KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (5)
6 views
Skip to first unread message
syzbot
Jun 21, 2021, 4:42:24 AM6/21/21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 63d1cb53 Merge tag 'powerpc-5.13-3' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14f590add00000
kernel config: https://syzkaller.appspot.com/x/.config?x=405f42fd64d1268b
dashboard link: https://syzkaller.appspot.com/bug?extid=dd492f98ffac3961bbd4
compiler: Debian clang version 11.0.1-2
CC: [da...@davemloft.net dsa...@kernel.org ku...@kernel.org linux-...@vger.kernel.org net...@vger.kernel.org yosh...@linux-ipv6.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dd492f...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit
write to 0xffff888122ddf150 of 8 bytes by task 14026 on cpu 1:
ip_tunnel_xmit+0xdd2/0x11c0 net/ipv4/ip_tunnel.c:813
sit_tunnel_xmit__ net/ipv6/sit.c:1058 [inline]
sit_tunnel_xmit+0x3c2/0x11f0 net/ipv6/sit.c:1074
__netdev_start_xmit include/linux/netdevice.h:4944 [inline]
netdev_start_xmit include/linux/netdevice.h:4958 [inline]
xmit_one+0xf9/0x270 net/core/dev.c:3654
dev_hard_start_xmit net/core/dev.c:3670 [inline]
__dev_queue_xmit+0xd44/0x1300 net/core/dev.c:4245
dev_queue_xmit+0x13/0x20 net/core/dev.c:4278
neigh_connected_output+0x264/0x290 net/core/neighbour.c:1524
neigh_output include/net/neighbour.h:510 [inline]
ip_finish_output2+0x874/0xb10 net/ipv4/ip_output.c:230
__ip_finish_output net/ipv4/ip_output.c:252 [inline]
ip_finish_output+0x2fa/0x490 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip_output+0xf6/0x1a0 net/ipv4/ip_output.c:432
dst_output include/net/dst.h:448 [inline]
ip_local_out+0x167/0x230 net/ipv4/ip_output.c:126
ip_send_skb+0x27/0x90 net/ipv4/ip_output.c:1568
udp_send_skb+0x62d/0x860 net/ipv4/udp.c:953
udp_sendmsg+0xfe4/0x12f0 net/ipv4/udp.c:1240
udpv6_sendmsg+0x520/0x16b0 net/ipv6/udp.c:1351
inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:642
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg net/socket.c:674 [inline]
____sys_sendmsg+0x360/0x4d0 net/socket.c:2350
___sys_sendmsg net/socket.c:2404 [inline]
__sys_sendmmsg+0x315/0x4b0 net/socket.c:2490
__do_sys_sendmmsg net/socket.c:2519 [inline]
__se_sys_sendmmsg net/socket.c:2516 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2516
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff888122ddf150 of 8 bytes by task 14057 on cpu 0:
ip_tunnel_xmit+0xdc0/0x11c0 net/ipv4/ip_tunnel.c:813
sit_tunnel_xmit__ net/ipv6/sit.c:1058 [inline]
sit_tunnel_xmit+0x3c2/0x11f0 net/ipv6/sit.c:1074
__netdev_start_xmit include/linux/netdevice.h:4944 [inline]
netdev_start_xmit include/linux/netdevice.h:4958 [inline]
xmit_one+0xf9/0x270 net/core/dev.c:3654
dev_hard_start_xmit net/core/dev.c:3670 [inline]
__dev_queue_xmit+0xd44/0x1300 net/core/dev.c:4245
dev_queue_xmit+0x13/0x20 net/core/dev.c:4278
neigh_connected_output+0x264/0x290 net/core/neighbour.c:1524
neigh_output include/net/neighbour.h:510 [inline]
ip_finish_output2+0x874/0xb10 net/ipv4/ip_output.c:230
__ip_finish_output net/ipv4/ip_output.c:252 [inline]
ip_finish_output+0x2fa/0x490 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip_output+0xf6/0x1a0 net/ipv4/ip_output.c:432
dst_output include/net/dst.h:448 [inline]
ip_local_out+0x167/0x230 net/ipv4/ip_output.c:126
ip_send_skb+0x27/0x90 net/ipv4/ip_output.c:1568
udp_send_skb+0x62d/0x860 net/ipv4/udp.c:953
udp_sendmsg+0xfe4/0x12f0 net/ipv4/udp.c:1240
udpv6_sendmsg+0x520/0x16b0 net/ipv6/udp.c:1351
inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:642
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg net/socket.c:674 [inline]
____sys_sendmsg+0x360/0x4d0 net/socket.c:2350
___sys_sendmsg net/socket.c:2404 [inline]
__sys_sendmmsg+0x315/0x4b0 net/socket.c:2490
__do_sys_sendmmsg net/socket.c:2519 [inline]
__se_sys_sendmmsg net/socket.c:2516 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2516
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14057 Comm: syz-executor.1 Not tainted 5.13.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
syz-executor.1 (14057) used greatest stack depth: 10144 bytes left
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 63d1cb53 Merge tag 'powerpc-5.13-3' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14f590add00000
kernel config: https://syzkaller.appspot.com/x/.config?x=405f42fd64d1268b
dashboard link: https://syzkaller.appspot.com/bug?extid=dd492f98ffac3961bbd4
compiler: Debian clang version 11.0.1-2
CC: [da...@davemloft.net dsa...@kernel.org ku...@kernel.org linux-...@vger.kernel.org net...@vger.kernel.org yosh...@linux-ipv6.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dd492f...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit
write to 0xffff888122ddf150 of 8 bytes by task 14026 on cpu 1:
ip_tunnel_xmit+0xdd2/0x11c0 net/ipv4/ip_tunnel.c:813
sit_tunnel_xmit__ net/ipv6/sit.c:1058 [inline]
sit_tunnel_xmit+0x3c2/0x11f0 net/ipv6/sit.c:1074
__netdev_start_xmit include/linux/netdevice.h:4944 [inline]
netdev_start_xmit include/linux/netdevice.h:4958 [inline]
xmit_one+0xf9/0x270 net/core/dev.c:3654
dev_hard_start_xmit net/core/dev.c:3670 [inline]
__dev_queue_xmit+0xd44/0x1300 net/core/dev.c:4245
dev_queue_xmit+0x13/0x20 net/core/dev.c:4278
neigh_connected_output+0x264/0x290 net/core/neighbour.c:1524
neigh_output include/net/neighbour.h:510 [inline]
ip_finish_output2+0x874/0xb10 net/ipv4/ip_output.c:230
__ip_finish_output net/ipv4/ip_output.c:252 [inline]
ip_finish_output+0x2fa/0x490 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip_output+0xf6/0x1a0 net/ipv4/ip_output.c:432
dst_output include/net/dst.h:448 [inline]
ip_local_out+0x167/0x230 net/ipv4/ip_output.c:126
ip_send_skb+0x27/0x90 net/ipv4/ip_output.c:1568
udp_send_skb+0x62d/0x860 net/ipv4/udp.c:953
udp_sendmsg+0xfe4/0x12f0 net/ipv4/udp.c:1240
udpv6_sendmsg+0x520/0x16b0 net/ipv6/udp.c:1351
inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:642
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg net/socket.c:674 [inline]
____sys_sendmsg+0x360/0x4d0 net/socket.c:2350
___sys_sendmsg net/socket.c:2404 [inline]
__sys_sendmmsg+0x315/0x4b0 net/socket.c:2490
__do_sys_sendmmsg net/socket.c:2519 [inline]
__se_sys_sendmmsg net/socket.c:2516 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2516
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff888122ddf150 of 8 bytes by task 14057 on cpu 0:
ip_tunnel_xmit+0xdc0/0x11c0 net/ipv4/ip_tunnel.c:813
sit_tunnel_xmit__ net/ipv6/sit.c:1058 [inline]
sit_tunnel_xmit+0x3c2/0x11f0 net/ipv6/sit.c:1074
__netdev_start_xmit include/linux/netdevice.h:4944 [inline]
netdev_start_xmit include/linux/netdevice.h:4958 [inline]
xmit_one+0xf9/0x270 net/core/dev.c:3654
dev_hard_start_xmit net/core/dev.c:3670 [inline]
__dev_queue_xmit+0xd44/0x1300 net/core/dev.c:4245
dev_queue_xmit+0x13/0x20 net/core/dev.c:4278
neigh_connected_output+0x264/0x290 net/core/neighbour.c:1524
neigh_output include/net/neighbour.h:510 [inline]
ip_finish_output2+0x874/0xb10 net/ipv4/ip_output.c:230
__ip_finish_output net/ipv4/ip_output.c:252 [inline]
ip_finish_output+0x2fa/0x490 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:290 [inline]
ip_output+0xf6/0x1a0 net/ipv4/ip_output.c:432
dst_output include/net/dst.h:448 [inline]
ip_local_out+0x167/0x230 net/ipv4/ip_output.c:126
ip_send_skb+0x27/0x90 net/ipv4/ip_output.c:1568
udp_send_skb+0x62d/0x860 net/ipv4/udp.c:953
udp_sendmsg+0xfe4/0x12f0 net/ipv4/udp.c:1240
udpv6_sendmsg+0x520/0x16b0 net/ipv6/udp.c:1351
inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:642
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg net/socket.c:674 [inline]
____sys_sendmsg+0x360/0x4d0 net/socket.c:2350
___sys_sendmsg net/socket.c:2404 [inline]
__sys_sendmmsg+0x315/0x4b0 net/socket.c:2490
__do_sys_sendmmsg net/socket.c:2519 [inline]
__se_sys_sendmmsg net/socket.c:2516 [inline]
__x64_sys_sendmmsg+0x53/0x60 net/socket.c:2516
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14057 Comm: syz-executor.1 Not tainted 5.13.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
syz-executor.1 (14057) used greatest stack depth: 10144 bytes left
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jul 5, 2021, 4:43:20 AM7/5/21
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages