syzbot

 sign-in | mailing list | source | docs
🐞 Open [983] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in br_fdb_update / br_fdb_update (5)

Status: auto-obsoleted due to no activity on 2022/11/05 14:29
Subsystems: bridge
[Documentation on labels]
First crash: 577d, last: 571d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in br_fdb_update / br_fdb_update bridge 1 1441d 1441d 0/26 auto-closed as invalid on 2020/06/18 13:53
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (4) bridge 3 674d 675d 0/26 auto-closed as invalid on 2022/07/25 17:10
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (2) bridge 1 1324d 1324d 0/26 auto-closed as invalid on 2020/10/13 10:41
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (3) bridge 2 870d 895d 0/26 auto-closed as invalid on 2022/01/11 04:42
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (6) bridge 1 533d 533d 0/26 auto-obsoleted due to no activity on 2022/12/13 11:36

Sample crash report:
==================================================================
BUG: KCSAN: data-race in br_fdb_update / br_fdb_update

write to 0xffff8881293284c0 of 8 bytes by interrupt on cpu 0:
 br_fdb_update+0x145/0x3e0 net/bridge/br_fdb.c:867
 br_handle_frame_finish+0x2d3/0xbc0 net/bridge/br_input.c:121
 br_nf_hook_thresh+0x1ee/0x220
 br_nf_pre_routing_finish_ipv6+0x4fa/0x510
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:237
 br_nf_pre_routing+0x4c9/0xb20 net/bridge/br_netfilter_hooks.c:507
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:255 [inline]
 br_handle_frame+0x483/0x7d0 net/bridge/br_input.c:399
 __netif_receive_skb_core+0xa4e/0x1cc0 net/core/dev.c:5379
 __netif_receive_skb_one_core net/core/dev.c:5483 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5599
 process_backlog+0x23f/0x3b0 net/core/dev.c:5927
 __napi_poll+0x65/0x390 net/core/dev.c:6511
 napi_poll net/core/dev.c:6578 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6689
 __do_softirq+0x158/0x2e3 kernel/softirq.c:571
 __irq_exit_rcu kernel/softirq.c:650 [inline]
 irq_exit_rcu+0x41/0x70 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
 arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
 acpi_safe_halt drivers/acpi/processor_idle.c:112 [inline]
 acpi_idle_do_entry drivers/acpi/processor_idle.c:572 [inline]
 acpi_idle_enter+0x283/0x340 drivers/acpi/processor_idle.c:709
 cpuidle_enter_state+0x2de/0x960 drivers/cpuidle/cpuidle.c:239
 cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:356
 call_cpuidle kernel/sched/idle.c:155 [inline]
 cpuidle_idle_call kernel/sched/idle.c:236 [inline]
 do_idle+0x1a7/0x250 kernel/sched/idle.c:303
 cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:400
 rest_init+0xe8/0xf0 init/main.c:727
 start_kernel+0x0/0x656 init/main.c:883
 start_kernel+0x5d1/0x656 init/main.c:1138
 secondary_startup_64_no_verify+0xcf/0xdb

read to 0xffff8881293284c0 of 8 bytes by interrupt on cpu 1:
 br_fdb_update+0x110/0x3e0 net/bridge/br_fdb.c:866
 br_handle_frame_finish+0x2d3/0xbc0 net/bridge/br_input.c:121
 br_nf_hook_thresh+0x1ee/0x220
 br_nf_pre_routing_finish_ipv6+0x4fa/0x510
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:237
 br_nf_pre_routing+0x4c9/0xb20 net/bridge/br_netfilter_hooks.c:507
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:255 [inline]
 br_handle_frame+0x483/0x7d0 net/bridge/br_input.c:399
 __netif_receive_skb_core+0xa4e/0x1cc0 net/core/dev.c:5379
 __netif_receive_skb_one_core net/core/dev.c:5483 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5599
 process_backlog+0x23f/0x3b0 net/core/dev.c:5927
 __napi_poll+0x65/0x390 net/core/dev.c:6511
 napi_poll net/core/dev.c:6578 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6689
 __do_softirq+0x158/0x2e3 kernel/softirq.c:571
 __irq_exit_rcu kernel/softirq.c:650 [inline]
 irq_exit_rcu+0x41/0x70 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
 arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
 acpi_safe_halt drivers/acpi/processor_idle.c:112 [inline]
 acpi_idle_do_entry drivers/acpi/processor_idle.c:572 [inline]
 acpi_idle_enter+0x283/0x340 drivers/acpi/processor_idle.c:709
 cpuidle_enter_state+0x2de/0x960 drivers/cpuidle/cpuidle.c:239
 cpuidle_enter+0x3c/0x60 drivers/cpuidle/cpuidle.c:356
 call_cpuidle kernel/sched/idle.c:155 [inline]
 cpuidle_idle_call kernel/sched/idle.c:236 [inline]
 do_idle+0x1a7/0x250 kernel/sched/idle.c:303
 cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:400
 start_secondary+0x78/0x80 arch/x86/kernel/smpboot.c:262
 secondary_startup_64_no_verify+0xcf/0xdb

value changed: 0x000000010002fb60 -> 0x000000010002fd58

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/01 14:18 upstream ffb4d94b4314 feb56351 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2022/09/26 05:20 upstream 5e049663f678 0042f2b4 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
* Struck through repros no longer work on HEAD.