syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in skb_queue_tail / wg_packet_handshake_receive_worker (2)

Status: auto-closed as invalid on 2021/04/19 00:06
Subsystems: wireguard
[Documentation on labels]
First crash: 1227d, last: 1131d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in skb_queue_tail / wg_packet_handshake_receive_worker wireguard 1 1393d 1393d 0/26 auto-closed as invalid on 2020/07/30 18:23

Sample crash report:
==================================================================
BUG: KCSAN: data-race in skb_queue_tail / wg_packet_handshake_receive_worker

write to 0xffff888021d88c30 of 4 bytes by interrupt on cpu 0:
 __skb_insert include/linux/skbuff.h:1929 [inline]
 __skb_queue_before include/linux/skbuff.h:2034 [inline]
 __skb_queue_tail include/linux/skbuff.h:2067 [inline]
 skb_queue_tail+0x80/0xa0 net/core/skbuff.c:3200
 wg_packet_receive+0x51f/0xbb0 drivers/net/wireguard/receive.c:565
 wg_receive+0x4a/0x70 drivers/net/wireguard/socket.c:325
 udp_queue_rcv_one_skb+0x6dc/0x7e0 net/ipv4/udp.c:2100
 udp_queue_rcv_skb+0xd2/0x450 net/ipv4/udp.c:2174
 udp_unicast_rcv_skb net/ipv4/udp.c:2332 [inline]
 __udp4_lib_rcv+0x135a/0x1ac0 net/ipv4/udp.c:2401
 udp_rcv+0x1d/0x20 net/ipv4/udp.c:2572
 ip_protocol_deliver_rcu+0x1f9/0x3e0 net/ipv4/ip_input.c:204
 ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_local_deliver+0x1d6/0x2a0 net/ipv4/ip_input.c:252
 dst_input include/net/dst.h:458 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:429 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 ip_rcv+0x1a6/0x250 net/ipv4/ip_input.c:540
 __netif_receive_skb_one_core net/core/dev.c:5365 [inline]
 __netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5479
 process_backlog+0x23f/0x3e0 net/core/dev.c:6346
 __napi_poll+0x77/0x510 net/core/dev.c:6892
 napi_poll net/core/dev.c:6959 [inline]
 net_rx_action+0x29f/0x680 net/core/dev.c:7036
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:345
 do_softirq+0x73/0xa0 kernel/softirq.c:248
 __local_bh_enable_ip+0x5a/0x60 kernel/softirq.c:198
 __raw_read_unlock_bh include/linux/rwlock_api_smp.h:251 [inline]
 _raw_read_unlock_bh+0x17/0x20 kernel/locking/spinlock.c:279
 wg_socket_send_skb_to_peer drivers/net/wireguard/socket.c:183 [inline]
 wg_socket_send_buffer_to_peer+0x1e0/0x210 drivers/net/wireguard/socket.c:199
 wg_packet_send_handshake_response+0xd8/0x130 drivers/net/wireguard/send.c:103
 wg_receive_handshake_packet drivers/net/wireguard/receive.c:161 [inline]
 wg_packet_handshake_receive_worker+0x2b8/0x450 drivers/net/wireguard/receive.c:220
 process_one_work+0x3e1/0x950 kernel/workqueue.c:2275
 worker_thread+0x616/0xa70 kernel/workqueue.c:2421
 kthread+0x20b/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

read to 0xffff888021d88c30 of 4 bytes by task 4832 on cpu 1:
 wg_receive_handshake_packet drivers/net/wireguard/receive.c:119 [inline]
 wg_packet_handshake_receive_worker+0xdd/0x450 drivers/net/wireguard/receive.c:220
 process_one_work+0x3e1/0x950 kernel/workqueue.c:2275
 worker_thread+0x616/0xa70 kernel/workqueue.c:2421
 kthread+0x20b/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 4832 Comm: kworker/1:3 Not tainted 5.12.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker
==================================================================
usb 6-1: new high-speed USB device number 3 using dummy_hcd
usb 6-1: Using ep0 maxpacket: 32
usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16
usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 6-1: Product: Ѓ
usb 6-1: Manufacturer: 㠁
usb 6-1: SerialNumber: syz
cdc_ether: probe of 6-1:1.0 failed with error -71
usb 6-1: USB disconnect, device number 3

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/03/15 00:04 upstream 75013c6c52d8 cc1cff8f .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in skb_queue_tail / wg_packet_handshake_receive_worker
2021/02/16 05:26 upstream f40ddce88593 98682e5e .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in skb_queue_tail / wg_packet_handshake_receive_worker
2021/01/27 04:09 upstream 13391c60da33 55a7d4df .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in skb_queue_tail / wg_packet_handshake_receive_worker
2021/01/04 05:40 upstream e71ba9452f0b 79264ae3 .config console log report info ci2-upstream-kcsan-gce
2020/12/08 13:19 upstream cd796ed33450 9af51e31 .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.