syzbot


KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit

Status: auto-closed as invalid on 2020/05/25 22:33
Subsystems: net
[Documentation on labels]
First crash: 1796d, last: 1663d
Similar bugs (11)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (6) net 32 1023d 1188d 0/28 auto-closed as invalid on 2022/01/21 16:19
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (11) net 1 663d 663d 0/28 auto-obsoleted due to no activity on 2023/01/17 03:08
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (9) net 1 783d 783d 0/28 auto-closed as invalid on 2022/09/18 04:26
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (10) net 4 700d 743d 0/28 auto-obsoleted due to no activity on 2022/12/10 01:58
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (2) net 11 1460d 1564d 0/28 auto-closed as invalid on 2020/11/10 03:04
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (5) net 5 1237d 1202d 0/28 auto-closed as invalid on 2021/07/05 08:43
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (8) net 1 825d 825d 0/28 auto-closed as invalid on 2022/08/06 22:00
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (4) net 2 1327d 1350d 0/28 auto-closed as invalid on 2021/03/23 07:29
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (7) net 10 864d 974d 0/28 auto-closed as invalid on 2022/06/29 00:38
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (3) net 5 1386d 1394d 0/28 auto-closed as invalid on 2021/01/23 09:54
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (12) net 3 577d 577d 22/28 fixed on 2023/06/08 14:41

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit

write to 0xffff8880b58fd190 of 8 bytes by task 14760 on cpu 0:
 ip_tunnel_xmit+0x12bf/0x13c0 net/ipv4/ip_tunnel.c:756
 __gre_xmit+0x38e/0x4e0 net/ipv4/ip_gre.c:448
 ipgre_xmit+0x337/0x640 net/ipv4/ip_gre.c:632
 __netdev_start_xmit include/linux/netdevice.h:4510 [inline]
 netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0xeb/0x420 net/core/dev.c:3486
 __dev_queue_xmit+0x14c4/0x1b80 net/core/dev.c:4063
 dev_queue_xmit+0x1e/0x30 net/core/dev.c:4096
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x4bb/0x710 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x19a/0x1f0 net/core/filter.c:2112
 bpf_prog_bebbfe2050753572+0xb98/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x250/0x560 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0x5f6/0xa60 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa0e/0x29c0 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __x64_sys_bpf+0x47/0x60 kernel/bpf/syscall.c:3355
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880b58fd190 of 8 bytes by task 14755 on cpu 1:
 ip_tunnel_xmit+0x12ac/0x13c0 net/ipv4/ip_tunnel.c:756
 __gre_xmit+0x38e/0x4e0 net/ipv4/ip_gre.c:448
 ipgre_xmit+0x337/0x640 net/ipv4/ip_gre.c:632
 __netdev_start_xmit include/linux/netdevice.h:4510 [inline]
 netdev_start_xmit include/linux/netdevice.h:4524 [inline]
 xmit_one net/core/dev.c:3470 [inline]
 dev_hard_start_xmit+0xeb/0x420 net/core/dev.c:3486
 __dev_queue_xmit+0x14c4/0x1b80 net/core/dev.c:4063
 dev_queue_xmit+0x1e/0x30 net/core/dev.c:4096
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x4bb/0x710 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x19a/0x1f0 net/core/filter.c:2112
 bpf_prog_bebbfe2050753572+0x7b8/0x1000
 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline]
 bpf_test_run+0x250/0x560 net/bpf/test_run.c:48
 bpf_prog_test_run_skb+0x5f6/0xa60 net/bpf/test_run.c:388
 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline]
 __do_sys_bpf+0xa0e/0x29c0 kernel/bpf/syscall.c:3414
 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline]
 __x64_sys_bpf+0x47/0x60 kernel/bpf/syscall.c:3355
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 14755 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/16 22:32 https://github.com/google/ktsan.git kcsan 941e0d917bbf 749688d2 .config console log report ci2-upstream-kcsan-gce
2020/03/10 17:29 https://github.com/google/ktsan.git kcsan 941e0d917bbf 35f53e45 .config console log report ci2-upstream-kcsan-gce
2020/02/29 07:47 https://github.com/google/ktsan.git kcsan 766d004d1b85 c88c7b75 .config console log report ci2-upstream-kcsan-gce
2020/02/21 07:14 https://github.com/google/ktsan.git kcsan b12d66a6c34f bd2a74a3 .config console log report ci2-upstream-kcsan-gce
2020/02/04 22:32 https://github.com/google/ktsan.git kcsan 245a43005292 93e5e335 .config console log report ci2-upstream-kcsan-gce
2020/01/30 12:20 https://github.com/google/ktsan.git kcsan 245a43005292 5ed23f9a .config console log report ci2-upstream-kcsan-gce
2020/01/26 04:27 https://github.com/google/ktsan.git kcsan 245a43005292 f4e7270e .config console log report ci2-upstream-kcsan-gce
2020/01/25 13:57 https://github.com/google/ktsan.git kcsan 245a43005292 2e95ab33 .config console log report ci2-upstream-kcsan-gce
2020/01/17 07:26 https://github.com/google/ktsan.git kcsan 245a43005292 3de7aabb .config console log report ci2-upstream-kcsan-gce
2020/01/14 14:20 https://github.com/google/ktsan.git kcsan 245a43005292 32881205 .config console log report ci2-upstream-kcsan-gce
2020/01/13 12:30 https://github.com/google/ktsan.git kcsan 245a43005292 99565c1a .config console log report ci2-upstream-kcsan-gce
2020/01/09 17:59 https://github.com/google/ktsan.git kcsan 245a43005292 4de4e9f0 .config console log report ci2-upstream-kcsan-gce
2020/01/06 03:41 https://github.com/google/ktsan.git kcsan 245a43005292 438e1227 .config console log report ci2-upstream-kcsan-gce
2020/01/03 18:05 https://github.com/google/ktsan.git kcsan 245a43005292 9dcc1191 .config console log report ci2-upstream-kcsan-gce
2019/12/31 09:28 https://github.com/google/ktsan.git kcsan 245a43005292 7f117e28 .config console log report ci2-upstream-kcsan-gce
2019/12/24 15:23 https://github.com/google/ktsan.git kcsan 245a43005292 be5c2c81 .config console log report ci2-upstream-kcsan-gce
2019/12/20 01:48 https://github.com/google/ktsan.git kcsan 245a43005292 36650b4b .config console log report ci2-upstream-kcsan-gce
2019/11/26 01:51 https://github.com/google/ktsan.git kcsan 5863cc791e4c 598ca6c8 .config console log report ci2-upstream-kcsan-gce
2019/11/17 17:44 https://github.com/google/ktsan.git kcsan 5863cc791e4c d5696d51 .config console log report ci2-upstream-kcsan-gce
2019/11/16 16:12 https://github.com/google/ktsan.git kcsan 5863cc791e4c cdac920b .config console log report ci2-upstream-kcsan-gce
2019/11/11 08:41 https://github.com/google/ktsan.git kcsan 94c006602e13 dc438b91 .config console log report ci2-upstream-kcsan-gce
2019/11/05 05:28 https://github.com/google/ktsan.git kcsan 94c006602e13 76630fc9 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.