syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in iptunnel_xmit / iptunnel_xmit (5)

Status: fixed on 2023/10/12 12:48
Subsystems: net
[Documentation on labels]
Fix commit: 9b271ebaf9a2 ip_tunnels: use DEV_STATS_INC()
First crash: 235d, last: 235d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in iptunnel_xmit / iptunnel_xmit (2) net 61 1128d 1233d 0/26 auto-closed as invalid on 2021/04/30 07:41
upstream KCSAN: data-race in iptunnel_xmit / iptunnel_xmit (4) net 15 535d 653d 0/26 auto-obsoleted due to no activity on 2022/12/13 21:39
upstream KCSAN: data-race in iptunnel_xmit / iptunnel_xmit net 28 1411d 1636d 0/26 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in iptunnel_xmit / iptunnel_xmit (3) net 33 692d 865d 0/26 auto-closed as invalid on 2022/07/10 03:55

Sample crash report:
==================================================================
BUG: KCSAN: data-race in iptunnel_xmit / iptunnel_xmit

read-write to 0xffff8881353df170 of 8 bytes by task 30263 on cpu 1:
 iptunnel_xmit_stats include/net/ip_tunnels.h:493 [inline]
 iptunnel_xmit+0x432/0x4a0 net/ipv4/ip_tunnel_core.c:87
 ip_tunnel_xmit+0x1477/0x1750 net/ipv4/ip_tunnel.c:831
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:662
 __netdev_start_xmit include/linux/netdevice.h:4889 [inline]
 netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 xmit_one net/core/dev.c:3544 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
 __dev_queue_xmit+0xeee/0x1de0 net/core/dev.c:4340
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 __bpf_tx_skb net/core/filter.c:2129 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2159 [inline]
 __bpf_redirect+0x723/0x9c0 net/core/filter.c:2182
 ____bpf_clone_redirect net/core/filter.c:2453 [inline]
 bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2425
 ___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1954
 __bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2195
 bpf_dispatcher_nop_func include/linux/bpf.h:1181 [inline]
 __bpf_prog_run include/linux/filter.h:609 [inline]
 bpf_prog_run include/linux/filter.h:616 [inline]
 bpf_test_run+0x15d/0x3d0 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1045
 bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:3996
 __sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5353
 __do_sys_bpf kernel/bpf/syscall.c:5439 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5437 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5437
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read-write to 0xffff8881353df170 of 8 bytes by task 30249 on cpu 0:
 iptunnel_xmit_stats include/net/ip_tunnels.h:493 [inline]
 iptunnel_xmit+0x432/0x4a0 net/ipv4/ip_tunnel_core.c:87
 ip_tunnel_xmit+0x1477/0x1750 net/ipv4/ip_tunnel.c:831
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:662
 __netdev_start_xmit include/linux/netdevice.h:4889 [inline]
 netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 xmit_one net/core/dev.c:3544 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3560
 __dev_queue_xmit+0xeee/0x1de0 net/core/dev.c:4340
 dev_queue_xmit include/linux/netdevice.h:3082 [inline]
 __bpf_tx_skb net/core/filter.c:2129 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2159 [inline]
 __bpf_redirect+0x723/0x9c0 net/core/filter.c:2182
 ____bpf_clone_redirect net/core/filter.c:2453 [inline]
 bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2425
 ___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1954
 __bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2195
 bpf_dispatcher_nop_func include/linux/bpf.h:1181 [inline]
 __bpf_prog_run include/linux/filter.h:609 [inline]
 bpf_prog_run include/linux/filter.h:616 [inline]
 bpf_test_run+0x15d/0x3d0 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1045
 bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:3996
 __sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5353
 __do_sys_bpf kernel/bpf/syscall.c:5439 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5437 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5437
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x0000000000018830 -> 0x0000000000018831

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 30249 Comm: syz-executor.4 Not tainted 6.5.0-syzkaller-11704-g3f86ed6ec0b3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/05 08:51 upstream 3f86ed6ec0b3 0b6286dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in iptunnel_xmit / iptunnel_xmit
* Struck through repros no longer work on HEAD.