syzbot


KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit (5)

Status: auto-closed as invalid on 2022/06/28 11:15
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 192d, last: 188d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit (4) 13 273d 375d 0/24 auto-closed as invalid on 2022/04/03 16:50
upstream KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit (3) 1 614d 614d 0/24 auto-closed as invalid on 2021/04/28 06:20
upstream KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit 75 722d 909d 0/24 auto-closed as invalid on 2021/01/09 17:46
upstream KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit (2) 2 651d 666d 0/24 auto-closed as invalid on 2021/03/22 06:37
upstream KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit (6) 4 93d 115d 0/24 auto-closed as invalid on 2022/10/01 13:37

Sample crash report:
==================================================================
BUG: KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit

read-write to 0xffff88812b1e11b8 of 8 bytes by task 5921 on cpu 0:
 vti_xmit net/ipv4/ip_vti.c:224 [inline]
 vti_tunnel_xmit+0x7d3/0xaf0 net/ipv4/ip_vti.c:304
 __netdev_start_xmit include/linux/netdevice.h:4775 [inline]
 netdev_start_xmit include/linux/netdevice.h:4789 [inline]
 xmit_one+0x105/0x2f0 net/core/dev.c:3532
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3548
 __dev_queue_xmit+0x84c/0xef0 net/core/dev.c:4176
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4209
 __bpf_tx_skb net/core/filter.c:2113 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2138 [inline]
 __bpf_redirect+0x554/0x840 net/core/filter.c:2161
 ____bpf_clone_redirect net/core/filter.c:2428 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2400
 ___bpf_prog_run+0x278/0x2d40 kernel/bpf/core.c:1835
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2064
 bpf_dispatcher_nop_func include/linux/bpf.h:804 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1111
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3369
 __sys_bpf+0x367/0x600 kernel/bpf/syscall.c:4681
 __do_sys_bpf kernel/bpf/syscall.c:4767 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4765 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:4765
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

read-write to 0xffff88812b1e11b8 of 8 bytes by task 5927 on cpu 1:
 vti_xmit net/ipv4/ip_vti.c:224 [inline]
 vti_tunnel_xmit+0x7d3/0xaf0 net/ipv4/ip_vti.c:304
 __netdev_start_xmit include/linux/netdevice.h:4775 [inline]
 netdev_start_xmit include/linux/netdevice.h:4789 [inline]
 xmit_one+0x105/0x2f0 net/core/dev.c:3532
 dev_hard_start_xmit+0x72/0x120 net/core/dev.c:3548
 __dev_queue_xmit+0x84c/0xef0 net/core/dev.c:4176
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4209
 __bpf_tx_skb net/core/filter.c:2113 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2138 [inline]
 __bpf_redirect+0x554/0x840 net/core/filter.c:2161
 ____bpf_clone_redirect net/core/filter.c:2428 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2400
 ___bpf_prog_run+0x278/0x2d40 kernel/bpf/core.c:1835
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:2064
 bpf_dispatcher_nop_func include/linux/bpf.h:804 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 bpf_test_run+0x1eb/0x410 net/bpf/test_run.c:402
 bpf_prog_test_run_skb+0x76b/0x9f0 net/bpf/test_run.c:1111
 bpf_prog_test_run+0x22a/0x250 kernel/bpf/syscall.c:3369
 __sys_bpf+0x367/0x600 kernel/bpf/syscall.c:4681
 __do_sys_bpf kernel/bpf/syscall.c:4767 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4765 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:4765
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

value changed: 0x0000000000000675 -> 0x0000000000000676

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 5927 Comm: syz-executor.4 Not tainted 5.18.0-syzkaller-01157-g143a6252e1b8-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/05/24 11:14 upstream 143a6252e1b8 fcfad4ff .config log report info KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit
ci2-upstream-kcsan-gce 2022/05/22 07:48 upstream eaea45fc0e7b 7268fa62 .config log report info KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit
ci2-upstream-kcsan-gce 2022/05/20 10:00 upstream b015dcd62b86 cb1ac2e7 .config log report info KCSAN: data-race in vti_tunnel_xmit / vti_tunnel_xmit
* Struck through repros no longer work on HEAD.