syzbot

 sign-in | mailing list | source | docs
🐞 Open [870] Subsystems 🐞 Fixed [4872] 🐞 Invalid [11624] Missing Backports [68] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll

Status: auto-closed as invalid on 2020/10/01 18:48
Subsystems: wireguard
[Documentation on labels]
First crash: 1208d, last: 1188d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll (5) wireguard 2 96d 92d 0/25 auto-obsoleted due to no activity on 2023/09/29 02:04
upstream KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll (3) wireguard 2 683d 658d 0/25 auto-closed as invalid on 2022/02/22 09:23
upstream KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll (4) wireguard 1 210d 210d 0/25 auto-obsoleted due to no activity on 2023/06/06 16:15
upstream KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll (2) wireguard 1 1121d 1082d 0/25 auto-closed as invalid on 2020/12/25 11:24

Sample crash report:
usb 4-1: USB disconnect, device number 33
==================================================================
BUG: KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll

write to 0xffff88809d12d508 of 8 bytes by interrupt on cpu 0:
 update_rx_stats drivers/net/wireguard/receive.c:28 [inline]
 wg_packet_consume_data_done drivers/net/wireguard/receive.c:364 [inline]
 wg_packet_rx_poll+0x1072/0x1300 drivers/net/wireguard/receive.c:482
 napi_poll+0x178/0x4f0 net/core/dev.c:6687
 net_rx_action+0x1ba/0x530 net/core/dev.c:6757
 __do_softirq+0x198/0x360 kernel/softirq.c:298
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x5d/0x80 arch/x86/kernel/irq_64.c:77
 do_softirq+0x86/0xb0 kernel/softirq.c:343
 __local_bh_enable_ip+0x63/0x70 kernel/softirq.c:195
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline]
 _raw_spin_unlock_bh+0x33/0x40 kernel/locking/spinlock.c:207
 spin_unlock_bh include/linux/spinlock.h:399 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
 wg_packet_decrypt_worker+0x6e7/0x720 drivers/net/wireguard/receive.c:507
 process_one_work+0x3e1/0x9a0 kernel/workqueue.c:2269
 worker_thread+0x665/0xbe0 kernel/workqueue.c:2415
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

read to 0xffff88809d12d508 of 8 bytes by task 26415 on cpu 1:
 update_rx_stats drivers/net/wireguard/receive.c:28 [inline]
 wg_receive_handshake_packet drivers/net/wireguard/receive.c:205 [inline]
 wg_packet_handshake_receive_worker+0x3dd/0x480 drivers/net/wireguard/receive.c:220
 process_one_work+0x3e1/0x9a0 kernel/workqueue.c:2269
 worker_thread+0x665/0xbe0 kernel/workqueue.c:2415
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 26415 Comm: kworker/1:6 Not tainted 5.9.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/27 18:42 upstream 15bc20c6af4c 816e0689 .config console log report ci2-upstream-kcsan-gce
2020/08/25 15:48 upstream 6a9dc5fd6170 344da168 .config console log report ci2-upstream-kcsan-gce
2020/08/07 15:28 upstream 86cfccb66937 28ac5c9e .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.