syzbot

 sign-in | mailing list | source | docs
🐞 Open [987] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12505] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (3)

Status: auto-closed as invalid on 2020/11/07 07:33
Subsystems: bridge
[Documentation on labels]
First crash: 1385d, last: 1300d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (4) bridge 3 1249d 1231d 0/26 auto-closed as invalid on 2020/12/27 17:42
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (7) bridge 92 272d 711d 0/26 auto-obsoleted due to no activity on 2023/09/01 04:22
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (5) bridge 2 1157d 1189d 0/26 auto-closed as invalid on 2021/03/30 00:44
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (8) bridge 1 221d 220d 25/26 fixed on 2023/12/21 01:43
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish bridge 3 1542d 1622d 0/26 auto-closed as invalid on 2020/04/14 05:00
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (2) bridge 1 1417d 1417d 0/26 closed as invalid on 2020/06/18 14:13
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (6) bridge 7 774d 896d 0/26 auto-closed as invalid on 2022/04/16 22:53

Sample crash report:
bridge0: received packet on vlan3 with own address as source address (addr:aa:aa:aa:aa:aa:39, vlan:0)
bridge0: received packet on vlan3 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
==================================================================
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish

write to 0xffff888092125148 of 8 bytes by interrupt on cpu 1:
 br_handle_frame_finish+0x942/0xa10 net/bridge/br_input.c:146
 br_nf_hook_thresh+0x184/0x1c0 net/bridge/br_netfilter_hooks.c:1021
 br_nf_pre_routing_finish_ipv6+0x4ab/0x4c0 net/bridge/br_netfilter_ipv6.c:187
 NF_HOOK include/linux/netfilter.h:301 [inline]
 br_nf_pre_routing_ipv6+0x1ed/0x280 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0x4d6/0xb40 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:228 [inline]
 br_handle_frame+0x413/0xb10 net/bridge/br_input.c:356
 __netif_receive_skb_core+0xea9/0x1da0 net/core/dev.c:5180
 __netif_receive_skb_one_core net/core/dev.c:5284 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5400
 process_backlog+0x29f/0x4a0 net/core/dev.c:6242
 napi_poll+0x178/0x4f0 net/core/dev.c:6688
 net_rx_action+0x1ba/0x530 net/core/dev.c:6758
 __do_softirq+0x198/0x360 kernel/softirq.c:298
 asm_call_irq_on_stack+0xf/0x20
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x5b/0x70 arch/x86/kernel/irq_64.c:77
 do_softirq+0x86/0xb0 kernel/softirq.c:343
 netif_rx_ni+0x56/0x240 net/core/dev.c:4835
 macvlan_broadcast+0x280/0x3e0 drivers/net/macvlan.c:288
 macvlan_process_broadcast+0x298/0x300 drivers/net/macvlan.c:315
 process_one_work+0x3e1/0x9a0 kernel/workqueue.c:2269
 worker_thread+0x665/0xbe0 kernel/workqueue.c:2415
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

read to 0xffff888092125148 of 8 bytes by interrupt on cpu 0:
 br_handle_frame_finish+0x930/0xa10 net/bridge/br_input.c:146
 br_nf_hook_thresh+0x184/0x1c0 net/bridge/br_netfilter_hooks.c:1021
 br_nf_pre_routing_finish_ipv6+0x4ab/0x4c0 net/bridge/br_netfilter_ipv6.c:187
 NF_HOOK include/linux/netfilter.h:301 [inline]
 br_nf_pre_routing_ipv6+0x1ed/0x280 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0x4d6/0xb40 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:228 [inline]
 br_handle_frame+0x413/0xb10 net/bridge/br_input.c:356
 __netif_receive_skb_core+0xea9/0x1da0 net/core/dev.c:5180
 __netif_receive_skb_one_core net/core/dev.c:5284 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5400
 process_backlog+0x29f/0x4a0 net/core/dev.c:6242
 napi_poll+0x178/0x4f0 net/core/dev.c:6688
 net_rx_action+0x1ba/0x530 net/core/dev.c:6758
 __do_softirq+0x198/0x360 kernel/softirq.c:298
 asm_call_irq_on_stack+0xf/0x20
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x5b/0x70 arch/x86/kernel/irq_64.c:77
 do_softirq+0x86/0xb0 kernel/softirq.c:343
 __local_bh_enable_ip+0x63/0x70 kernel/softirq.c:195
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline]
 _raw_spin_unlock_bh+0x33/0x40 kernel/locking/spinlock.c:207
 spin_unlock_bh include/linux/spinlock.h:399 [inline]
 batadv_nc_purge_paths+0x26f/0x2c0 net/batman-adv/network-coding.c:470
 batadv_nc_worker+0x13f/0xa00 net/batman-adv/network-coding.c:719
 process_one_work+0x3e1/0x9a0 kernel/workqueue.c:2269
 worker_thread+0x665/0xbe0 kernel/workqueue.c:2415
 kthread+0x20d/0x230 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 3402 Comm: kworker/u4:4 Not tainted 5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
==================================================================

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/10/03 07:31 upstream d3d45f8220d6 2653fa43 .config console log report info ci2-upstream-kcsan-gce
2020/09/11 19:19 upstream 581cb3a26baf adfb8b4e .config console log report ci2-upstream-kcsan-gce
2020/09/11 08:20 upstream 581cb3a26baf ac7ca78e .config console log report ci2-upstream-kcsan-gce
2020/09/09 03:16 upstream 6f6a73c8b715 abf9ba4f .config console log report ci2-upstream-kcsan-gce
2020/09/08 09:45 upstream f4d51dffc6c0 abf9ba4f .config console log report ci2-upstream-kcsan-gce
2020/09/07 13:20 upstream a8205e310011 abf9ba4f .config console log report ci2-upstream-kcsan-gce
2020/09/06 15:40 upstream dd9fb9bb3340 abf9ba4f .config console log report ci2-upstream-kcsan-gce
2020/08/28 20:41 upstream 15bc20c6af4c d5a3ae1f .config console log report ci2-upstream-kcsan-gce
2020/07/26 07:04 upstream 04300d66f0a0 1f7cc1ca .config console log report ci2-upstream-kcsan-gce
2020/07/21 02:16 upstream 4fa640dc5230 d88894e6 .config console log report ci2-upstream-kcsan-gce
2020/07/09 20:52 upstream 0bddd227f3dc edf162e8 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.