syzbot


KCSAN: data-race in bond_start_xmit / bond_start_xmit

Status: closed as invalid on 2020/06/18 14:24
Subsystems: net
[Documentation on labels]
First crash: 1435d, last: 1386d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in bond_start_xmit / bond_start_xmit

write to 0xffff8880b9b0e970 of 4 bytes by task 22829 on cpu 1:
 bond_rr_gen_slave_id drivers/net/bonding/bond_main.c:3993 [inline]
 bond_xmit_roundrobin drivers/net/bonding/bond_main.c:4033 [inline]
 __bond_start_xmit drivers/net/bonding/bond_main.c:4297 [inline]
 bond_start_xmit+0x31a/0xa50 drivers/net/bonding/bond_main.c:4331
 __netdev_start_xmit include/linux/netdevice.h:4533 [inline]
 netdev_start_xmit include/linux/netdevice.h:4547 [inline]
 xmit_one net/core/dev.c:3477 [inline]
 dev_hard_start_xmit+0xeb/0x420 net/core/dev.c:3493
 __dev_queue_xmit+0x11f7/0x1810 net/core/dev.c:4052
 dev_queue_xmit+0x1e/0x30 net/core/dev.c:4085
 neigh_hh_output include/net/neighbour.h:499 [inline]
 neigh_output include/net/neighbour.h:508 [inline]
 ip_finish_output2+0x87d/0xed0 net/ipv4/ip_output.c:228
 __ip_finish_output net/ipv4/ip_output.c:306 [inline]
 __ip_finish_output+0x22f/0x460 net/ipv4/ip_output.c:288
 ip_finish_output+0x3e/0x160 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_mc_output+0x13e/0x620 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:435 [inline]
 ip_local_out+0x70/0x90 net/ipv4/ip_output.c:125
 ip_send_skb+0x32/0xb0 net/ipv4/ip_output.c:1560
 udp_send_skb.isra.0+0x3b8/0x8d0 net/ipv4/udp.c:891
 udp_sendmsg+0x1589/0x1930 net/ipv4/udp.c:1178
 inet_sendmsg+0x69/0x90 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0x98/0xc0 net/socket.c:672
 ____sys_sendmsg+0x207/0x4c0 net/socket.c:2362
 ___sys_sendmsg+0xb5/0x100 net/socket.c:2416
 __sys_sendmmsg+0x10e/0x310 net/socket.c:2506
 __do_sys_sendmmsg net/socket.c:2535 [inline]
 __se_sys_sendmmsg net/socket.c:2532 [inline]
 __x64_sys_sendmmsg+0x60/0x80 net/socket.c:2532
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff8880b9b0e970 of 4 bytes by task 22869 on cpu 0:
 bond_rr_gen_slave_id drivers/net/bonding/bond_main.c:3984 [inline]
 bond_xmit_roundrobin drivers/net/bonding/bond_main.c:4033 [inline]
 __bond_start_xmit drivers/net/bonding/bond_main.c:4297 [inline]
 bond_start_xmit+0x302/0xa50 drivers/net/bonding/bond_main.c:4331
 __netdev_start_xmit include/linux/netdevice.h:4533 [inline]
 netdev_start_xmit include/linux/netdevice.h:4547 [inline]
 xmit_one net/core/dev.c:3477 [inline]
 dev_hard_start_xmit+0xeb/0x420 net/core/dev.c:3493
 __dev_queue_xmit+0x11f7/0x1810 net/core/dev.c:4052
 dev_queue_xmit+0x1e/0x30 net/core/dev.c:4085
 neigh_hh_output include/net/neighbour.h:499 [inline]
 neigh_output include/net/neighbour.h:508 [inline]
 ip_finish_output2+0x87d/0xed0 net/ipv4/ip_output.c:228
 __ip_finish_output net/ipv4/ip_output.c:306 [inline]
 __ip_finish_output+0x22f/0x460 net/ipv4/ip_output.c:288
 ip_finish_output+0x3e/0x160 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_mc_output+0x13e/0x620 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:435 [inline]
 ip_local_out+0x70/0x90 net/ipv4/ip_output.c:125
 ip_send_skb+0x32/0xb0 net/ipv4/ip_output.c:1560
 udp_send_skb.isra.0+0x3b8/0x8d0 net/ipv4/udp.c:891
 udp_sendmsg+0x1589/0x1930 net/ipv4/udp.c:1178
 inet_sendmsg+0x69/0x90 net/ipv4/af_inet.c:807
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0x98/0xc0 net/socket.c:672
 ____sys_sendmsg+0x207/0x4c0 net/socket.c:2362
 ___sys_sendmsg+0xb5/0x100 net/socket.c:2416
 __sys_sendmmsg+0x10e/0x310 net/socket.c:2506
 __do_sys_sendmmsg net/socket.c:2535 [inline]
 __se_sys_sendmmsg net/socket.c:2532 [inline]
 __x64_sys_sendmmsg+0x60/0x80 net/socket.c:2532
 do_syscall_64+0xc7/0x3b0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 22869 Comm: syz-executor.0 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/12 06:33 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 819b58b0 .config console log report ci2-upstream-kcsan-gce
2020/05/02 11:46 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 58da4c35 .config console log report ci2-upstream-kcsan-gce
2020/04/23 17:00 https://github.com/google/ktsan.git kcsan 7c3cd68e5d38 b9233cab .config console log report ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.