syzbot

 sign-in | mailing list | source | docs
🐞 Open [989] Subsystems 🐞 Fixed [5238] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in br_fdb_update / br_fdb_update (6)

Status: auto-obsoleted due to no activity on 2022/12/13 11:36
Subsystems: bridge
[Documentation on labels]
First crash: 534d, last: 534d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (5) bridge 2 572d 578d 0/26 auto-obsoleted due to no activity on 2022/11/05 14:29
upstream KCSAN: data-race in br_fdb_update / br_fdb_update bridge 1 1443d 1443d 0/26 auto-closed as invalid on 2020/06/18 13:53
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (4) bridge 3 675d 676d 0/26 auto-closed as invalid on 2022/07/25 17:10
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (2) bridge 1 1325d 1325d 0/26 auto-closed as invalid on 2020/10/13 10:41
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (3) bridge 2 871d 896d 0/26 auto-closed as invalid on 2022/01/11 04:42

Sample crash report:
==================================================================
BUG: KCSAN: data-race in br_fdb_update / br_fdb_update

read to 0xffff88813e4830c0 of 8 bytes by interrupt on cpu 1:
 br_fdb_update+0x110/0x3e0 net/bridge/br_fdb.c:866
 br_handle_frame_finish+0x2d3/0xbc0 net/bridge/br_input.c:121
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x54e/0x7d0 net/bridge/br_input.c:399
 __netif_receive_skb_core+0xa4e/0x1ce0 net/core/dev.c:5383
 __netif_receive_skb_one_core net/core/dev.c:5487 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5603
 process_backlog+0x23f/0x3b0 net/core/dev.c:5931
 __napi_poll+0x65/0x390 net/core/dev.c:6498
 napi_poll net/core/dev.c:6565 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6676
 __do_softirq+0xf2/0x2c7 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

write to 0xffff88813e4830c0 of 8 bytes by interrupt on cpu 0:
 br_fdb_update+0x145/0x3e0 net/bridge/br_fdb.c:867
 br_handle_frame_finish+0x2d3/0xbc0 net/bridge/br_input.c:121
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x54e/0x7d0 net/bridge/br_input.c:399
 __netif_receive_skb_core+0xa4e/0x1ce0 net/core/dev.c:5383
 __netif_receive_skb_one_core net/core/dev.c:5487 [inline]
 __netif_receive_skb+0x52/0x1b0 net/core/dev.c:5603
 process_backlog+0x23f/0x3b0 net/core/dev.c:5931
 __napi_poll+0x65/0x390 net/core/dev.c:6498
 napi_poll net/core/dev.c:6565 [inline]
 net_rx_action+0x37e/0x730 net/core/dev.c:6676
 __do_softirq+0xf2/0x2c7 kernel/softirq.c:571
 run_ksoftirqd+0x1f/0x30 kernel/softirq.c:934
 smpboot_thread_fn+0x308/0x4a0 kernel/smpboot.c:164
 kthread+0x1a9/0x1e0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

value changed: 0x00000001000149e8 -> 0x00000001000149e9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 12 Comm: ksoftirqd/0 Not tainted 6.1.0-rc4-syzkaller-00011-g59f2f4b8a757-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
==================================================================
net_ratelimit: 17415 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:32:f3:8b:af:16:8f, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:32:f3:8b:af:16:8f, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:32:f3:8b:af:16:8f, vlan:0)
net_ratelimit: 18092 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:32:f3:8b:af:16:8f, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:32:f3:8b:af:16:8f, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/08 11:35 upstream 59f2f4b8a757 6feb842b .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
* Struck through repros no longer work on HEAD.