[syzbot] [wireguard?] KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets (6)

[syzbot <syzbot+6d5c91ea71454cf3e972@syzkaller.appspotmail.com>]

Hello,

syzbot found the following issue on:

HEAD commit:    ab27740f7665 Merge tag 'linux_kselftest-next-6.8-rc1' of g..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1526c96de80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6d534f78e1db6532
dashboard link: https://syzkaller.appspot.com/bug?extid=6d5c91ea71454cf3e972
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a20a48bc4578/disk-ab27740f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/118b632bca22/vmlinux-ab27740f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b053e27eb223/bzImage-ab27740f.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6d5c91ea71454cf3e972@syzkaller.appspotmail.com

==================================================================
BUG: KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets

write to 0xffff88814cd91280 of 8 bytes by task 3194 on cpu 0:
 __skb_queue_head_init include/linux/skbuff.h:2162 [inline]
 skb_queue_splice_init include/linux/skbuff.h:2248 [inline]
 wg_packet_send_staged_packets+0xe5/0xad0 drivers/net/wireguard/send.c:351
 wg_xmit+0x5b8/0x660 drivers/net/wireguard/device.c:218
 __netdev_start_xmit include/linux/netdevice.h:4940 [inline]
 netdev_start_xmit include/linux/netdevice.h:4954 [inline]
 xmit_one net/core/dev.c:3548 [inline]
 dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3564
 __dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4349
 dev_queue_xmit include/linux/netdevice.h:3134 [inline]
 neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1592
 neigh_output include/net/neighbour.h:542 [inline]
 ip6_finish_output2+0xa66/0xce0 net/ipv6/ip6_output.c:137
 ip6_finish_output+0x1a5/0x490 net/ipv6/ip6_output.c:222
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243
 dst_output include/net/dst.h:451 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ndisc_send_skb+0x4a2/0x670 net/ipv6/ndisc.c:509
 ndisc_send_rs+0x3ab/0x3e0 net/ipv6/ndisc.c:719
 addrconf_dad_completed+0x640/0x8e0 net/ipv6/addrconf.c:4295
 addrconf_dad_work+0x891/0xbc0
 process_one_work kernel/workqueue.c:2633 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
 worker_thread+0x525/0x730 kernel/workqueue.c:2787
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

read to 0xffff88814cd91280 of 8 bytes by task 3202 on cpu 1:
 skb_queue_empty include/linux/skbuff.h:1798 [inline]
 wg_packet_send_keepalive+0x20/0x100 drivers/net/wireguard/send.c:225
 wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
 wg_packet_handshake_receive_worker+0x445/0x5e0 drivers/net/wireguard/receive.c:213
 process_one_work kernel/workqueue.c:2633 [inline]
 process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
 worker_thread+0x525/0x730 kernel/workqueue.c:2787
 kthread+0x1d7/0x210 kernel/kthread.c:388
 ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

value changed: 0xffff888148fef200 -> 0xffff88814cd91280

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 3202 Comm: kworker/1:8 Not tainted 6.7.0-syzkaller-01727-gab27740f7665 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker
==================================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup