syzbot

 sign-in | mailing list | source | docs
🐞 Open [1525]
Subsystems
🐞 Fixed [6475]
🐞 Invalid [16427]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in geneve_xmit / geneve_xmit (3)

Status: auto-closed as invalid on 2021/12/23 17:26
Subsystems: net
[Documentation on labels]
First crash: 1350d, last: 1350d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in geneve_xmit / geneve_xmit (4) net 6 1 1285d 1285d 0/29 auto-closed as invalid on 2022/02/27 09:30
upstream KCSAN: data-race in geneve_xmit / geneve_xmit (2) net 6 1 1696d 1696d 0/29 auto-closed as invalid on 2021/01/12 17:00
upstream KCSAN: data-race in geneve_xmit / geneve_xmit net 6 4 1971d 2008d 0/29 auto-closed as invalid on 2020/05/17 12:40
upstream KCSAN: data-race in geneve_xmit / geneve_xmit (5) net 6 1 1145d 1145d 0/29 auto-closed as invalid on 2022/07/17 10:41

Sample crash report:
==================================================================
BUG: KCSAN: data-race in geneve_xmit / geneve_xmit

write to 0xffff8881383cd1b0 of 8 bytes by task 12290 on cpu 0:
 geneve_xmit+0x1735/0x1880 drivers/net/geneve.c:1094
 __netdev_start_xmit include/linux/netdevice.h:4987 [inline]
 netdev_start_xmit include/linux/netdevice.h:5001 [inline]
 xmit_one+0x105/0x2f0 net/core/dev.c:3590
 dev_hard_start_xmit net/core/dev.c:3606 [inline]
 __dev_queue_xmit+0x869/0xf70 net/core/dev.c:4226
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4259
 neigh_hh_output include/net/neighbour.h:511 [inline]
 neigh_output include/net/neighbour.h:525 [inline]
 ip_finish_output2+0x705/0xb40 net/ipv4/ip_output.c:221
 ip_do_fragment+0x5e6/0x1010 net/ipv4/ip_output.c:897
 ip_fragment+0xd2/0x130
 __ip_finish_output net/ipv4/ip_output.c:297 [inline]
 ip_finish_output+0x20e/0x240 net/ipv4/ip_output.c:309
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xf3/0x1a0 net/ipv4/ip_output.c:423
 dst_output include/net/dst.h:450 [inline]
 ip_local_out+0x60/0x80 net/ipv4/ip_output.c:126
 iptunnel_xmit+0x359/0x500 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0xf79/0x1210 net/ipv4/ip_tunnel.c:810
 __gre_xmit net/ipv4/ip_gre.c:471 [inline]
 ipgre_xmit+0x553/0x5a0 net/ipv4/ip_gre.c:658
 __netdev_start_xmit include/linux/netdevice.h:4987 [inline]
 netdev_start_xmit include/linux/netdevice.h:5001 [inline]
 xmit_one+0x105/0x2f0 net/core/dev.c:3590
 dev_hard_start_xmit net/core/dev.c:3606 [inline]
 __dev_queue_xmit+0x869/0xf70 net/core/dev.c:4226
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4259
 __bpf_tx_skb net/core/filter.c:2114 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2139 [inline]
 __bpf_redirect+0x5a2/0x840 net/core/filter.c:2162
 ____bpf_clone_redirect net/core/filter.c:2429 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2401
 ___bpf_prog_run+0xc87/0x30c0 kernel/bpf/core.c:1558
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:1786
 bpf_dispatcher_nop_func include/linux/bpf.h:727 [inline]
 __bpf_prog_run include/linux/filter.h:626 [inline]
 bpf_prog_run include/linux/filter.h:633 [inline]
 bpf_test_run+0x18b/0x400 net/bpf/test_run.c:120
 bpf_prog_test_run_skb+0x73d/0xed0 net/bpf/test_run.c:666
 bpf_prog_test_run kernel/bpf/syscall.c:3335 [inline]
 __sys_bpf+0x3c5f/0xa360 kernel/bpf/syscall.c:4636
 __do_sys_bpf kernel/bpf/syscall.c:4722 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4720 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:4720
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff8881383cd1b0 of 8 bytes by task 12326 on cpu 1:
 geneve_xmit+0x1723/0x1880 drivers/net/geneve.c:1094
 __netdev_start_xmit include/linux/netdevice.h:4987 [inline]
 netdev_start_xmit include/linux/netdevice.h:5001 [inline]
 xmit_one+0x105/0x2f0 net/core/dev.c:3590
 dev_hard_start_xmit net/core/dev.c:3606 [inline]
 __dev_queue_xmit+0x869/0xf70 net/core/dev.c:4226
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4259
 neigh_hh_output include/net/neighbour.h:511 [inline]
 neigh_output include/net/neighbour.h:525 [inline]
 ip_finish_output2+0x705/0xb40 net/ipv4/ip_output.c:221
 ip_do_fragment+0x5e6/0x1010 net/ipv4/ip_output.c:897
 ip_fragment+0xd2/0x130
 __ip_finish_output net/ipv4/ip_output.c:297 [inline]
 ip_finish_output+0x20e/0x240 net/ipv4/ip_output.c:309
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_output+0xf3/0x1a0 net/ipv4/ip_output.c:423
 dst_output include/net/dst.h:450 [inline]
 ip_local_out+0x60/0x80 net/ipv4/ip_output.c:126
 iptunnel_xmit+0x359/0x500 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0xf79/0x1210 net/ipv4/ip_tunnel.c:810
 __gre_xmit net/ipv4/ip_gre.c:471 [inline]
 ipgre_xmit+0x553/0x5a0 net/ipv4/ip_gre.c:658
 __netdev_start_xmit include/linux/netdevice.h:4987 [inline]
 netdev_start_xmit include/linux/netdevice.h:5001 [inline]
 xmit_one+0x105/0x2f0 net/core/dev.c:3590
 dev_hard_start_xmit net/core/dev.c:3606 [inline]
 __dev_queue_xmit+0x869/0xf70 net/core/dev.c:4226
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4259
 __bpf_tx_skb net/core/filter.c:2114 [inline]
 __bpf_redirect_no_mac net/core/filter.c:2139 [inline]
 __bpf_redirect+0x5a2/0x840 net/core/filter.c:2162
 ____bpf_clone_redirect net/core/filter.c:2429 [inline]
 bpf_clone_redirect+0x168/0x1c0 net/core/filter.c:2401
 ___bpf_prog_run+0xc87/0x30c0 kernel/bpf/core.c:1558
 __bpf_prog_run512+0x70/0xa0 kernel/bpf/core.c:1786
 bpf_dispatcher_nop_func include/linux/bpf.h:727 [inline]
 __bpf_prog_run include/linux/filter.h:626 [inline]
 bpf_prog_run include/linux/filter.h:633 [inline]
 bpf_test_run+0x18b/0x400 net/bpf/test_run.c:120
 bpf_prog_test_run_skb+0x73d/0xed0 net/bpf/test_run.c:666
 bpf_prog_test_run kernel/bpf/syscall.c:3335 [inline]
 __sys_bpf+0x3c5f/0xa360 kernel/bpf/syscall.c:4636
 __do_sys_bpf kernel/bpf/syscall.c:4722 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4720 [inline]
 __x64_sys_bpf+0x3f/0x50 kernel/bpf/syscall.c:4720
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x000000000000faa1 -> 0x000000000000faa2

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 12326 Comm: syz-executor.5 Not tainted 5.16.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
syz-executor.5 (12326) used greatest stack depth: 9152 bytes left

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/11/18 17:26 upstream 42eb8fdac2fc 31a30fc0 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in geneve_xmit / geneve_xmit
* Struck through repros no longer work on HEAD.