syzbot


KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit

Status: closed as invalid on 2019/11/19 13:24
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 1196d, last: 1191d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (6) 1 233d 233d 0/24 auto-closed as invalid on 2022/07/19 20:28
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (5) 3 327d 365d 0/24 auto-closed as invalid on 2022/04/16 19:07
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (4) 1 442d 442d 0/24 auto-closed as invalid on 2021/12/22 23:42
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (2) 1 862d 862d 0/24 auto-closed as invalid on 2020/10/29 08:32
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (3) 1 722d 722d 0/24 auto-closed as invalid on 2021/03/18 08:19

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit

write to 0xffff88810c167198 of 8 bytes by interrupt on cpu 1:
 ip6_tnl_xmit+0x233/0x1780 net/ipv6/ip6_tunnel.c:1221
 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1376 [inline]
 ip6_tnl_start_xmit+0xead/0x1160 net/ipv6/ip6_tunnel.c:1402
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_xmit+0x6cb/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169
 tcp_transmit_skb net/ipv4/tcp_output.c:1185 [inline]
 tcp_xmit_probe_skb+0x19b/0x1d0 net/ipv4/tcp_output.c:3735

read to 0xffff88810c167198 of 8 bytes by interrupt on cpu 0:
 ip6_tnl_xmit+0x220/0x1780 net/ipv6/ip6_tunnel.c:1221
 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1376 [inline]
 ip6_tnl_start_xmit+0xead/0x1160 net/ipv6/ip6_tunnel.c:1402
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_xmit+0x6cb/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 28873 Comm: blkid Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-kcsan-gce 2019/10/30 22:21 https://github.com/google/ktsan.git kcsan 05f2236801fe a41ca8fa .config console log report
ci2-upstream-kcsan-gce 2019/10/26 11:18 https://github.com/google/ktsan.git kcsan 05f2236801fe 413926c5 .config console log report
ci2-upstream-kcsan-gce 2019/10/26 11:12 https://github.com/google/ktsan.git kcsan 05f2236801fe 413926c5 .config console log report
* Struck through repros no longer work on HEAD.