syzbot

 sign-in | mailing list | source | docs
🐞 Open [981] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12495] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (9)

Status: auto-obsoleted due to no activity on 2023/01/13 04:35
Subsystems: net
[Documentation on labels]
First crash: 527d, last: 504d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (6) net 1 774d 774d 0/26 auto-closed as invalid on 2022/04/15 20:54
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (8) net 2 634d 643d 0/26 auto-closed as invalid on 2022/09/02 16:35
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (5) net 9 828d 893d 0/26 auto-closed as invalid on 2022/02/20 15:36
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit net 10 1502d 1637d 0/26 auto-closed as invalid on 2020/05/22 23:22
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (2) net 2 1373d 1374d 0/26 auto-closed as invalid on 2020/08/24 20:07
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (4) net 1 1114d 1114d 0/26 auto-closed as invalid on 2021/05/17 09:21
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (3) net 2 1273d 1279d 0/26 auto-closed as invalid on 2020/12/03 02:00
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (7) net 1 714d 714d 0/26 auto-closed as invalid on 2022/06/14 13:17

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit

read-write to 0xffff88813a5a3168 of 8 bytes by task 6449 on cpu 1:
 ip6_tnl_start_xmit+0x883/0xa90 net/ipv6/ip6_tunnel.c:1442
 __netdev_start_xmit include/linux/netdevice.h:4840 [inline]
 netdev_start_xmit include/linux/netdevice.h:4854 [inline]
 xmit_one+0xc0/0x2a0 net/core/dev.c:3590
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606
 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x52b/0x8f0 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2403
 ___bpf_prog_run+0x278/0x2da0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3630
 __sys_bpf+0x38a/0x630 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:5067
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read-write to 0xffff88813a5a3168 of 8 bytes by task 6459 on cpu 0:
 ip6_tnl_start_xmit+0x883/0xa90 net/ipv6/ip6_tunnel.c:1442
 __netdev_start_xmit include/linux/netdevice.h:4840 [inline]
 netdev_start_xmit include/linux/netdevice.h:4854 [inline]
 xmit_one+0xc0/0x2a0 net/core/dev.c:3590
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606
 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x52b/0x8f0 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2403
 ___bpf_prog_run+0x278/0x2da0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3630
 __sys_bpf+0x38a/0x630 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:5067
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000000000004ec -> 0x00000000000004ef

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 6459 Comm: syz-executor.3 Not tainted 6.1.0-rc8-syzkaller-00003-gbce9332220bd-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/06 16:33 upstream bce9332220bd 045cbb84 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit
2022/12/03 05:07 upstream a4412fdd49dc e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit
2022/11/13 08:07 upstream fef7fd48922d f42ee5d8 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit
* Struck through repros no longer work on HEAD.