syzbot

 sign-in | mailing list | source | docs
🐞 Open [968] Subsystems 🐞 Fixed [4557] 🐞 Invalid [10491] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit

Status: closed as invalid on 2019/11/19 13:24
First crash: 1312d, last: 1307d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (6) 1 350d 350d 0/24 auto-closed as invalid on 2022/07/19 20:28
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (5) 3 444d 481d 0/24 auto-closed as invalid on 2022/04/16 19:07
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (4) 1 558d 558d 0/24 auto-closed as invalid on 2021/12/22 23:42
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (2) 1 978d 978d 0/24 auto-closed as invalid on 2020/10/29 08:32
upstream KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit (3) 1 838d 838d 0/24 auto-closed as invalid on 2021/03/18 08:19

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip6_tnl_xmit / ip6_tnl_xmit

write to 0xffff88810c167198 of 8 bytes by interrupt on cpu 1:
 ip6_tnl_xmit+0x233/0x1780 net/ipv6/ip6_tunnel.c:1221
 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1376 [inline]
 ip6_tnl_start_xmit+0xead/0x1160 net/ipv6/ip6_tunnel.c:1402
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_xmit+0x6cb/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169
 tcp_transmit_skb net/ipv4/tcp_output.c:1185 [inline]
 tcp_xmit_probe_skb+0x19b/0x1d0 net/ipv4/tcp_output.c:3735

read to 0xffff88810c167198 of 8 bytes by interrupt on cpu 0:
 ip6_tnl_xmit+0x220/0x1780 net/ipv6/ip6_tunnel.c:1221
 ip6ip6_tnl_xmit net/ipv6/ip6_tunnel.c:1376 [inline]
 ip6_tnl_start_xmit+0xead/0x1160 net/ipv6/ip6_tunnel.c:1402
 __netdev_start_xmit include/linux/netdevice.h:4420 [inline]
 netdev_start_xmit include/linux/netdevice.h:4434 [inline]
 xmit_one net/core/dev.c:3280 [inline]
 dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296
 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873
 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906
 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_xmit+0x6cb/0xcd0 net/ipv6/ip6_output.c:279
 inet6_csk_xmit+0x170/0x1f0 net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0xe81/0x1d60 net/ipv4/tcp_output.c:1169

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 28873 Comm: blkid Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2019/10/30 22:21 https://github.com/google/ktsan.git kcsan 05f2236801fe a41ca8fa .config console log report ci2-upstream-kcsan-gce
2019/10/26 11:18 https://github.com/google/ktsan.git kcsan 05f2236801fe 413926c5 .config console log report ci2-upstream-kcsan-gce
2019/10/26 11:12 https://github.com/google/ktsan.git kcsan 05f2236801fe 413926c5 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.