KCSAN: data-race in sctp_association_free / sctp_wait_for_connect
4 views
Skip to first unread message
syzbot
Nov 8, 2019, 5:44:10 PM11/8/19
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 94c00660 x86, kcsan: Enable KCSAN for x86
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=14ae999ae00000
kernel config: https://syzkaller.appspot.com/x/.config?x=51a7c7d2972c87e5
dashboard link: https://syzkaller.appspot.com/bug?extid=8c5bd58e908220eaca32
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [da...@davemloft.net linux-...@vger.kernel.org
linux...@vger.kernel.org marcelo...@gmail.com net...@vger.kernel.org
nho...@tuxdriver.com vyas...@gmail.com el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8c5bd5...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in sctp_association_free / sctp_wait_for_connect
write to 0xffff888120b4101c of 1 bytes by task 6274 on cpu 0:
sctp_association_free+0xfb/0x465 net/sctp/associola.c:333
sctp_cmd_delete_tcb net/sctp/sm_sideeffect.c:929 [inline]
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1317 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
sctp_do_sm+0x276b/0x2ef0 net/sctp/sm_sideeffect.c:1155
sctp_primitive_SHUTDOWN+0x7b/0xa0 net/sctp/primitive.c:89
sctp_close+0x28f/0x500 net/sctp/socket.c:1515
inet_release+0x86/0x100 net/ipv4/af_inet.c:427
inet6_release+0x4a/0x70 net/ipv6/af_inet6.c:470
__sock_release+0x85/0x160 net/socket.c:590
sock_close+0x24/0x30 net/socket.c:1268
__fput+0x1e1/0x520 fs/file_table.c:280
____fput+0x1f/0x30 fs/file_table.c:313
task_work_run+0xf6/0x130 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop+0x2b4/0x2c0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
do_syscall_64+0x353/0x370 arch/x86/entry/common.c:300
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff888120b4101c of 1 bytes by task 6273 on cpu 1:
sctp_wait_for_connect+0x19d/0x330 net/sctp/socket.c:9156
sctp_sendmsg_to_asoc+0x1323/0x1380 net/sctp/socket.c:1871
sctp_sendmsg+0xbdf/0x14e0 net/sctp/socket.c:2017
inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg+0x9f/0xc0 net/socket.c:657
__sys_sendto+0x21f/0x320 net/socket.c:1952
__do_sys_sendto net/socket.c:1964 [inline]
__se_sys_sendto net/socket.c:1960 [inline]
__x64_sys_sendto+0x89/0xb0 net/socket.c:1960
do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 6273 Comm: syz-executor.3 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 94c00660 x86, kcsan: Enable KCSAN for x86
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=14ae999ae00000
kernel config: https://syzkaller.appspot.com/x/.config?x=51a7c7d2972c87e5
dashboard link: https://syzkaller.appspot.com/bug?extid=8c5bd58e908220eaca32
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [da...@davemloft.net linux-...@vger.kernel.org
linux...@vger.kernel.org marcelo...@gmail.com net...@vger.kernel.org
nho...@tuxdriver.com vyas...@gmail.com el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8c5bd5...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in sctp_association_free / sctp_wait_for_connect
write to 0xffff888120b4101c of 1 bytes by task 6274 on cpu 0:
sctp_association_free+0xfb/0x465 net/sctp/associola.c:333
sctp_cmd_delete_tcb net/sctp/sm_sideeffect.c:929 [inline]
sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1317 [inline]
sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
sctp_do_sm+0x276b/0x2ef0 net/sctp/sm_sideeffect.c:1155
sctp_primitive_SHUTDOWN+0x7b/0xa0 net/sctp/primitive.c:89
sctp_close+0x28f/0x500 net/sctp/socket.c:1515
inet_release+0x86/0x100 net/ipv4/af_inet.c:427
inet6_release+0x4a/0x70 net/ipv6/af_inet6.c:470
__sock_release+0x85/0x160 net/socket.c:590
sock_close+0x24/0x30 net/socket.c:1268
__fput+0x1e1/0x520 fs/file_table.c:280
____fput+0x1f/0x30 fs/file_table.c:313
task_work_run+0xf6/0x130 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop+0x2b4/0x2c0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
do_syscall_64+0x353/0x370 arch/x86/entry/common.c:300
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff888120b4101c of 1 bytes by task 6273 on cpu 1:
sctp_wait_for_connect+0x19d/0x330 net/sctp/socket.c:9156
sctp_sendmsg_to_asoc+0x1323/0x1380 net/sctp/socket.c:1871
sctp_sendmsg+0xbdf/0x14e0 net/sctp/socket.c:2017
inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg+0x9f/0xc0 net/socket.c:657
__sys_sendto+0x21f/0x320 net/socket.c:1952
__do_sys_sendto net/socket.c:1964 [inline]
__se_sys_sendto net/socket.c:1960 [inline]
__x64_sys_sendto+0x89/0xb0 net/socket.c:1960
do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 6273 Comm: syz-executor.3 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 25, 2020, 12:20:11 AM4/25/20
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages