syzbot

 sign-in | mailing list | source | docs
🐞 Open [1437]
Subsystems
🐞 Fixed [6949]
🐞 Invalid [18123]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (9)

Status: auto-obsoleted due to no activity on 2023/01/13 04:35
Subsystems: net
[Documentation on labels]
First crash: 1205d, last: 1181d
Similar bugs (8)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (6) net 6 1 1451d 1451d 0/29 auto-closed as invalid on 2022/04/15 20:54
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (8) net 6 2 1311d 1320d 0/29 auto-closed as invalid on 2022/09/02 16:35
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (5) net 6 9 1505d 1570d 0/29 auto-closed as invalid on 2022/02/20 15:36
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit net 6 10 2179d 2314d 0/29 auto-closed as invalid on 2020/05/22 23:22
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (2) net 6 2 2050d 2051d 0/29 auto-closed as invalid on 2020/08/24 20:07
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (4) net 6 1 1791d 1791d 0/29 auto-closed as invalid on 2021/05/17 09:21
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (3) net 6 2 1950d 1956d 0/29 auto-closed as invalid on 2020/12/03 02:00
upstream KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit (7) net 6 1 1391d 1391d 0/29 auto-closed as invalid on 2022/06/14 13:17

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit

read-write to 0xffff88813a5a3168 of 8 bytes by task 6449 on cpu 1:
 ip6_tnl_start_xmit+0x883/0xa90 net/ipv6/ip6_tunnel.c:1442
 __netdev_start_xmit include/linux/netdevice.h:4840 [inline]
 netdev_start_xmit include/linux/netdevice.h:4854 [inline]
 xmit_one+0xc0/0x2a0 net/core/dev.c:3590
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606
 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x52b/0x8f0 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2403
 ___bpf_prog_run+0x278/0x2da0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3630
 __sys_bpf+0x38a/0x630 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:5067
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read-write to 0xffff88813a5a3168 of 8 bytes by task 6459 on cpu 0:
 ip6_tnl_start_xmit+0x883/0xa90 net/ipv6/ip6_tunnel.c:1442
 __netdev_start_xmit include/linux/netdevice.h:4840 [inline]
 netdev_start_xmit include/linux/netdevice.h:4854 [inline]
 xmit_one+0xc0/0x2a0 net/core/dev.c:3590
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3606
 __dev_queue_xmit+0x91c/0x11c0 net/core/dev.c:4256
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 __bpf_tx_skb net/core/filter.c:2116 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2141 [inline]
 __bpf_redirect+0x52b/0x8f0 net/core/filter.c:2164
 ____bpf_clone_redirect net/core/filter.c:2431 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2403
 ___bpf_prog_run+0x278/0x2da0 kernel/bpf/core.c:1818
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2043
 bpf_dispatcher_nop_func include/linux/bpf.h:968 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1183
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3630
 __sys_bpf+0x38a/0x630 kernel/bpf/syscall.c:4983
 __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:5067
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000000000004ec -> 0x00000000000004ef

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 6459 Comm: syz-executor.3 Not tainted 6.1.0-rc8-syzkaller-00003-gbce9332220bd-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/06 16:33 upstream bce9332220bd 045cbb84 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit
2022/12/03 05:07 upstream a4412fdd49dc e080de16 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit
2022/11/13 08:07 upstream fef7fd48922d f42ee5d8 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in ip6_tnl_start_xmit / ip6_tnl_start_xmit
* Struck through repros no longer work on HEAD.