syzbot

 sign-in | mailing list | source | docs
🐞 Open [983] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (2)

Status: auto-closed as invalid on 2020/08/24 20:07
Subsystems: net
[Documentation on labels]
First crash: 1375d, last: 1374d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (6) net 1 775d 775d 0/26 auto-closed as invalid on 2022/04/15 20:54
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (8) net 2 635d 644d 0/26 auto-closed as invalid on 2022/09/02 16:35
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (5) net 9 829d 893d 0/26 auto-closed as invalid on 2022/02/20 15:36
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit net 10 1503d 1638d 0/26 auto-closed as invalid on 2020/05/22 23:22
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (4) net 1 1114d 1114d 0/26 auto-closed as invalid on 2021/05/17 09:21
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (3) net 2 1274d 1280d 0/26 auto-closed as invalid on 2020/12/03 02:00
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (7) net 1 715d 715d 0/26 auto-closed as invalid on 2022/06/14 13:17
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (9) net 3 505d 528d 0/26 auto-obsoleted due to no activity on 2023/01/13 04:35

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit

write to 0xffff8880afd4e130 of 8 bytes by task 942 on cpu 1:
 ip6_tnl_start_xmit+0x808/0xa00 net/ipv6/ip6_tunnel.c:1458
 __netdev_start_xmit include/linux/netdevice.h:4611 [inline]
 netdev_start_xmit include/linux/netdevice.h:4625 [inline]
 xmit_one+0xc0/0x310 net/core/dev.c:3556
 dev_hard_start_xmit net/core/dev.c:3572 [inline]
 __dev_queue_xmit+0xf00/0x15a0 net/core/dev.c:4131
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4164
 neigh_connected_output+0x24f/0x280 net/core/neighbour.c:1518
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x97f/0xb20 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x302/0x330 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x39/0x160 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:443 [inline]
 ip6_local_out+0x60/0x80 net/ipv6/output_core.c:179
 ip6_send_skb+0x43/0xf0 net/ipv6/ip6_output.c:1865
 udp_v6_send_skb+0x7a3/0xa00 net/ipv6/udp.c:1175
 udpv6_sendmsg+0x1529/0x1780 net/ipv6/udp.c:1473
 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:638
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x360/0x4d0 net/socket.c:2352
 ___sys_sendmsg net/socket.c:2406 [inline]
 __sys_sendmmsg+0x322/0x4b0 net/socket.c:2496
 __do_sys_sendmmsg net/socket.c:2525 [inline]
 __se_sys_sendmmsg net/socket.c:2522 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2522
 do_syscall_64+0x51/0xb0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880afd4e130 of 8 bytes by task 908 on cpu 0:
 ip6_tnl_start_xmit+0x7f6/0xa00 net/ipv6/ip6_tunnel.c:1458
 __netdev_start_xmit include/linux/netdevice.h:4611 [inline]
 netdev_start_xmit include/linux/netdevice.h:4625 [inline]
 xmit_one+0xc0/0x310 net/core/dev.c:3556
 dev_hard_start_xmit net/core/dev.c:3572 [inline]
 __dev_queue_xmit+0xf00/0x15a0 net/core/dev.c:4131
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4164
 neigh_connected_output+0x24f/0x280 net/core/neighbour.c:1518
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x97f/0xb20 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x302/0x330 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x39/0x160 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:443 [inline]
 ip6_local_out+0x60/0x80 net/ipv6/output_core.c:179
 ip6_send_skb+0x43/0xf0 net/ipv6/ip6_output.c:1865
 udp_v6_send_skb+0x7a3/0xa00 net/ipv6/udp.c:1175
 udpv6_sendmsg+0x1529/0x1780 net/ipv6/udp.c:1473
 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:638
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x360/0x4d0 net/socket.c:2352
 ___sys_sendmsg net/socket.c:2406 [inline]
 __sys_sendmmsg+0x322/0x4b0 net/socket.c:2496
 __do_sys_sendmmsg net/socket.c:2525 [inline]
 __se_sys_sendmmsg net/socket.c:2522 [inline]
 __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2522
 do_syscall_64+0x51/0xb0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 908 Comm: syz-executor.1 Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/20 20:06 upstream 5714ee50bb43 8caeeeb7 .config console log report ci2-upstream-kcsan-gce
2020/07/19 19:06 upstream f932d58abc38 9c812472 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.