KCSAN: data-race in ip6_tnl_xmit / ip6_tnl

KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit
Status: closed as invalid on 2019/11/19 13:24
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 697d, last: 693d

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (2)				1	364d	364d	0/22	auto-closed as invalid on 2020/10/29 08:32
upstream	KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (3)				1	224d	224d	0/22	auto-closed as invalid on 2021/03/18 08:19

Sample crash report:

==================================================================
BUG: KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit

write to 0xffff88810c167198 of 8 bytes by interrupt on cpu 1:
 ip6_tnl_xmit+0x233/0x1780 net/ipv6/ip6_tunnel.c:1221
 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1376 [inline]
 ip6_tnl_start_xmit+0xead/0x1160 net/ipv6/ip6_tunnel.c:1402
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_xmit+0x6cb/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169
 tcp_transmit_skb net/ipv4/tcp_output.c:1185 [inline]
 tcp_xmit_probe_skb+0x19b/0x1d0 net/ipv4/tcp_output.c:3735

read to 0xffff88810c167198 of 8 bytes by interrupt on cpu 0:
 ip6_tnl_xmit+0x220/0x1780 net/ipv6/ip6_tunnel.c:1221
 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1376 [inline]
 ip6_tnl_start_xmit+0xead/0x1160 net/ipv6/ip6_tunnel.c:1402
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_xmit+0x6cb/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 28873 Comm: blkid Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report
ci2-upstream-kcsan-gce	2019/10/30 22:21	https://github.com/google/ktsan.git kcsan	05f2236801fe	a41ca8fa	.config	log	report
ci2-upstream-kcsan-gce	2019/10/26 11:18	https://github.com/google/ktsan.git kcsan	05f2236801fe	413926c5	.config	log	report
ci2-upstream-kcsan-gce	2019/10/26 11:12	https://github.com/google/ktsan.git kcsan	05f2236801fe	413926c5	.config	log	report