syzbot

 sign-in | mailing list | source | docs
🐞 Open [1537]
Subsystems
🐞 Fixed [6444]
🐞 Invalid [16327]
Missing Backports [198]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in ip6_dst_gc / ip6_dst_gc

Status: auto-closed as invalid on 2020/05/21 16:42
Subsystems: net
[Documentation on labels]
First crash: 2083d, last: 1957d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in ip6_dst_gc / ip6_dst_gc (2) net 6 1 1637d 1637d 0/29 auto-closed as invalid on 2021/03/02 13:08
upstream KCSAN: data-race in ip6_dst_gc / ip6_dst_gc (3) net 6 2 1194d 1196d 22/29 fixed on 2023/02/24 13:50

Sample crash report:
==================================================================
BUG: KCSAN: data-race in ip6_dst_gc / ip6_dst_gc

write to 0xffff8880a681e94c of 4 bytes by task 12269 on cpu 1:
 ip6_dst_gc+0x190/0x200 net/ipv6/route.c:3187
 dst_alloc+0xf4/0x133 net/core/dst.c:85
 ip6_dst_alloc+0x38/0x80 net/ipv6/route.c:355
 ip6_rt_cache_alloc+0x12b/0x480 net/ipv6/route.c:1344
 ip6_pol_route+0x5f4/0x740 net/ipv6/route.c:2223
 ip6_pol_route_output+0x44/0x60 net/ipv6/route.c:2455
 fib6_rule_lookup+0x96/0x450 net/ipv6/fib6_rules.c:114
 ip6_route_output_flags_noref+0x163/0x220 net/ipv6/route.c:2487
 ip6_route_output_flags+0x4d/0x1a0 net/ipv6/route.c:2500
 ip6_dst_lookup_tail+0x25d/0xc50 net/ipv6/ip6_output.c:1052
 ip6_dst_lookup_flow+0x5c/0x110 net/ipv6/ip6_output.c:1153
 rawv6_sendmsg+0x9fb/0x2320 net/ipv6/raw.c:928
 inet_sendmsg+0x69/0x90 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0x98/0xc0 net/socket.c:672
 ____sys_sendmsg+0x207/0x4c0 net/socket.c:2343
 ___sys_sendmsg+0xb5/0x100 net/socket.c:2397
 __sys_sendmmsg+0x10e/0x310 net/socket.c:2487
 __do_sys_sendmmsg net/socket.c:2516 [inline]
 __se_sys_sendmmsg net/socket.c:2513 [inline]
 __x64_sys_sendmmsg+0x60/0x80 net/socket.c:2513
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880a681e94c of 4 bytes by task 12271 on cpu 0:
 dst_entries_get_fast include/net/dst_ops.h:48 [inline]
 ip6_dst_gc+0xf4/0x200 net/ipv6/route.c:3176
 dst_alloc+0xf4/0x133 net/core/dst.c:85
 ip6_dst_alloc+0x38/0x80 net/ipv6/route.c:355
 ip6_rt_cache_alloc+0x12b/0x480 net/ipv6/route.c:1344
 ip6_pol_route+0x5f4/0x740 net/ipv6/route.c:2223
 ip6_pol_route_output+0x44/0x60 net/ipv6/route.c:2455
 fib6_rule_lookup+0x96/0x450 net/ipv6/fib6_rules.c:114
 ip6_route_output_flags_noref+0x163/0x220 net/ipv6/route.c:2487
 ip6_route_output_flags+0x4d/0x1a0 net/ipv6/route.c:2500
 ip6_dst_lookup_tail+0x25d/0xc50 net/ipv6/ip6_output.c:1052
 ip6_dst_lookup_flow+0x5c/0x110 net/ipv6/ip6_output.c:1153
 rawv6_sendmsg+0x9fb/0x2320 net/ipv6/raw.c:928
 inet_sendmsg+0x69/0x90 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0x98/0xc0 net/socket.c:672
 ____sys_sendmsg+0x207/0x4c0 net/socket.c:2343
 ___sys_sendmsg+0xb5/0x100 net/socket.c:2397
 __sys_sendmmsg+0x10e/0x310 net/socket.c:2487
 __do_sys_sendmmsg net/socket.c:2516 [inline]
 __se_sys_sendmmsg net/socket.c:2513 [inline]
 __x64_sys_sendmmsg+0x60/0x80 net/socket.c:2513
 do_syscall_64+0xc7/0x390 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 12271 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (12):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/12 16:33 https://github.com/google/ktsan.git kcsan 941e0d917bbf d850e9d0 .config console log report ci2-upstream-kcsan-gce
2020/03/07 17:55 https://github.com/google/ktsan.git kcsan 941e0d917bbf 2e9971bb .config console log report ci2-upstream-kcsan-gce
2020/02/06 09:41 https://github.com/google/ktsan.git kcsan 245a43005292 662cf49a .config console log report ci2-upstream-kcsan-gce
2020/01/29 22:19 https://github.com/google/ktsan.git kcsan 245a43005292 5ed23f9a .config console log report ci2-upstream-kcsan-gce
2020/01/19 02:06 https://github.com/google/ktsan.git kcsan 245a43005292 bc8bc756 .config console log report ci2-upstream-kcsan-gce
2020/01/17 10:36 https://github.com/google/ktsan.git kcsan 245a43005292 3de7aabb .config console log report ci2-upstream-kcsan-gce
2020/01/17 10:34 https://github.com/google/ktsan.git kcsan 245a43005292 3de7aabb .config console log report ci2-upstream-kcsan-gce
2020/01/17 10:32 https://github.com/google/ktsan.git kcsan 245a43005292 3de7aabb .config console log report ci2-upstream-kcsan-gce
2019/12/19 11:31 https://github.com/google/ktsan.git kcsan 245a43005292 79b211f7 .config console log report ci2-upstream-kcsan-gce
2019/11/23 01:22 https://github.com/google/ktsan.git kcsan 5863cc791e4c 598ca6c8 .config console log report ci2-upstream-kcsan-gce
2019/11/11 04:20 https://github.com/google/ktsan.git kcsan 94c006602e13 dc438b91 .config console log report ci2-upstream-kcsan-gce
2019/11/07 12:00 https://github.com/google/ktsan.git kcsan 94c006602e13 d797d201 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.