From n.zhandarovich at fintech.ru Thu Jan 11 15:41:38 2024 From: n.zhandarovich at fintech.ru (Nikita Zhandarovich) Date: Thu, 11 Jan 2024 07:41:38 -0800 Subject: [PATCH net] wireguard: receive: annotate data-race around receiving_counter.counter Message-ID: <20240111154138.7605-1-n.zhandarovich@fintech.ru> Syzkaller with KCSAN identified a data-race issue [1] when accessing keypair->receiving_counter.counter. This patch uses READ_ONCE() and WRITE_ONCE() annotations to fix the problem. [1] BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0: counter_validate drivers/net/wireguard/receive.c:321 [inline] wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461 __napi_poll+0x60/0x3b0 net/core/dev.c:6536 napi_poll net/core/dev.c:6605 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6738 __do_softirq+0xc4/0x279 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499 process_one_work kernel/workqueue.c:2633 [inline] ... read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1: decrypt_packet drivers/net/wireguard/receive.c:252 [inline] wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 ... Fixes: a9e90d9931f3 ("wireguard: noise: separate receive counter from send counter") Reported-by: syzbot+d1de830e4ecdaac83d89 at syzkaller.appspotmail.com Signed-off-by: Nikita Zhandarovich --- drivers/net/wireguard/receive.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c index a176653c8861..d91383afb6e2 100644 --- a/drivers/net/wireguard/receive.c +++ b/drivers/net/wireguard/receive.c @@ -251,7 +251,7 @@ static bool decrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair) if (unlikely(!READ_ONCE(keypair->receiving.is_valid) || wg_birthdate_has_expired(keypair->receiving.birthdate, REJECT_AFTER_TIME) || - keypair->receiving_counter.counter >= REJECT_AFTER_MESSAGES)) { + READ_ONCE(keypair->receiving_counter.counter) >= REJECT_AFTER_MESSAGES)) { WRITE_ONCE(keypair->receiving.is_valid, false); return false; } @@ -318,7 +318,7 @@ static bool counter_validate(struct noise_replay_counter *counter, u64 their_cou for (i = 1; i <= top; ++i) counter->backtrack[(i + index_current) & ((COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1)] = 0; - counter->counter = their_counter; + WRITE_ONCE(counter->counter, their_counter); } index &= (COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1; From edumazet at google.com Thu Jan 11 16:26:17 2024 From: edumazet at google.com (Eric Dumazet) Date: Thu, 11 Jan 2024 17:26:17 +0100 Subject: [PATCH net] wireguard: receive: annotate data-race around receiving_counter.counter In-Reply-To: <20240111154138.7605-1-n.zhandarovich@fintech.ru> References: <20240111154138.7605-1-n.zhandarovich@fintech.ru> Message-ID: On Thu, Jan 11, 2024 at 4:41?PM Nikita Zhandarovich wrote: > > Syzkaller with KCSAN identified a data-race issue [1] when accessing > keypair->receiving_counter.counter. > > This patch uses READ_ONCE() and WRITE_ONCE() annotations to fix the > problem. > > [1] > BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll > > write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0: > counter_validate drivers/net/wireguard/receive.c:321 [inline] > wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461 > __napi_poll+0x60/0x3b0 net/core/dev.c:6536 > napi_poll net/core/dev.c:6605 [inline] > net_rx_action+0x32b/0x750 net/core/dev.c:6738 > __do_softirq+0xc4/0x279 kernel/softirq.c:553 > do_softirq+0x5e/0x90 kernel/softirq.c:454 > __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 > __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] > _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 > spin_unlock_bh include/linux/spinlock.h:396 [inline] > ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] > wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499 > process_one_work kernel/workqueue.c:2633 [inline] > ... > > read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1: > decrypt_packet drivers/net/wireguard/receive.c:252 [inline] > wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501 > process_one_work kernel/workqueue.c:2633 [inline] > process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 > worker_thread+0x525/0x730 kernel/workqueue.c:2787 > ... > > Fixes: a9e90d9931f3 ("wireguard: noise: separate receive counter from send counter") > Reported-by: syzbot+d1de830e4ecdaac83d89 at syzkaller.appspotmail.com > Signed-off-by: Nikita Zhandarovich > --- > drivers/net/wireguard/receive.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c > index a176653c8861..d91383afb6e2 100644 > --- a/drivers/net/wireguard/receive.c > +++ b/drivers/net/wireguard/receive.c > @@ -251,7 +251,7 @@ static bool decrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair) > > if (unlikely(!READ_ONCE(keypair->receiving.is_valid) || > wg_birthdate_has_expired(keypair->receiving.birthdate, REJECT_AFTER_TIME) || > - keypair->receiving_counter.counter >= REJECT_AFTER_MESSAGES)) { > + READ_ONCE(keypair->receiving_counter.counter) >= REJECT_AFTER_MESSAGES)) { > WRITE_ONCE(keypair->receiving.is_valid, false); > return false; > } > @@ -318,7 +318,7 @@ static bool counter_validate(struct noise_replay_counter *counter, u64 their_cou > for (i = 1; i <= top; ++i) > counter->backtrack[(i + index_current) & > ((COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1)] = 0; > - counter->counter = their_counter; > + WRITE_ONCE(counter->counter, their_counter); > } > > index &= (COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1; It seems you forgot to add this as well ? diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c index a176653c88616b1bc871fe52fcea778b5e189f69..a1493c94cea042165f8523a4dac573800a6d03c4 100644 --- a/drivers/net/wireguard/receive.c +++ b/drivers/net/wireguard/receive.c @@ -463,7 +463,7 @@ int wg_packet_rx_poll(struct napi_struct *napi, int budget) net_dbg_ratelimited("%s: Packet has invalid nonce %llu (max %llu)\n", peer->device->dev->name, PACKET_CB(skb)->nonce, - keypair->receiving_counter.counter); + READ_ONCE(keypair->receiving_counter.counter)); goto next; } Thanks. From Jason at zx2c4.com Thu Jan 11 17:28:16 2024 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 11 Jan 2024 18:28:16 +0100 Subject: [PATCH net] wireguard: receive: annotate data-race around receiving_counter.counter In-Reply-To: <20240111154138.7605-1-n.zhandarovich@fintech.ru> References: <20240111154138.7605-1-n.zhandarovich@fintech.ru> Message-ID: Thanks. Jann pointed me at this a few days ago and I was just looking into it. Send a v2 with Eric's suggestion and I'll queue it up? Jason From syzbot+97d9596e4ae0572c9825 at syzkaller.appspotmail.com Fri Jan 12 10:10:28 2024 From: syzbot+97d9596e4ae0572c9825 at syzkaller.appspotmail.com (syzbot) Date: Fri, 12 Jan 2024 02:10:28 -0800 Subject: [syzbot] [wireguard?] KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll (7) Message-ID: <000000000000a1d657060ebcdf1d@google.com> Hello, syzbot found the following issue on: HEAD commit: 5db8752c3b81 Merge tag 'vfs-6.8.iov_iter' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1540e665e80000 kernel config: https://syzkaller.appspot.com/x/.config?x=d7a01358d18c37d5 dashboard link: https://syzkaller.appspot.com/bug?extid=97d9596e4ae0572c9825 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0636ecefd856/disk-5db8752c.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/cc253e77814b/vmlinux-5db8752c.xz kernel image: https://storage.googleapis.com/syzbot-assets/63071c2b09b4/bzImage-5db8752c.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+97d9596e4ae0572c9825 at syzkaller.appspotmail.com ================================================================== BUG: KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll read-write to 0xffff88812def3390 of 8 bytes by interrupt on cpu 1: update_rx_stats drivers/net/wireguard/receive.c:23 [inline] wg_packet_consume_data_done drivers/net/wireguard/receive.c:412 [inline] wg_packet_rx_poll+0xbd3/0xf00 drivers/net/wireguard/receive.c:474 __napi_poll+0x60/0x3b0 net/core/dev.c:6536 napi_poll net/core/dev.c:6605 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6738 __do_softirq+0xc4/0x279 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 read-write to 0xffff88812def3390 of 8 bytes by task 8602 on cpu 0: update_rx_stats drivers/net/wireguard/receive.c:23 [inline] wg_receive_handshake_packet drivers/net/wireguard/receive.c:198 [inline] wg_packet_handshake_receive_worker+0x4b9/0x5e0 drivers/net/wireguard/receive.c:213 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 value changed: 0x000000000000079c -> 0x00000000000007ec Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 8602 Comm: kworker/0:0 Tainted: G W 6.7.0-syzkaller-00119-g5db8752c3b81 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: wg-kex-wg1 wg_packet_handshake_receive_worker ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From syzbot+6d5c91ea71454cf3e972 at syzkaller.appspotmail.com Fri Jan 12 10:11:26 2024 From: syzbot+6d5c91ea71454cf3e972 at syzkaller.appspotmail.com (syzbot) Date: Fri, 12 Jan 2024 02:11:26 -0800 Subject: [syzbot] [wireguard?] KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets (6) Message-ID: <0000000000000ee656060ebce37a@google.com> Hello, syzbot found the following issue on: HEAD commit: ab27740f7665 Merge tag 'linux_kselftest-next-6.8-rc1' of g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1526c96de80000 kernel config: https://syzkaller.appspot.com/x/.config?x=6d534f78e1db6532 dashboard link: https://syzkaller.appspot.com/bug?extid=6d5c91ea71454cf3e972 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/a20a48bc4578/disk-ab27740f.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/118b632bca22/vmlinux-ab27740f.xz kernel image: https://storage.googleapis.com/syzbot-assets/b053e27eb223/bzImage-ab27740f.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6d5c91ea71454cf3e972 at syzkaller.appspotmail.com ================================================================== BUG: KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets write to 0xffff88814cd91280 of 8 bytes by task 3194 on cpu 0: __skb_queue_head_init include/linux/skbuff.h:2162 [inline] skb_queue_splice_init include/linux/skbuff.h:2248 [inline] wg_packet_send_staged_packets+0xe5/0xad0 drivers/net/wireguard/send.c:351 wg_xmit+0x5b8/0x660 drivers/net/wireguard/device.c:218 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3564 __dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0xa66/0xce0 net/ipv6/ip6_output.c:137 ip6_finish_output+0x1a5/0x490 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ndisc_send_skb+0x4a2/0x670 net/ipv6/ndisc.c:509 ndisc_send_rs+0x3ab/0x3e0 net/ipv6/ndisc.c:719 addrconf_dad_completed+0x640/0x8e0 net/ipv6/addrconf.c:4295 addrconf_dad_work+0x891/0xbc0 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 read to 0xffff88814cd91280 of 8 bytes by task 3202 on cpu 1: skb_queue_empty include/linux/skbuff.h:1798 [inline] wg_packet_send_keepalive+0x20/0x100 drivers/net/wireguard/send.c:225 wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline] wg_packet_handshake_receive_worker+0x445/0x5e0 drivers/net/wireguard/receive.c:213 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 kthread+0x1d7/0x210 kernel/kthread.c:388 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 value changed: 0xffff888148fef200 -> 0xffff88814cd91280 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 3202 Comm: kworker/1:8 Not tainted 6.7.0-syzkaller-01727-gab27740f7665 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From n.zhandarovich at fintech.ru Tue Jan 16 12:59:11 2024 From: n.zhandarovich at fintech.ru (Nikita Zhandarovich) Date: Tue, 16 Jan 2024 04:59:11 -0800 Subject: [PATCH net v2] wireguard: receive: annotate data-race around receiving_counter.counter Message-ID: <20240116125911.6176-1-n.zhandarovich@fintech.ru> Syzkaller with KCSAN identified a data-race issue [1] when accessing keypair->receiving_counter.counter. This patch uses READ_ONCE() and WRITE_ONCE() annotations to fix the problem. [1] BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0: counter_validate drivers/net/wireguard/receive.c:321 [inline] wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461 __napi_poll+0x60/0x3b0 net/core/dev.c:6536 napi_poll net/core/dev.c:6605 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6738 __do_softirq+0xc4/0x279 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499 process_one_work kernel/workqueue.c:2633 [inline] ... read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1: decrypt_packet drivers/net/wireguard/receive.c:252 [inline] wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 ... Fixes: a9e90d9931f3 ("wireguard: noise: separate receive counter from send counter") Reported-by: syzbot+d1de830e4ecdaac83d89 at syzkaller.appspotmail.com Signed-off-by: Nikita Zhandarovich --- v2: add missing annotation in wg_packet_rx_poll() per Eric Duzamet's helpful suggestion. drivers/net/wireguard/receive.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c index a176653c8861..db01ec03bda0 100644 --- a/drivers/net/wireguard/receive.c +++ b/drivers/net/wireguard/receive.c @@ -251,7 +251,7 @@ static bool decrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair) if (unlikely(!READ_ONCE(keypair->receiving.is_valid) || wg_birthdate_has_expired(keypair->receiving.birthdate, REJECT_AFTER_TIME) || - keypair->receiving_counter.counter >= REJECT_AFTER_MESSAGES)) { + READ_ONCE(keypair->receiving_counter.counter) >= REJECT_AFTER_MESSAGES)) { WRITE_ONCE(keypair->receiving.is_valid, false); return false; } @@ -318,7 +318,7 @@ static bool counter_validate(struct noise_replay_counter *counter, u64 their_cou for (i = 1; i <= top; ++i) counter->backtrack[(i + index_current) & ((COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1)] = 0; - counter->counter = their_counter; + WRITE_ONCE(counter->counter, their_counter); } index &= (COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1; @@ -463,7 +463,7 @@ int wg_packet_rx_poll(struct napi_struct *napi, int budget) net_dbg_ratelimited("%s: Packet has invalid nonce %llu (max %llu)\n", peer->device->dev->name, PACKET_CB(skb)->nonce, - keypair->receiving_counter.counter); + READ_ONCE(keypair->receiving_counter.counter)); goto next; } From syzbot+list3b7ff8aa9cee9123dcec at syzkaller.appspotmail.com Wed Jan 17 22:20:23 2024 From: syzbot+list3b7ff8aa9cee9123dcec at syzkaller.appspotmail.com (syzbot) Date: Wed, 17 Jan 2024 14:20:23 -0800 Subject: [syzbot] Monthly wireguard report (Jan 2024) Message-ID: <00000000000034f719060f2ba746@google.com> Hello wireguard maintainers/developers, This is a 31-day syzbot report for the wireguard subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/wireguard During the period, 2 new issues were detected and 0 were fixed. In total, 4 issues are still open and 15 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 841 No KCSAN: data-race in wg_packet_send_staged_packets / wg_packet_send_staged_packets (3) https://syzkaller.appspot.com/bug?extid=6ba34f16b98fe40daef1 <2> 1 No KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll (7) https://syzkaller.appspot.com/bug?extid=97d9596e4ae0572c9825 <3> 1 No KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets (6) https://syzkaller.appspot.com/bug?extid=6d5c91ea71454cf3e972 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.