syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in br_set_state / maybe_deliver

Status: closed as invalid on 2019/11/19 13:54
Subsystems: bridge
[Documentation on labels]
First crash: 1624d, last: 1624d

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
==================================================================
BUG: KCSAN: data-race in br_set_state / maybe_deliver

read to 0xffff88812229be39 of 1 bytes by interrupt on cpu 1:
 should_deliver net/bridge/br_forward.c:28 [inline]
 maybe_deliver+0x113/0x210 net/bridge/br_forward.c:175
 br_flood+0x111/0x330 net/bridge/br_forward.c:223
 br_handle_frame_finish+0x7e3/0xa90 net/bridge/br_input.c:162
 br_nf_hook_thresh+0x1f8/0x210 net/bridge/br_netfilter_hooks.c:1019
 br_nf_pre_routing_finish_ipv6+0x3cb/0x520 net/bridge/br_netfilter_ipv6.c:206
 NF_HOOK include/linux/netfilter.h:305 [inline]
 br_nf_pre_routing_ipv6+0x23a/0x340 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0xaf8/0xd75 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:135 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:223 [inline]
 br_handle_frame+0x432/0x890 net/bridge/br_input.c:348
 __netif_receive_skb_core+0xb8f/0x1a90 net/core/dev.c:4830
 __netif_receive_skb_one_core+0x67/0xe0 net/core/dev.c:4927
 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5043
 process_backlog+0x207/0x4b0 net/core/dev.c:5874
 napi_poll net/core/dev.c:6311 [inline]
 net_rx_action+0x3ae/0xa90 net/core/dev.c:6379
 __do_softirq+0x115/0x33f kernel/softirq.c:292
 run_ksoftirqd+0x46/0x60 kernel/softirq.c:603
 smpboot_thread_fn+0x37d/0x4a0 kernel/smpboot.c:165
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

write to 0xffff88812229be39 of 1 bytes by task 5 on cpu 0:
 br_set_state+0xb0/0xe0 net/bridge/br_stp.c:39
 br_init_port+0x6a/0xe0 net/bridge/br_stp_if.c:39
 br_stp_enable_port+0x1f/0x50 net/bridge/br_stp_if.c:93
 br_port_carrier_check+0x14f/0x250 net/bridge/br_if.c:80
 br_device_event+0x241/0x570 net/bridge/br.c:86
 notifier_call_chain+0xd7/0x160 kernel/notifier.c:95
 __raw_notifier_call_chain kernel/notifier.c:396 [inline]
 raw_notifier_call_chain+0x37/0x50 kernel/notifier.c:403
 call_netdevice_notifiers_info+0x48/0xc0 net/core/dev.c:1668
 netdev_state_change net/core/dev.c:1271 [inline]
 netdev_state_change+0xb2/0xd0 net/core/dev.c:1264
 linkwatch_do_dev+0xd8/0xf0 net/core/link_watch.c:159
 __linkwatch_run_queue+0x1a9/0x510 net/core/link_watch.c:204
 linkwatch_event+0x54/0x70 net/core/link_watch.c:243
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events linkwatch_event
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/07 13:31 https://github.com/google/ktsan.git kcsan 94c006602e13 d797d201 .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.