syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KCSAN: data-race in __inet6_lookup_established / inet_put_port (2) net | 1 | 519d | 510d | 0/28 | auto-obsoleted due to no activity on 2023/10/31 14:26 | |||
| upstream | KCSAN: data-race in __inet6_lookup_established / inet_put_port net | 2 | 1149d | 1153d | 0/28 | auto-closed as invalid on 2022/01/09 18:03 |
================================================================== BUG: KCSAN: data-race in __inet6_lookup_established / inet_put_port write to 0xffff8881169b940e of 2 bytes by task 21444 on cpu 0: __inet_put_port net/ipv4/inet_hashtables.c:192 [inline] inet_put_port+0x1cd/0x3d0 net/ipv4/inet_hashtables.c:211 tcp_set_state net/ipv4/tcp.c:2648 [inline] __tcp_close+0x4e9/0x1060 net/ipv4/tcp.c:2807 tcp_close+0x26/0xc0 net/ipv4/tcp.c:2932 inet_release+0xce/0xf0 net/ipv4/af_inet.c:437 inet6_release+0x3e/0x60 net/ipv6/af_inet6.c:489 __sock_release net/socket.c:659 [inline] sock_close+0x68/0x150 net/socket.c:1421 __fput+0x2c1/0x660 fs/file_table.c:422 __fput_sync+0x44/0x60 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close+0x101/0x1b0 fs/open.c:1541 __x64_sys_close+0x1f/0x30 fs/open.c:1541 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x72/0x7a read to 0xffff8881169b940c of 4 bytes by interrupt on cpu 1: inet6_match include/net/inet6_hashtables.h:186 [inline] __inet6_lookup_established+0x4b5/0x6c0 net/ipv6/inet6_hashtables.c:76 tcp_v6_early_demux+0x286/0x450 net/ipv6/tcp_ipv6.c:2023 ip6_rcv_finish_core net/ipv6/ip6_input.c:56 [inline] ip6_rcv_finish+0x2d1/0x330 net/ipv6/ip6_input.c:77 ip_sabotage_in+0x139/0x150 net/bridge/br_netfilter_hooks.c:989 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0x86/0x1b0 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x113/0x150 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5538 [inline] __netif_receive_skb+0xa2/0x280 net/core/dev.c:5652 netif_receive_skb_internal net/core/dev.c:5738 [inline] netif_receive_skb+0x4a/0x320 net/core/dev.c:5798 br_netif_receive_skb net/bridge/br_input.c:30 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] br_pass_frame_up+0x20d/0x2e0 net/bridge/br_input.c:68 br_handle_frame_finish+0xd2e/0xe80 br_nf_hook_thresh+0x1e5/0x220 br_nf_pre_routing_finish_ipv6+0x573/0x5a0 NF_HOOK include/linux/netfilter.h:314 [inline] br_nf_pre_routing_ipv6+0x1f0/0x2a0 net/bridge/br_netfilter_ipv6.c:184 br_nf_pre_routing+0x515/0xbb0 net/bridge/br_netfilter_hooks.c:527 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_bridge_pre net/bridge/br_input.c:272 [inline] br_handle_frame+0x4d9/0x980 net/bridge/br_input.c:417 __netif_receive_skb_core+0xa71/0x20b0 net/core/dev.c:5432 __netif_receive_skb_one_core net/core/dev.c:5536 [inline] __netif_receive_skb+0x5a/0x280 net/core/dev.c:5652 process_backlog+0x21f/0x380 net/core/dev.c:5981 __napi_poll+0x63/0x3c0 net/core/dev.c:6632 napi_poll net/core/dev.c:6701 [inline] net_rx_action+0x324/0x720 net/core/dev.c:6816 __do_softirq+0xc8/0x285 kernel/softirq.c:554 do_softirq+0x5e/0x90 kernel/softirq.c:455 __local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:382 __raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline] _raw_read_unlock_bh+0x1b/0x20 kernel/locking/spinlock.c:284 rds_tcp_data_ready+0x292/0x3a0 net/rds/tcp_recv.c:334 tcp_data_ready+0x1ad/0x290 net/ipv4/tcp_input.c:5143 tcp_rcv_established+0xd0a/0xef0 net/ipv4/tcp_input.c:6137 tcp_v6_do_rcv+0x67f/0x9e0 net/ipv6/tcp_ipv6.c:1644 sk_backlog_rcv+0x4b/0x1a0 include/net/sock.h:1106 __release_sock+0xbb/0x140 net/core/sock.c:2984 release_sock+0x44/0x150 net/core/sock.c:3550 tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1343 inet6_sendmsg+0x77/0xd0 net/ipv6/af_inet6.c:661 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x8b/0x180 net/socket.c:745 sock_sendmsg+0x96/0xe0 net/socket.c:768 rds_tcp_xmit+0x3b8/0x610 net/rds/tcp_send.c:125 rds_send_xmit+0xba2/0x1480 net/rds/send.c:366 rds_send_worker+0x42/0x1d0 net/rds/threads.c:200 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335 worker_thread+0x526/0x730 kernel/workqueue.c:3416 kthread+0x1d1/0x210 kernel/kthread.c:388 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 value changed: 0xea440140 -> 0x00000140 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 4719 Comm: kworker/u8:10 Tainted: G W 6.9.0-rc1-syzkaller-00274-g486291a0e624 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: krdsd rds_send_worker ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2024/03/30 18:26 | upstream | 486291a0e624 | 6baf5069 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-kcsan-gce | KCSAN: data-race in __inet6_lookup_established / inet_put_port |