syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in fib_select_path / fib_select_path

Status: fixed on 2024/01/08 11:23
Subsystems: net
[Documentation on labels]
Fix commit: 195374d89368 ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
First crash: 205d, last: 205d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in fib_select_path / fib_select_path

write to 0xffff8881387166f0 of 4 bytes by task 6778 on cpu 1:
 fib_info_update_nhc_saddr net/ipv4/fib_semantics.c:1334 [inline]
 fib_result_prefsrc net/ipv4/fib_semantics.c:1354 [inline]
 fib_select_path+0x292/0x330 net/ipv4/fib_semantics.c:2269
 ip_route_output_key_hash_rcu+0x659/0x12c0 net/ipv4/route.c:2810
 ip_route_output_key_hash net/ipv4/route.c:2644 [inline]
 __ip_route_output_key include/net/route.h:134 [inline]
 ip_route_output_flow+0xa6/0x150 net/ipv4/route.c:2872
 send4+0x1f5/0x520 drivers/net/wireguard/socket.c:61
 wg_socket_send_skb_to_peer+0x94/0x130 drivers/net/wireguard/socket.c:175
 wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:2630 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
 worker_thread+0x525/0x730 kernel/workqueue.c:2784
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

read to 0xffff8881387166f0 of 4 bytes by task 6759 on cpu 0:
 fib_result_prefsrc net/ipv4/fib_semantics.c:1350 [inline]
 fib_select_path+0x1cb/0x330 net/ipv4/fib_semantics.c:2269
 ip_route_output_key_hash_rcu+0x659/0x12c0 net/ipv4/route.c:2810
 ip_route_output_key_hash net/ipv4/route.c:2644 [inline]
 __ip_route_output_key include/net/route.h:134 [inline]
 ip_route_output_flow+0xa6/0x150 net/ipv4/route.c:2872
 send4+0x1f5/0x520 drivers/net/wireguard/socket.c:61
 wg_socket_send_skb_to_peer+0x94/0x130 drivers/net/wireguard/socket.c:175
 wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:2630 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
 worker_thread+0x525/0x730 kernel/workqueue.c:2784
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

value changed: 0x959d3217 -> 0x959d3218

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 6759 Comm: kworker/u4:15 Not tainted 6.6.0-rc4-syzkaller-00029-gcbf3a2cb156a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/10/04 22:04 upstream cbf3a2cb156a b7d7ff54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in fib_select_path / fib_select_path
* Struck through repros no longer work on HEAD.