KCSAN: data-race in __dev_queue_xmit / __dev_queue

Kernel	Title	Rank 🛈	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (5) net	6	1	1453d	1452d	20/29	fixed on 2022/03/08 16:11
upstream	KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (4) net	6	2	1750d	1760d	0/29	auto-closed as invalid on 2021/03/05 12:45
upstream	KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (2) net	6	37	1977d	2152d	0/29	closed as invalid on 2020/06/18 14:24
upstream	KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit net	6	40	2164d	2213d	15/29	fixed on 2019/12/13 00:31

netlink: 28 bytes leftover after parsing attributes in process `syz-executor.5'. ================================================================== BUG: KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit write to 0xffff8880a44b6884 of 4 bytes by task 10160 on cpu 0: __netif_tx_unlock include/linux/netdevice.h:4139 [inline] __dev_queue_xmit+0x107a/0x15a0 net/core/dev.c:4139 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169 neigh_connected_output+0x24f/0x280 net/core/neighbour.c:1518 neigh_output include/net/neighbour.h:509 [inline] ip_finish_output2+0x4e2/0xb60 net/ipv4/ip_output.c:228 __ip_finish_output+0x395/0x3e0 net/ipv4/ip_output.c:306 ip_finish_output+0x39/0x160 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip_mc_output+0x301/0x4d0 net/ipv4/ip_output.c:415 dst_output include/net/dst.h:443 [inline] ip_local_out+0x60/0x80 net/ipv4/ip_output.c:125 iptunnel_xmit+0x30d/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1099/0x11c0 net/ipv4/ip_tunnel.c:816 __gre_xmit net/ipv4/ip_gre.c:466 [inline] ipgre_xmit+0x53e/0x590 net/ipv4/ip_gre.c:650 __netdev_start_xmit include/linux/netdevice.h:4634 [inline] netdev_start_xmit include/linux/netdevice.h:4648 [inline] xmit_one+0xc0/0x310 net/core/dev.c:3561 dev_hard_start_xmit net/core/dev.c:3577 [inline] __dev_queue_xmit+0xf00/0x15a0 net/core/dev.c:4136 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169 __bpf_tx_skb net/core/filter.c:2112 [inline] __bpf_redirect_no_mac net/core/filter.c:2137 [inline] __bpf_redirect+0x56a/0x7c0 net/core/filter.c:2160 ____bpf_clone_redirect net/core/filter.c:2191 [inline] bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2163 0xffffffffa0052814 bpf_dispatcher_nop_func include/linux/bpf.h:586 [inline] bpf_test_run+0x26d/0x4a0 net/bpf/test_run.c:49 bpf_prog_test_run_skb+0x6bd/0xe00 net/bpf/test_run.c:496 bpf_prog_test_run kernel/bpf/syscall.c:2996 [inline] __do_sys_bpf+0x39a0/0x9a60 kernel/bpf/syscall.c:4196 __se_sys_bpf kernel/bpf/syscall.c:4136 [inline] __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4136 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 read to 0xffff8880a44b6884 of 4 bytes by task 10153 on cpu 1: __dev_queue_xmit+0x7f7/0x15a0 net/core/dev.c:4124 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169 neigh_connected_output+0x24f/0x280 net/core/neighbour.c:1518 neigh_output include/net/neighbour.h:509 [inline] ip_finish_output2+0x4e2/0xb60 net/ipv4/ip_output.c:228 __ip_finish_output+0x395/0x3e0 net/ipv4/ip_output.c:306 ip_finish_output+0x39/0x160 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip_mc_output+0x301/0x4d0 net/ipv4/ip_output.c:415 dst_output include/net/dst.h:443 [inline] ip_local_out+0x60/0x80 net/ipv4/ip_output.c:125 iptunnel_xmit+0x30d/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1099/0x11c0 net/ipv4/ip_tunnel.c:816 __gre_xmit net/ipv4/ip_gre.c:466 [inline] ipgre_xmit+0x53e/0x590 net/ipv4/ip_gre.c:650 __netdev_start_xmit include/linux/netdevice.h:4634 [inline] netdev_start_xmit include/linux/netdevice.h:4648 [inline] xmit_one+0xc0/0x310 net/core/dev.c:3561 dev_hard_start_xmit net/core/dev.c:3577 [inline] __dev_queue_xmit+0xf00/0x15a0 net/core/dev.c:4136 dev_queue_xmit+0x13/0x20 net/core/dev.c:4169 __bpf_tx_skb net/core/filter.c:2112 [inline] __bpf_redirect_no_mac net/core/filter.c:2137 [inline] __bpf_redirect+0x56a/0x7c0 net/core/filter.c:2160 ____bpf_clone_redirect net/core/filter.c:2191 [inline] bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2163 bpf_prog_bebbfe2050753572+0x5c/0x5c8 bpf_dispatcher_nop_func include/linux/bpf.h:586 [inline] bpf_test_run+0x26d/0x4a0 net/bpf/test_run.c:49 bpf_prog_test_run_skb+0x6bd/0xe00 net/bpf/test_run.c:496 bpf_prog_test_run kernel/bpf/syscall.c:2996 [inline] __do_sys_bpf+0x39a0/0x9a60 kernel/bpf/syscall.c:4196 __se_sys_bpf kernel/bpf/syscall.c:4136 [inline] __x64_sys_bpf+0x3d/0x50 kernel/bpf/syscall.c:4136 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 10153 Comm: syz-executor.5 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ==================================================================