syzbot

 sign-in | mailing list | source | docs
🐞 Open [1513]
Subsystems
🐞 Fixed [6633]
🐞 Invalid [17000]
Missing Backports [212]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __tun_detach / tun_net_xmit

Status: auto-obsoleted due to no activity on 2025/01/29 00:31
Subsystems: net
[Documentation on labels]
First crash: 309d, last: 309d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __tun_detach / tun_net_xmit

read-write to 0xffff888114f95280 of 4 bytes by task 9179 on cpu 0:
 __tun_detach+0x1cd/0xaa0 drivers/net/tun.c:660
 tun_detach drivers/net/tun.c:701 [inline]
 tun_chr_close+0x58/0xf0 drivers/net/tun.c:3517
 __fput+0x17a/0x6d0 fs/file_table.c:450
 ____fput+0x1c/0x30 fs/file_table.c:478
 task_work_run+0x13a/0x1a0 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xa8/0x120 kernel/entry/common.c:218
 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff888114f95280 of 4 bytes by task 3377 on cpu 1:
 tun_automq_xmit drivers/net/tun.c:1038 [inline]
 tun_net_xmit+0xa6/0xa90 drivers/net/tun.c:1085
 __netdev_start_xmit include/linux/netdevice.h:5002 [inline]
 netdev_start_xmit include/linux/netdevice.h:5011 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0x119/0x3f0 net/core/dev.c:3606
 sch_direct_xmit+0x1a9/0x580 net/sched/sch_generic.c:343
 __dev_xmit_skb net/core/dev.c:3827 [inline]
 __dev_queue_xmit+0xf6a/0x2090 net/core/dev.c:4400
 dev_queue_xmit include/linux/netdevice.h:3168 [inline]
 neigh_resolve_output+0x3d8/0x450 net/core/neighbour.c:1514
 neigh_output include/net/neighbour.h:539 [inline]
 ip6_finish_output2+0xa65/0xd00 net/ipv6/ip6_output.c:141
 ip6_finish_output+0x438/0x540 net/ipv6/ip6_output.c:226
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0xf5/0x230 net/ipv6/ip6_output.c:247
 dst_output include/net/dst.h:450 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 mld_sendpack+0x421/0x6d0 net/ipv6/mcast.c:1819
 mld_send_cr net/ipv6/mcast.c:2120 [inline]
 mld_ifc_work+0x51a/0x7e0 net/ipv6/mcast.c:2651
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

value changed: 0x00000001 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3377 Comm: kworker/1:3 Not tainted 6.13.0-rc1-syzkaller-00005-gceb8bf2ceaa7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: mld mld_ifc_work
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/04 00:26 upstream ceb8bf2ceaa7 b50eb251 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __tun_detach / tun_net_xmit
* Struck through repros no longer work on HEAD.