syzbot

 sign-in | mailing list | source | docs
🐞 Open [1499]
Subsystems
🐞 Fixed [6527]
🐞 Invalid [16620]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in br_fdb_update / br_fdb_update (7)

Status: auto-obsoleted due to no activity on 2024/07/25 03:33
Subsystems: bridge
[Documentation on labels]
First crash: 429d, last: 429d
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (5) bridge 6 2 1057d 1062d 0/29 auto-obsoleted due to no activity on 2022/11/05 14:29
upstream KCSAN: data-race in br_fdb_update / br_fdb_update bridge 6 1 1927d 1927d 0/29 auto-closed as invalid on 2020/06/18 13:53
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (4) bridge 6 3 1160d 1161d 0/29 auto-closed as invalid on 2022/07/25 17:10
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (2) bridge 6 1 1810d 1810d 0/29 auto-closed as invalid on 2020/10/13 10:41
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (3) bridge 6 2 1355d 1380d 0/29 auto-closed as invalid on 2022/01/11 04:42
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (6) bridge 6 1 1019d 1019d 0/29 auto-obsoleted due to no activity on 2022/12/13 11:36

Sample crash report:
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
==================================================================
BUG: KCSAN: data-race in br_fdb_update / br_fdb_update

read to 0xffff888117c420c0 of 8 bytes by interrupt on cpu 0:
 br_fdb_update+0x10e/0x480 net/bridge/br_fdb.c:910
 br_handle_frame_finish+0x32a/0xe70 net/bridge/br_input.c:141
 br_nf_hook_thresh+0x1e5/0x220
 br_nf_pre_routing_finish_ipv6+0x573/0x5a0
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x1f0/0x2a0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x515/0xbb0 net/bridge/br_netfilter_hooks.c:528
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x4d9/0x990 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xa71/0x20b0 net/core/dev.c:5519
 __netif_receive_skb_one_core net/core/dev.c:5623 [inline]
 __netif_receive_skb+0x5a/0x280 net/core/dev.c:5739
 process_backlog+0x21d/0x3c0 net/core/dev.c:6068
 __napi_poll+0x63/0x3c0 net/core/dev.c:6722
 napi_poll net/core/dev.c:6791 [inline]
 net_rx_action+0x324/0x740 net/core/dev.c:6907
 handle_softirqs+0xc3/0x280 kernel/softirq.c:554
 do_softirq+0x5e/0x90 kernel/softirq.c:455
 __local_bh_enable_ip+0x6e/0x70 kernel/softirq.c:382
 __raw_write_unlock_bh include/linux/rwlock_api_smp.h:281 [inline]
 _raw_write_unlock_bh+0x1f/0x30 kernel/locking/spinlock.c:366
 neigh_periodic_work+0x55a/0x600 net/core/neighbour.c:1019
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3312
 worker_thread+0x526/0x730 kernel/workqueue.c:3393
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

write to 0xffff888117c420c0 of 8 bytes by interrupt on cpu 1:
 br_fdb_update+0x142/0x480 net/bridge/br_fdb.c:911
 br_handle_frame_finish+0x32a/0xe70 net/bridge/br_input.c:141
 br_nf_hook_thresh+0x1e5/0x220
 br_nf_pre_routing_finish_ipv6+0x573/0x5a0
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x1f0/0x2a0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x515/0xbb0 net/bridge/br_netfilter_hooks.c:528
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x4d9/0x990 net/bridge/br_input.c:424
 __netif_receive_skb_core+0xa71/0x20b0 net/core/dev.c:5519
 __netif_receive_skb_one_core net/core/dev.c:5623 [inline]
 __netif_receive_skb+0x5a/0x280 net/core/dev.c:5739
 process_backlog+0x21d/0x3c0 net/core/dev.c:6068
 __napi_poll+0x63/0x3c0 net/core/dev.c:6722
 napi_poll net/core/dev.c:6791 [inline]
 net_rx_action+0x324/0x740 net/core/dev.c:6907
 handle_softirqs+0xc3/0x280 kernel/softirq.c:554
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:928
 smpboot_thread_fn+0x31c/0x4c0 kernel/smpboot.c:164
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

value changed: 0x000000010000ccaa -> 0x000000010000ccab

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 23 Comm: ksoftirqd/1 Tainted: G        W          6.10.0-rc4-syzkaller-00052-ge5b3efbe1ab1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================
net_ratelimit: 48259 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:a6:7d:04:26:5e:62, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/20 03:25 upstream e5b3efbe1ab1 41b7e219 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
* Struck through repros no longer work on HEAD.