syzbot

 sign-in | mailing list | source | docs
🐞 Open [996] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12513] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (6)

Status: auto-closed as invalid on 2022/04/16 22:53
Subsystems: bridge
[Documentation on labels]
First crash: 897d, last: 775d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (4) bridge 3 1250d 1232d 0/26 auto-closed as invalid on 2020/12/27 17:42
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (3) bridge 11 1301d 1386d 0/26 auto-closed as invalid on 2020/11/07 07:33
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (7) bridge 92 273d 712d 0/26 auto-obsoleted due to no activity on 2023/09/01 04:22
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (5) bridge 2 1158d 1190d 0/26 auto-closed as invalid on 2021/03/30 00:44
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (8) bridge 1 222d 221d 25/26 fixed on 2023/12/21 01:43
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish bridge 3 1543d 1623d 0/26 auto-closed as invalid on 2020/04/14 05:00
upstream KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (2) bridge 1 1418d 1418d 0/26 closed as invalid on 2020/06/18 14:13

Sample crash report:
==================================================================
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish

read to 0xffff888134c5e170 of 8 bytes by interrupt on cpu 1:
 br_handle_frame_finish+0xaa0/0xbe0 net/bridge/br_input.c:147
 br_nf_hook_thresh+0x194/0x1d0
 br_nf_pre_routing_finish_ipv6+0x4e6/0x500
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0x4d1/0xb30 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:230 [inline]
 br_handle_frame+0x483/0xbc0 net/bridge/br_input.c:370
 __netif_receive_skb_core+0xa39/0x1e20 net/core/dev.c:5245
 __netif_receive_skb_one_core net/core/dev.c:5349 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5465
 process_backlog+0x23f/0x3e0 net/core/dev.c:5797
 __napi_poll+0x65/0x3f0 net/core/dev.c:6365
 napi_poll net/core/dev.c:6432 [inline]
 net_rx_action+0x29e/0x650 net/core/dev.c:6519
 __do_softirq+0x158/0x2de kernel/softirq.c:558
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1bf/0x1e0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

write to 0xffff888134c5e170 of 8 bytes by interrupt on cpu 0:
 br_handle_frame_finish+0xab2/0xbe0 net/bridge/br_input.c:147
 br_nf_hook_thresh+0x194/0x1d0
 br_nf_pre_routing_finish_ipv6+0x4e6/0x500
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_nf_pre_routing_ipv6+0x1ea/0x280 net/bridge/br_netfilter_ipv6.c:236
 br_nf_pre_routing+0x4d1/0xb30 net/bridge/br_netfilter_hooks.c:505
 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:230 [inline]
 br_handle_frame+0x483/0xbc0 net/bridge/br_input.c:370
 __netif_receive_skb_core+0xa39/0x1e20 net/core/dev.c:5245
 __netif_receive_skb_one_core net/core/dev.c:5349 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5465
 process_backlog+0x23f/0x3e0 net/core/dev.c:5797
 __napi_poll+0x65/0x3f0 net/core/dev.c:6365
 napi_poll net/core/dev.c:6432 [inline]
 net_rx_action+0x29e/0x650 net/core/dev.c:6519
 __do_softirq+0x158/0x2de kernel/softirq.c:558
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:921
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1bf/0x1e0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30

value changed: 0x0000000000021f7e -> 0x0000000000021f7f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 12 Comm: ksoftirqd/0 Not tainted 5.17.0-rc7-syzkaller-00227-g68453767131a-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2a:40:0d:34:ef:2b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2a:40:0d:34:ef:2b, vlan:0)
net_ratelimit: 36804 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2a:40:0d:34:ef:2b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:2a:40:0d:34:ef:2b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/03/12 22:44 upstream 68453767131a 9e8eaa75 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
2022/02/27 03:26 upstream 2293be58d6a1 45a13a73 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
2022/02/06 15:45 upstream 90c9e950c0de a7dab638 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
2022/01/07 19:39 upstream ddec8ed2d490 2ca0d385 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
2021/12/23 03:58 upstream bc491fb12513 6caa12e4 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
2021/12/08 22:14 upstream 2a987e65025e a4a2a501 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
2021/11/11 03:54 upstream 89d714ab6043 75b04091 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
* Struck through repros no longer work on HEAD.