syzbot

 sign-in | mailing list | source | docs
🐞 Open [1452]
Subsystems
🐞 Fixed [6830]
🐞 Invalid [17696]
Missing Backports [227]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (4)

Status: auto-closed as invalid on 2021/03/05 12:45
Subsystems: net
[Documentation on labels]
First crash: 1812d, last: 1801d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (5) net 6 1 1505d 1503d 20/29 fixed on 2022/03/08 16:11
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (3) net 6 1 1970d 1970d 0/29 auto-closed as invalid on 2020/09/17 17:51
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (2) net 6 37 2029d 2203d 0/29 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit net 6 40 2215d 2265d 15/29 fixed on 2019/12/13 00:31

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit

write to 0xffff888026766a84 of 4 bytes by task 18397 on cpu 0:
 __netif_tx_unlock include/linux/netdevice.h:4245 [inline]
 __dev_queue_xmit+0x108e/0x1500 net/core/dev.c:4154
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4184
 neigh_connected_output+0x264/0x290 net/core/neighbour.c:1520
 neigh_output include/net/neighbour.h:510 [inline]
 ip_finish_output2+0x8e6/0xba0 net/ipv4/ip_output.c:230
 __ip_finish_output+0x2ce/0x430 net/ipv4/ip_output.c:252
 ip_finish_output+0x39/0x160 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip_mc_output+0x304/0x4d0 net/ipv4/ip_output.c:417
 dst_output include/net/dst.h:441 [inline]
 ip_local_out+0x60/0x80 net/ipv4/ip_output.c:126
 iptunnel_xmit+0x31a/0x460 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1089/0x1130 net/ipv4/ip_tunnel.c:806
 __gre_xmit net/ipv4/ip_gre.c:466 [inline]
 ipgre_xmit+0x4d9/0x530 net/ipv4/ip_gre.c:648
 __netdev_start_xmit include/linux/netdevice.h:4776 [inline]
 netdev_start_xmit include/linux/netdevice.h:4790 [inline]
 xmit_one+0xf9/0x2e0 net/core/dev.c:3574
 dev_hard_start_xmit net/core/dev.c:3590 [inline]
 __dev_queue_xmit+0xecf/0x1500 net/core/dev.c:4151
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4184
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x544/0x750 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2448 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2420
 bpf_prog_bebbfe2050753572+0x56/0x8ac
 bpf_dispatcher_nop_func include/linux/bpf.h:651 [inline]
 bpf_test_run+0x278/0x440 net/bpf/test_run.c:50
 bpf_prog_test_run_skb+0x6f0/0xe70 net/bpf/test_run.c:582
 bpf_prog_test_run kernel/bpf/syscall.c:3122 [inline]
 __do_sys_bpf+0x3a17/0x99f0 kernel/bpf/syscall.c:4400
 __se_sys_bpf kernel/bpf/syscall.c:4340 [inline]
 __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4340
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff888026766a84 of 4 bytes by task 18398 on cpu 1:
 __dev_queue_xmit+0x7e5/0x1500 net/core/dev.c:4138
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4184
 neigh_connected_output+0x264/0x290 net/core/neighbour.c:1520
 neigh_output include/net/neighbour.h:510 [inline]
 ip_finish_output2+0x8e6/0xba0 net/ipv4/ip_output.c:230
 __ip_finish_output+0x2ce/0x430 net/ipv4/ip_output.c:252
 ip_finish_output+0x39/0x160 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip_mc_output+0x304/0x4d0 net/ipv4/ip_output.c:417
 dst_output include/net/dst.h:441 [inline]
 ip_local_out+0x60/0x80 net/ipv4/ip_output.c:126
 iptunnel_xmit+0x31a/0x460 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1089/0x1130 net/ipv4/ip_tunnel.c:806
 __gre_xmit net/ipv4/ip_gre.c:466 [inline]
 ipgre_xmit+0x4d9/0x530 net/ipv4/ip_gre.c:648
 __netdev_start_xmit include/linux/netdevice.h:4776 [inline]
 netdev_start_xmit include/linux/netdevice.h:4790 [inline]
 xmit_one+0xf9/0x2e0 net/core/dev.c:3574
 dev_hard_start_xmit net/core/dev.c:3590 [inline]
 __dev_queue_xmit+0xecf/0x1500 net/core/dev.c:4151
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4184
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x544/0x750 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2448 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2420
 bpf_prog_bebbfe2050753572+0x56/0x710
 bpf_dispatcher_nop_func include/linux/bpf.h:651 [inline]
 bpf_test_run+0x278/0x440 net/bpf/test_run.c:50
 bpf_prog_test_run_skb+0x6f0/0xe70 net/bpf/test_run.c:582
 bpf_prog_test_run kernel/bpf/syscall.c:3122 [inline]
 __do_sys_bpf+0x3a17/0x99f0 kernel/bpf/syscall.c:4400
 __se_sys_bpf kernel/bpf/syscall.c:4340 [inline]
 __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4340
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 18398 Comm: syz-executor.5 Not tainted 5.11.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/01/29 12:41 upstream bec4c2968fce 6593fd32 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit
2021/01/19 01:20 upstream 1e2a199f6ccd 63631df1 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit
* Struck through repros no longer work on HEAD.