syzbot

 sign-in | mailing list | source | docs
🐞 Open [1130] 🐞 Fixed [4213] 🐞 Invalid [9343] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail (5)

Status: auto-closed as invalid on 2022/09/18 05:49
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 120d, last: 114d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail (3) 4 315d 391d 0/24 auto-closed as invalid on 2022/02/28 22:53
upstream KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail (4) 5 225d 224d 0/24 auto-closed as invalid on 2022/05/29 17:16
upstream KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail (2) 1 626d 626d 0/24 auto-closed as invalid on 2021/04/24 14:25
upstream KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail 1 854d 854d 0/24 auto-closed as invalid on 2020/09/07 17:18

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail

write to 0xffff88812c78fa84 of 1 bytes by task 25674 on cpu 1:
 __neigh_event_send+0x458/0xbc0 net/core/neighbour.c:1158
 neigh_event_send_probe include/net/neighbour.h:474 [inline]
 neigh_event_send include/net/neighbour.h:480 [inline]
 neigh_resolve_output+0x110/0x430 net/core/neighbour.c:1512
 neigh_output include/net/neighbour.h:550 [inline]
 ip6_finish_output2+0xa12/0xc30 net/ipv6/ip6_output.c:134
 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
 ip6_finish_output+0x395/0x4f0 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:451 [inline]
 ip6_local_out+0x60/0x80 net/ipv6/output_core.c:161
 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline]
 udp_tunnel6_xmit_skb+0x2e7/0x440 net/ipv6/ip6_udp_tunnel.c:109
 send6+0x2ed/0x3b0 drivers/net/wireguard/socket.c:152
 wg_socket_send_skb_to_peer+0xbb/0x120 drivers/net/wireguard/socket.c:178
 wg_socket_send_buffer_to_peer+0xd2/0xf0 drivers/net/wireguard/socket.c:200
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x109/0x150 drivers/net/wireguard/send.c:51
 process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
 worker_thread+0x618/0xa70 kernel/workqueue.c:2436
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

read to 0xffff88812c78fa84 of 1 bytes by task 25676 on cpu 0:
 ip6_dst_lookup_tail+0x73e/0x940 net/ipv6/ip6_output.c:1138
 ip6_dst_lookup_flow+0x44/0xc0 net/ipv6/ip6_output.c:1222
 send6+0x23a/0x3b0 drivers/net/wireguard/socket.c:139
 wg_socket_send_skb_to_peer+0xbb/0x120 drivers/net/wireguard/socket.c:178
 wg_socket_send_buffer_to_peer+0xd2/0xf0 drivers/net/wireguard/socket.c:200
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x109/0x150 drivers/net/wireguard/send.c:51
 process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
 worker_thread+0x618/0xa70 kernel/workqueue.c:2436
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30

value changed: 0x20 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 25676 Comm: kworker/u4:63 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
==================================================================

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/08/14 05:41 upstream 7ebfc85e2cd7 8dfcaa3d .config log report info KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail
ci2-upstream-kcsan-gce 2022/08/07 17:33 upstream 1612c382ffbd 88e3a122 .config log report info KCSAN: data-race in __neigh_event_send / ip6_dst_lookup_tail
* Struck through repros no longer work on HEAD.