KCSAN: data-race in sk_common_release / xfrm_lookup_with_ifid
4 views
Skip to first unread message
syzbot
Nov 11, 2019, 11:34:11 AM11/11/19
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 94c00660 x86, kcsan: Enable KCSAN for x86
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=169a3542e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=51a7c7d2972c87e5
dashboard link: https://syzkaller.appspot.com/bug?extid=232e56b42dcf79e03352
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net
da...@davemloft.net ka...@fb.com kuz...@ms2.inr.ac.ru
linux-...@vger.kernel.org net...@vger.kernel.org songliu...@fb.com
y...@fb.com yosh...@linux-ipv6.org el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+232e56...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in sk_common_release / xfrm_lookup_with_ifid
write to 0xffff888121172668 of 8 bytes by task 22196 on cpu 0:
xfrm_sk_free_policy include/net/xfrm.h:1193 [inline]
sk_common_release+0x18c/0x1d0 net/core/sock.c:3198
udp_lib_close+0x1f/0x30 include/net/udp.h:202
inet_release+0x86/0x100 net/ipv4/af_inet.c:427
inet6_release+0x4a/0x70 net/ipv6/af_inet6.c:470
__sock_release+0x85/0x160 net/socket.c:590
sock_close+0x24/0x30 net/socket.c:1268
__fput+0x1e1/0x520 fs/file_table.c:280
____fput+0x1f/0x30 fs/file_table.c:313
task_work_run+0xf6/0x130 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop+0x2b4/0x2c0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
do_syscall_64+0x353/0x370 arch/x86/entry/common.c:300
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff888121172668 of 8 bytes by task 22201 on cpu 1:
xfrm_lookup_with_ifid+0xc0/0x1310 net/xfrm/xfrm_policy.c:3035
xfrm_lookup net/xfrm/xfrm_policy.c:3174 [inline]
xfrm_lookup_route+0x44/0x100 net/xfrm/xfrm_policy.c:3185
ip6_dst_lookup_flow+0xde/0x120 net/ipv6/ip6_output.c:1159
inet6_csk_route_socket+0x2f7/0x420 net/ipv6/inet6_connection_sock.c:106
inet6_csk_xmit+0x91/0x1f0 net/ipv6/inet6_connection_sock.c:121
l2tp_xmit_core net/l2tp/l2tp_core.c:1030 [inline]
l2tp_xmit_skb+0x8c9/0x8e0 net/l2tp/l2tp_core.c:1132
pppol2tp_sendmsg+0x2fc/0x3c0 net/l2tp/l2tp_ppp.c:325
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg+0x9f/0xc0 net/socket.c:657
___sys_sendmsg+0x2b7/0x5d0 net/socket.c:2311
__sys_sendmmsg+0x123/0x350 net/socket.c:2413
__do_sys_sendmmsg net/socket.c:2442 [inline]
__se_sys_sendmmsg net/socket.c:2439 [inline]
__x64_sys_sendmmsg+0x64/0x80 net/socket.c:2439
do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 22201 Comm: syz-executor.5 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 94c00660 x86, kcsan: Enable KCSAN for x86
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=169a3542e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=51a7c7d2972c87e5
dashboard link: https://syzkaller.appspot.com/bug?extid=232e56b42dcf79e03352
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [a...@kernel.org b...@vger.kernel.org dan...@iogearbox.net
da...@davemloft.net ka...@fb.com kuz...@ms2.inr.ac.ru
linux-...@vger.kernel.org net...@vger.kernel.org songliu...@fb.com
y...@fb.com yosh...@linux-ipv6.org el...@google.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+232e56...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in sk_common_release / xfrm_lookup_with_ifid
write to 0xffff888121172668 of 8 bytes by task 22196 on cpu 0:
xfrm_sk_free_policy include/net/xfrm.h:1193 [inline]
sk_common_release+0x18c/0x1d0 net/core/sock.c:3198
udp_lib_close+0x1f/0x30 include/net/udp.h:202
inet_release+0x86/0x100 net/ipv4/af_inet.c:427
inet6_release+0x4a/0x70 net/ipv6/af_inet6.c:470
__sock_release+0x85/0x160 net/socket.c:590
sock_close+0x24/0x30 net/socket.c:1268
__fput+0x1e1/0x520 fs/file_table.c:280
____fput+0x1f/0x30 fs/file_table.c:313
task_work_run+0xf6/0x130 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop+0x2b4/0x2c0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
do_syscall_64+0x353/0x370 arch/x86/entry/common.c:300
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff888121172668 of 8 bytes by task 22201 on cpu 1:
xfrm_lookup_with_ifid+0xc0/0x1310 net/xfrm/xfrm_policy.c:3035
xfrm_lookup net/xfrm/xfrm_policy.c:3174 [inline]
xfrm_lookup_route+0x44/0x100 net/xfrm/xfrm_policy.c:3185
ip6_dst_lookup_flow+0xde/0x120 net/ipv6/ip6_output.c:1159
inet6_csk_route_socket+0x2f7/0x420 net/ipv6/inet6_connection_sock.c:106
inet6_csk_xmit+0x91/0x1f0 net/ipv6/inet6_connection_sock.c:121
l2tp_xmit_core net/l2tp/l2tp_core.c:1030 [inline]
l2tp_xmit_skb+0x8c9/0x8e0 net/l2tp/l2tp_core.c:1132
pppol2tp_sendmsg+0x2fc/0x3c0 net/l2tp/l2tp_ppp.c:325
sock_sendmsg_nosec net/socket.c:637 [inline]
sock_sendmsg+0x9f/0xc0 net/socket.c:657
___sys_sendmsg+0x2b7/0x5d0 net/socket.c:2311
__sys_sendmmsg+0x123/0x350 net/socket.c:2413
__do_sys_sendmmsg net/socket.c:2442 [inline]
__se_sys_sendmmsg net/socket.c:2439 [inline]
__x64_sys_sendmmsg+0x64/0x80 net/socket.c:2439
do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 22201 Comm: syz-executor.5 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 14, 2020, 3:50:07 PM1/14/20
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages