syzbot

 sign-in | mailing list | source | docs
🐞 Open [1028] Subsystems 🐞 Fixed [5278] 🐞 Invalid [12607] Missing Backports [86] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (5)

Status: auto-closed as invalid on 2021/02/03 21:38
Subsystems: net
[Documentation on labels]
First crash: 1226d, last: 1226d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (3) net 1 1389d 1389d 0/26 auto-closed as invalid on 2020/08/24 16:27
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (4) net 2 1318d 1340d 0/26 auto-closed as invalid on 2020/11/03 11:23
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb (2) net 1 1449d 1449d 0/26 closed as invalid on 2020/06/18 14:13
upstream KCSAN: data-race in hsr_forward_skb / hsr_forward_skb net 1 1614d 1614d 0/26 auto-closed as invalid on 2020/02/16 12:36

Sample crash report:
==================================================================
BUG: KCSAN: data-race in hsr_forward_skb / hsr_forward_skb

read-write to 0xffff888139ec9110 of 8 bytes by interrupt on cpu 0:
 hsr_forward_skb+0x965/0xab0 net/hsr/hsr_forward.c:546
 send_hsr_supervision_frame+0x438/0x500 net/hsr/hsr_device.c:338
 hsr_announce+0x55/0xf0 net/hsr/hsr_device.c:404
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1417
 expire_timers+0x116/0x260 kernel/time/timer.c:1462
 __run_timers+0x338/0x3d0 kernel/time/timer.c:1731
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1744
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x32/0x40 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:420
 sysvec_apic_timer_interrupt+0x74/0x90 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628
 __sanitizer_cov_trace_cmp4+0x4/0xa0 kernel/kcov.c:258
 number+0x779/0xb50 lib/vsprintf.c:521
 vsnprintf+0xb35/0xe80 lib/vsprintf.c:2685
 snprintf+0x6f/0x90 lib/vsprintf.c:2752
 tomoyo_print_header security/tomoyo/audit.c:165 [inline]
 tomoyo_init_log+0x3b1/0x10b0 security/tomoyo/audit.c:255
 tomoyo_supervisor+0x249/0xb20 security/tomoyo/common.c:2097
 tomoyo_audit_path_number_log security/tomoyo/file.c:235 [inline]
 tomoyo_path_number_perm+0x227/0x2d0 security/tomoyo/file.c:734
 tomoyo_file_ioctl+0x1c/0x20 security/tomoyo/tomoyo.c:329
 security_file_ioctl+0x45/0x90 security/security.c:1482
 __do_sys_ioctl fs/ioctl.c:747 [inline]
 __se_sys_ioctl+0x48/0x140 fs/ioctl.c:739
 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:739
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read-write to 0xffff888139ec9110 of 8 bytes by interrupt on cpu 1:
 hsr_forward_skb+0x965/0xab0 net/hsr/hsr_forward.c:546
 hsr_dev_xmit+0x56/0x80 net/hsr/hsr_device.c:220
 __netdev_start_xmit include/linux/netdevice.h:4776 [inline]
 netdev_start_xmit include/linux/netdevice.h:4790 [inline]
 xmit_one+0xf9/0x2e0 net/core/dev.c:3574
 dev_hard_start_xmit net/core/dev.c:3590 [inline]
 __dev_queue_xmit+0xecf/0x1500 net/core/dev.c:4151
 dev_queue_xmit+0x13/0x20 net/core/dev.c:4184
 neigh_connected_output+0x264/0x290 net/core/neighbour.c:1520
 neigh_output include/net/neighbour.h:510 [inline]
 ip6_finish_output2+0x984/0xb20 net/ipv6/ip6_output.c:117
 __ip6_finish_output+0x2f1/0x320 net/ipv6/ip6_output.c:143
 ip6_finish_output+0x39/0x160 net/ipv6/ip6_output.c:153
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:176
 dst_output include/net/dst.h:441 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 mld_sendpack+0x370/0x530 net/ipv6/mcast.c:1679
 mld_send_cr net/ipv6/mcast.c:1975 [inline]
 mld_ifc_timer_expire+0x566/0x7f0 net/ipv6/mcast.c:2474
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1417
 expire_timers+0x116/0x260 kernel/time/timer.c:1462
 __run_timers+0x338/0x3d0 kernel/time/timer.c:1731
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1744
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x32/0x40 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:420
 sysvec_apic_timer_interrupt+0x74/0x90 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628
 check_kcov_mode kernel/kcov.c:165 [inline]
 __sanitizer_cov_trace_pc+0x33/0x60 kernel/kcov.c:197
 handle_mounts fs/namei.c:1373 [inline]
 step_into+0x560/0xe80 fs/namei.c:1691
 walk_component+0x190/0x350 fs/namei.c:1867
 link_path_walk+0x471/0x730 fs/namei.c:2182
 path_openat+0x19f/0x20a0 fs/namei.c:3367
 do_filp_open+0xbd/0x1d0 fs/namei.c:3398
 do_sys_openat2+0xa3/0x240 fs/open.c:1172
 do_sys_open fs/open.c:1188 [inline]
 __do_sys_open fs/open.c:1196 [inline]
 __se_sys_open fs/open.c:1192 [inline]
 __x64_sys_open+0xe2/0x110 fs/open.c:1192
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 9778 Comm: modprobe Not tainted 5.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/12/30 21:36 upstream f6e1ea196492 ecb8c012 .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.