syzbot

 sign-in | mailing list | source | docs
🐞 Open [1500]
Subsystems
🐞 Fixed [6528]
🐞 Invalid [16632]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in smc_connect_fallback / tcp_fin

Status: auto-obsoleted due to no activity on 2025/02/09 01:54
Subsystems: net
[Documentation on labels]
First crash: 278d, last: 253d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in smc_connect_fallback / tcp_fin

write to 0xffff888107f155e0 of 8 bytes by interrupt on cpu 1:
 instrument_write include/linux/instrumented.h:41 [inline]
 ___set_bit include/asm-generic/bitops/instrumented-non-atomic.h:28 [inline]
 sock_set_flag include/net/sock.h:973 [inline]
 tcp_fin+0x72/0x330 net/ipv4/tcp_input.c:4573
 tcp_data_queue+0xa3c/0x2d40 net/ipv4/tcp_input.c:5290
 tcp_rcv_established+0x8b6/0xec0 net/ipv4/tcp_input.c:6264
 tcp_v4_do_rcv+0x662/0x740 net/ipv4/tcp_ipv4.c:1916
 tcp_v4_rcv+0x1b25/0x1ee0 net/ipv4/tcp_ipv4.c:2351
 ip_protocol_deliver_rcu+0x370/0x720 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x17d/0x210 net/ipv4/ip_input.c:233
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ip_local_deliver+0xec/0x1d0 net/ipv4/ip_input.c:254
 dst_input include/net/dst.h:460 [inline]
 ip_rcv_finish+0x193/0x1b0 net/ipv4/ip_input.c:447
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ip_rcv+0x64/0x140 net/ipv4/ip_input.c:567
 __netif_receive_skb_one_core net/core/dev.c:5672 [inline]
 __netif_receive_skb+0x10a/0x280 net/core/dev.c:5785
 process_backlog+0x22e/0x440 net/core/dev.c:6117
 __napi_poll+0x63/0x3c0 net/core/dev.c:6883
 napi_poll net/core/dev.c:6952 [inline]
 net_rx_action+0x3a1/0x7f0 net/core/dev.c:7074
 handle_softirqs+0xbf/0x280 kernel/softirq.c:561
 do_softirq+0x5e/0x90 kernel/softirq.c:462
 __local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:389
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]
 __dev_queue_xmit+0xb6e/0x2090 net/core/dev.c:4461
 dev_queue_xmit include/linux/netdevice.h:3168 [inline]
 neigh_hh_output include/net/neighbour.h:523 [inline]
 neigh_output include/net/neighbour.h:537 [inline]
 ip_finish_output2+0x721/0x890 net/ipv4/ip_output.c:236
 ip_finish_output+0x11a/0x2a0 net/ipv4/ip_output.c:324
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip_output+0xab/0x170 net/ipv4/ip_output.c:434
 dst_output include/net/dst.h:450 [inline]
 ip_local_out net/ipv4/ip_output.c:130 [inline]
 __ip_queue_xmit+0xbf2/0xc10 net/ipv4/ip_output.c:536
 ip_queue_xmit+0x38/0x50 net/ipv4/ip_output.c:550
 __tcp_transmit_skb+0x15ca/0x1980 net/ipv4/tcp_output.c:1468
 tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline]
 tcp_write_xmit+0x1410/0x3220 net/ipv4/tcp_output.c:2829
 __tcp_push_pending_frames+0x6a/0x1a0 net/ipv4/tcp_output.c:3012
 tcp_send_fin+0x461/0x550 net/ipv4/tcp_output.c:3618
 __tcp_close+0x972/0x10e0 net/ipv4/tcp.c:3130
 tcp_close+0x26/0xd0 net/ipv4/tcp.c:3221
 inet_release+0xce/0xf0 net/ipv4/af_inet.c:435
 inet6_release+0x3e/0x60 net/ipv6/af_inet6.c:487
 __sock_release net/socket.c:640 [inline]
 sock_release+0x48/0xe0 net/socket.c:668
 rds_tcp_accept_one+0xe8/0x6a0 net/rds/tcp_listen.c:234
 rds_tcp_accept_worker+0x25/0x70 net/rds/tcp.c:531
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

read-write to 0xffff888107f155e0 of 8 bytes by task 5138 on cpu 0:
 smc_copy_sock_settings net/smc/af_smc.c:492 [inline]
 smc_copy_sock_settings_to_clc net/smc/af_smc.c:500 [inline]
 smc_connect_fallback+0x216/0x3c0 net/smc/af_smc.c:944
 __smc_connect+0x5f/0x1170
 smc_connect+0x649/0x730 net/smc/af_smc.c:1693
 __sys_connect_file net/socket.c:2055 [inline]
 __sys_connect+0x18f/0x1b0 net/socket.c:2074
 __do_sys_connect net/socket.c:2080 [inline]
 __se_sys_connect net/socket.c:2077 [inline]
 __x64_sys_connect+0x41/0x50 net/socket.c:2077
 x64_sys_call+0x22a7/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:43
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000300 -> 0x0000000000000302

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5138 Comm: syz.4.323 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/15 01:43 upstream a0e3919a2df2 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in smc_connect_fallback / tcp_fin
2024/11/20 02:45 upstream 158f238aa69d 7d02db5a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in smc_connect_fallback / tcp_fin
* Struck through repros no longer work on HEAD.