syzbot

 sign-in | mailing list | source | docs
🐞 Open [1463]
Subsystems
🐞 Fixed [6817]
🐞 Invalid [17652]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in wg_xmit / wg_xmit (4)

Status: fixed on 2024/01/22 01:16
Subsystems: wireguard
[Documentation on labels]
Fix commit: 93da8d75a665 wireguard: use DEV_STATS_INC()
First crash: 780d, last: 780d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in wg_xmit / wg_xmit (2) wireguard 6 1 1806d 1806d 0/29 auto-closed as invalid on 2021/02/22 13:14
upstream KCSAN: data-race in wg_xmit / wg_xmit wireguard 6 1 1903d 1903d 0/29 auto-closed as invalid on 2020/11/17 12:19
upstream KCSAN: data-race in wg_xmit / wg_xmit (3) wireguard 6 1 1245d 1245d 0/29 auto-closed as invalid on 2022/09/06 05:24

Sample crash report:
==================================================================
BUG: KCSAN: data-race in wg_xmit / wg_xmit

read-write to 0xffff888104239160 of 8 bytes by task 1375 on cpu 0:
 wg_xmit+0x60f/0x680 drivers/net/wireguard/device.c:231
 __netdev_start_xmit include/linux/netdevice.h:4918 [inline]
 netdev_start_xmit include/linux/netdevice.h:4932 [inline]
 xmit_one net/core/dev.c:3543 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3559
 __dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4344
 dev_queue_xmit include/linux/netdevice.h:3112 [inline]
 __bpf_tx_skb net/core/filter.c:2132 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2162 [inline]
 __bpf_redirect+0x71e/0x970 net/core/filter.c:2185
 ____bpf_clone_redirect net/core/filter.c:2456 [inline]
 bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2428
 ___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1958
 __bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2199
 bpf_dispatcher_nop_func include/linux/bpf.h:1192 [inline]
 __bpf_prog_run include/linux/filter.h:651 [inline]
 bpf_prog_run include/linux/filter.h:658 [inline]
 bpf_test_run+0x16b/0x3f0 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1046
 bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:4040
 __sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5401
 __do_sys_bpf kernel/bpf/syscall.c:5487 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5485 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5485
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

read-write to 0xffff888104239160 of 8 bytes by task 1378 on cpu 1:
 wg_xmit+0x60f/0x680 drivers/net/wireguard/device.c:231
 __netdev_start_xmit include/linux/netdevice.h:4918 [inline]
 netdev_start_xmit include/linux/netdevice.h:4932 [inline]
 xmit_one net/core/dev.c:3543 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3559
 __dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4344
 dev_queue_xmit include/linux/netdevice.h:3112 [inline]
 __bpf_tx_skb net/core/filter.c:2132 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2162 [inline]
 __bpf_redirect+0x71e/0x970 net/core/filter.c:2185
 ____bpf_clone_redirect net/core/filter.c:2456 [inline]
 bpf_clone_redirect+0x16c/0x1d0 net/core/filter.c:2428
 ___bpf_prog_run+0xd7d/0x41e0 kernel/bpf/core.c:1958
 __bpf_prog_run512+0x74/0xa0 kernel/bpf/core.c:2199
 bpf_dispatcher_nop_func include/linux/bpf.h:1192 [inline]
 __bpf_prog_run include/linux/filter.h:651 [inline]
 bpf_prog_run include/linux/filter.h:658 [inline]
 bpf_test_run+0x16b/0x3f0 net/bpf/test_run.c:423
 bpf_prog_test_run_skb+0x77b/0xa00 net/bpf/test_run.c:1046
 bpf_prog_test_run+0x265/0x3d0 kernel/bpf/syscall.c:4040
 __sys_bpf+0x3af/0x780 kernel/bpf/syscall.c:5401
 __do_sys_bpf kernel/bpf/syscall.c:5487 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5485 [inline]
 __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5485
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

value changed: 0x000000000000c799 -> 0x000000000000c7a1

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 1378 Comm: syz-executor.5 Not tainted 6.6.0-syzkaller-15601-g4bbdb725a36b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/10 03:24 upstream 4bbdb725a36b 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wg_xmit / wg_xmit
* Struck through repros no longer work on HEAD.