271053e7 01298212 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __inet_lookup_established / inet_put_port
* Struck through repros no longer work on HEAD.