syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (11)

Status: auto-obsoleted due to no activity on 2023/01/17 03:08
Subsystems: net
[Documentation on labels]
First crash: 501d, last: 501d
Similar bugs (11)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (6) net 32 861d 1026d 0/26 auto-closed as invalid on 2022/01/21 16:19
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit net 22 1502d 1634d 0/26 auto-closed as invalid on 2020/05/25 22:33
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (9) net 1 621d 621d 0/26 auto-closed as invalid on 2022/09/18 04:26
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (10) net 4 538d 581d 0/26 auto-obsoleted due to no activity on 2022/12/10 01:58
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (2) net 11 1298d 1402d 0/26 auto-closed as invalid on 2020/11/10 03:04
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (5) net 5 1076d 1040d 0/26 auto-closed as invalid on 2021/07/05 08:43
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (8) net 1 664d 664d 0/26 auto-closed as invalid on 2022/08/06 22:00
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (4) net 2 1165d 1188d 0/26 auto-closed as invalid on 2021/03/23 07:29
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (7) net 10 703d 813d 0/26 auto-closed as invalid on 2022/06/29 00:38
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (3) net 5 1224d 1232d 0/26 auto-closed as invalid on 2021/01/23 09:54
upstream KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (12) net 3 416d 415d 22/26 fixed on 2023/06/08 14:41

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit

read-write to 0xffff88813a091158 of 8 bytes by task 20416 on cpu 1:
 ip_tunnel_xmit+0x10ad/0x16f0 net/ipv4/ip_tunnel.c:822
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 ipgre_xmit+0x51b/0x580 net/ipv4/ip_gre.c:661
 __netdev_start_xmit include/linux/netdevice.h:4840 [inline]
 netdev_start_xmit include/linux/netdevice.h:4854 [inline]
 xmit_one+0xc0/0x2a0 net/core/dev.c:3590
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606
 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x52b/0x8f0 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2403
 ___bpf_prog_run+0x278/0x2da0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3630
 __sys_bpf+0x38a/0x630 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:5067
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read-write to 0xffff88813a091158 of 8 bytes by task 20417 on cpu 0:
 ip_tunnel_xmit+0x10ad/0x16f0 net/ipv4/ip_tunnel.c:822
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 ipgre_xmit+0x51b/0x580 net/ipv4/ip_gre.c:661
 __netdev_start_xmit include/linux/netdevice.h:4840 [inline]
 netdev_start_xmit include/linux/netdevice.h:4854 [inline]
 xmit_one+0xc0/0x2a0 net/core/dev.c:3590
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606
 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x52b/0x8f0 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2403
 ___bpf_prog_run+0x278/0x2da0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3630
 __sys_bpf+0x38a/0x630 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:5067
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x000000000000174e -> 0x000000000000174f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 20417 Comm: syz-executor.1 Not tainted 6.1.0-rc8-syzkaller-00164-g4cee37b3a4e6-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/12 11:09 upstream 4cee37b3a4e6 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit
* Struck through repros no longer work on HEAD.