syzbot


KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (3)

Status: auto-closed as invalid on 2020/09/17 17:51
Subsystems: net
[Documentation on labels]
First crash: 1287d, last: 1287d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (5) net 1 822d 820d 20/26 fixed on 2022/03/08 16:11
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (4) net 2 1118d 1129d 0/26 auto-closed as invalid on 2021/03/05 12:45
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (2) net 37 1346d 1520d 0/26 closed as invalid on 2020/06/18 14:24
upstream KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit net 40 1532d 1582d 15/26 fixed on 2019/12/13 00:31

Sample crash report:
netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'.
==================================================================
BUG: KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit

write to 0xffff8880a44b6884 of 4 bytes by task 10160 on cpu 0:
 __netif_tx_unlock include/linux/netdevice.h:4139 [inline]
 __dev_queue_xmit+0x107a/0x15a0 net/core/dev.c:4139
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169
 neigh_connected_output+0x24f/0x280 net/core/neighbour.c:1518
 neigh_output include/net/neighbour.h:509 [inline]
 ip_finish_output2+0x4e2/0xb60 net/ipv4/ip_output.c:228
 __ip_finish_output+0x395/0x3e0 net/ipv4/ip_output.c:306
 ip_finish_output+0x39/0x160 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip_mc_output+0x301/0x4d0 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:443 [inline]
 ip_local_out+0x60/0x80 net/ipv4/ip_output.c:125
 iptunnel_xmit+0x30d/0x4b0 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1099/0x11c0 net/ipv4/ip_tunnel.c:816
 __gre_xmit net/ipv4/ip_gre.c:466 [inline]
 ipgre_xmit+0x53e/0x590 net/ipv4/ip_gre.c:650
 __netdev_start_xmit include/linux/netdevice.h:4634 [inline]
 netdev_start_xmit include/linux/netdevice.h:4648 [inline]
 xmit_one+0xc0/0x310 net/core/dev.c:3561
 dev_hard_start_xmit net/core/dev.c:3577 [inline]
 __dev_queue_xmit+0xf00/0x15a0 net/core/dev.c:4136
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169
 __bpf_tx_skb net/core/filter.c:2112 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2137 [inline]
 __bpf_redirect+0x56a/0x7c0 net/core/filter.c:2160
 ____bpf_clone_redirect net/core/filter.c:2191 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2163
 0xffffffffa0052814
 bpf_dispatcher_nop_func include/linux/bpf.h:586 [inline]
 bpf_test_run+0x26d/0x4a0 net/bpf/test_run.c:49
 bpf_prog_test_run_skb+0x6bd/0xe00 net/bpf/test_run.c:496
 bpf_prog_test_run kernel/bpf/syscall.c:2996 [inline]
 __do_sys_bpf+0x39a0/0x9a60 kernel/bpf/syscall.c:4196
 __se_sys_bpf kernel/bpf/syscall.c:4136 [inline]
 __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4136
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880a44b6884 of 4 bytes by task 10153 on cpu 1:
 __dev_queue_xmit+0x7f7/0x15a0 net/core/dev.c:4124
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169
 neigh_connected_output+0x24f/0x280 net/core/neighbour.c:1518
 neigh_output include/net/neighbour.h:509 [inline]
 ip_finish_output2+0x4e2/0xb60 net/ipv4/ip_output.c:228
 __ip_finish_output+0x395/0x3e0 net/ipv4/ip_output.c:306
 ip_finish_output+0x39/0x160 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip_mc_output+0x301/0x4d0 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:443 [inline]
 ip_local_out+0x60/0x80 net/ipv4/ip_output.c:125
 iptunnel_xmit+0x30d/0x4b0 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1099/0x11c0 net/ipv4/ip_tunnel.c:816
 __gre_xmit net/ipv4/ip_gre.c:466 [inline]
 ipgre_xmit+0x53e/0x590 net/ipv4/ip_gre.c:650
 __netdev_start_xmit include/linux/netdevice.h:4634 [inline]
 netdev_start_xmit include/linux/netdevice.h:4648 [inline]
 xmit_one+0xc0/0x310 net/core/dev.c:3561
 dev_hard_start_xmit net/core/dev.c:3577 [inline]
 __dev_queue_xmit+0xf00/0x15a0 net/core/dev.c:4136
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169
 __bpf_tx_skb net/core/filter.c:2112 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2137 [inline]
 __bpf_redirect+0x56a/0x7c0 net/core/filter.c:2160
 ____bpf_clone_redirect net/core/filter.c:2191 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2163
 bpf_prog_bebbfe2050753572+0x5c/0x5c8
 bpf_dispatcher_nop_func include/linux/bpf.h:586 [inline]
 bpf_test_run+0x26d/0x4a0 net/bpf/test_run.c:49
 bpf_prog_test_run_skb+0x6bd/0xe00 net/bpf/test_run.c:496
 bpf_prog_test_run kernel/bpf/syscall.c:2996 [inline]
 __do_sys_bpf+0x39a0/0x9a60 kernel/bpf/syscall.c:4196
 __se_sys_bpf kernel/bpf/syscall.c:4136 [inline]
 __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4136
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 10153 Comm: syz-executor.5 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/13 17:44 upstream fb893de323e2 ee7cb8b6 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.