syzbot

 sign-in | mailing list | source | docs
🐞 Open [1026] 🐞 Fixed [3926] 🐞 Invalid [8524] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (2)

Status: closed as invalid on 2020/06/18 14:13
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 816d, last: 816d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (3) 1 757d 757d 0/23 auto-closed as invalid on 2020/08/24 16:27
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (4) 2 686d 707d 0/23 auto-closed as invalid on 2020/11/03 11:23
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb 1 982d 982d 0/23 auto-closed as invalid on 2020/02/16 12:36
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (5) 1 594d 594d 0/23 auto-closed as invalid on 2021/02/03 21:38

Sample crash report:
==================================================================
BUG: KCSAN: data-race in hsr_forward_skb / hsr_forward_skb

write to 0xffff88809e770110 of 8 bytes by task 32241 on cpu 1:
 hsr_forward_skb+0x995/0x1140 net/hsr/hsr_forward.c:366
 hsr_dev_xmit+0x5e/0x90 net/hsr/hsr_device.c:223
 __netdev_start_xmit include/linux/netdevice.h:4533 [inline]
 netdev_start_xmit include/linux/netdevice.h:4547 [inline]
 xmit_one net/core/dev.c:3477 [inline]
 dev_hard_start_xmit+0xeb/0x420 net/core/dev.c:3493
 __dev_queue_xmit+0x11f7/0x1810 net/core/dev.c:4052
 dev_queue_xmit+0x1e/0x30 net/core/dev.c:4085
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x4bb/0x710 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x19a/0x1f0 net/core/filter.c:2112
 0xffffffffa004edf4
 bpf_dispatcher_nop_func include/linux/bpf.h:545 [inline]
 bpf_test_run+0x250/0x560 net/bpf/test_run.c:49
 bpf_prog_test_run_skb+0x668/0xad0 net/bpf/test_run.c:438
 bpf_prog_test_run kernel/bpf/syscall.c:2771 [inline]
 __do_sys_bpf+0x1c4d/0x3100 kernel/bpf/syscall.c:3721
 __se_sys_bpf kernel/bpf/syscall.c:3661 [inline]
 __x64_sys_bpf+0x47/0x60 kernel/bpf/syscall.c:3661
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88809e770110 of 8 bytes by task 32226 on cpu 0:
 hsr_forward_skb+0x982/0x1140 net/hsr/hsr_forward.c:366
 hsr_dev_xmit+0x5e/0x90 net/hsr/hsr_device.c:223
 __netdev_start_xmit include/linux/netdevice.h:4533 [inline]
 netdev_start_xmit include/linux/netdevice.h:4547 [inline]
 xmit_one net/core/dev.c:3477 [inline]
 dev_hard_start_xmit+0xeb/0x420 net/core/dev.c:3493
 __dev_queue_xmit+0x11f7/0x1810 net/core/dev.c:4052
 dev_queue_xmit+0x1e/0x30 net/core/dev.c:4085
 __bpf_tx_skb net/core/filter.c:2061 [inline]
 __bpf_redirect_common net/core/filter.c:2100 [inline]
 __bpf_redirect+0x4bb/0x710 net/core/filter.c:2107
 ____bpf_clone_redirect net/core/filter.c:2140 [inline]
 bpf_clone_redirect+0x19a/0x1f0 net/core/filter.c:2112
 bpf_prog_15224e9516814752+0x5c/0x1a8
 bpf_dispatcher_nop_func include/linux/bpf.h:545 [inline]
 bpf_test_run+0x250/0x560 net/bpf/test_run.c:49
 bpf_prog_test_run_skb+0x668/0xad0 net/bpf/test_run.c:438
 bpf_prog_test_run kernel/bpf/syscall.c:2771 [inline]
 __do_sys_bpf+0x1c4d/0x3100 kernel/bpf/syscall.c:3721
 __se_sys_bpf kernel/bpf/syscall.c:3661 [inline]
 __x64_sys_bpf+0x47/0x60 kernel/bpf/syscall.c:3661
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 32226 Comm: syz-executor.2 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2020/05/22 03:12 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 4afdfa20 .config log report