syzbot

 sign-in | mailing list | source | docs
🐞 Open [942] 🐞 Fixed [4029] 🐞 Invalid [8948] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in __neigh_event_send / ip6_finish_output2 (2)

Status: auto-closed as invalid on 2020/10/11 09:30
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 754d, last: 754d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __neigh_event_send / ip6_finish_output2 (4) 1 591d 591d 0/24 auto-closed as invalid on 2021/03/22 17:37
upstream KCSAN: data-race in __neigh_event_send / ip6_finish_output2 1 1017d 1017d 0/24 auto-closed as invalid on 2020/02/26 12:38
upstream KCSAN: data-race in __neigh_event_send / ip6_finish_output2 (3) 1 635d 635d 0/24 auto-closed as invalid on 2021/02/06 17:19

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __neigh_event_send / ip6_finish_output2

write to 0xffff888096bd9085 of 1 bytes by task 12334 on cpu 1:
 __neigh_event_send+0x403/0xb10 net/core/neighbour.c:1126
 neigh_event_send include/net/neighbour.h:443 [inline]
 neigh_resolve_output+0x104/0x400 net/core/neighbour.c:1473
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0x97f/0xb20 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x302/0x330 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x39/0x160 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:443 [inline]
 ip6_local_out+0x60/0x80 net/ipv6/output_core.c:179
 ip6tunnel_xmit include/net/ip6_tunnel.h:160 [inline]
 udp_tunnel6_xmit_skb+0x2f9/0x4b0 net/ipv6/ip6_udp_tunnel.c:109
 send6+0x2d7/0x3a0 drivers/net/wireguard/socket.c:152
 wg_socket_send_skb_to_peer drivers/net/wireguard/socket.c:177 [inline]
 wg_socket_send_buffer_to_peer+0x186/0x210 drivers/net/wireguard/socket.c:199
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0xf9/0x140 drivers/net/wireguard/send.c:51
 process_one_work+0x3e1/0x9a0 kernel/workqueue.c:2269
 worker_thread+0x665/0xbe0 kernel/workqueue.c:2415
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

read to 0xffff888096bd9085 of 1 bytes by task 3355 on cpu 0:
 neigh_output include/net/neighbour.h:506 [inline]
 ip6_finish_output2+0x6f6/0xb20 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x302/0x330 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x39/0x160 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:443 [inline]
 ip6_local_out+0x60/0x80 net/ipv6/output_core.c:179
 ip6tunnel_xmit include/net/ip6_tunnel.h:160 [inline]
 udp_tunnel6_xmit_skb+0x2f9/0x4b0 net/ipv6/ip6_udp_tunnel.c:109
 send6+0x2d7/0x3a0 drivers/net/wireguard/socket.c:152
 wg_socket_send_skb_to_peer drivers/net/wireguard/socket.c:177 [inline]
 wg_socket_send_buffer_to_peer+0x186/0x210 drivers/net/wireguard/socket.c:199
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0xf9/0x140 drivers/net/wireguard/send.c:51
 process_one_work+0x3e1/0x9a0 kernel/workqueue.c:2269
 worker_thread+0x665/0xbe0 kernel/workqueue.c:2415
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 3355 Comm: kworker/u4:4 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2020/09/06 09:24 upstream 9322c47b21b9 abf9ba4f .config log report
* Struck through repros no longer work on HEAD.