KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (2)
5 views
Skip to first unread message
syzbot
Apr 2, 2022, 9:39:18 AM4/2/22
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 56e337f2cf13 Revert "gpio: Revert regression in sysfs-gpio..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d6a503700000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f2d7d6f883e09d4
dashboard link: https://syzkaller.appspot.com/bug?extid=5d7c08a7c944f5aaadb3
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [a...@unstable.cc b.a.t...@lists.open-mesh.org da...@davemloft.net ku...@kernel.org linux-...@vger.kernel.org marekl...@neomailbox.ch net...@vger.kernel.org sv...@narfation.org s...@simonwunderlich.de]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5d7c08...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx
write to 0xffff888134afc220 of 8 bytes by interrupt on cpu 1:
batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:576 [inline]
batadv_bla_tx+0xe30/0x1300 net/batman-adv/bridge_loop_avoidance.c:2105
batadv_interface_tx+0x292/0xc30 net/batman-adv/soft-interface.c:239
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit_accel+0x19/0x20 net/core/dev.c:4155
macvlan_queue_xmit drivers/net/macvlan.c:543 [inline]
macvlan_start_xmit+0x2b3/0x3d0 drivers/net/macvlan.c:567
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit+0x13/0x20 net/core/dev.c:4149
neigh_hh_output include/net/neighbour.h:533 [inline]
neigh_output include/net/neighbour.h:547 [inline]
ip6_finish_output2+0x9a5/0xbe0 net/ipv6/ip6_output.c:126
__ip6_finish_output net/ipv6/ip6_output.c:191 [inline]
ip6_finish_output+0x446/0x4c0 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:307 [inline]
ndisc_send_skb+0x488/0x610 net/ipv6/ndisc.c:508
ndisc_send_rs+0x3b0/0x3e0 net/ipv6/ndisc.c:702
addrconf_rs_timer+0x363/0x540 net/ipv6/addrconf.c:3915
call_timer_fn+0x2e/0x240 kernel/time/timer.c:1421
expire_timers+0x116/0x240 kernel/time/timer.c:1466
__run_timers+0x368/0x410 kernel/time/timer.c:1734
run_timer_softirq+0x2e/0x60 kernel/time/timer.c:1747
__do_softirq+0x158/0x2de kernel/softirq.c:558
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0x37/0x70 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20
is_atomic kernel/kcsan/core.c:258 [inline]
should_watch kernel/kcsan/core.c:275 [inline]
check_access kernel/kcsan/core.c:741 [inline]
__tsan_read4+0x138/0x180 kernel/kcsan/core.c:1013
crc32_body lib/crc32.c:106 [inline]
crc32_le_generic lib/crc32.c:179 [inline]
__crc32c_le_base+0x99/0x350 lib/crc32.c:202
chksum_update+0x2e/0x50 crypto/crct10dif_generic.c:56
crypto_shash_update+0x13c/0x1a0 crypto/shash.c:131
ext4_chksum fs/ext4/ext4.h:2452 [inline]
ext4_inode_bitmap_csum_set+0xc9/0x190 fs/ext4/bitmap.c:51
__ext4_new_inode+0x17a1/0x24e0 fs/ext4/ialloc.c:1226
ext4_symlink+0x23b/0x5d0 fs/ext4/namei.c:3293
vfs_symlink+0x18a/0x280 fs/namei.c:4299
do_symlinkat+0x104/0x380 fs/namei.c:4328
__do_sys_symlink fs/namei.c:4350 [inline]
__se_sys_symlink fs/namei.c:4348 [inline]
__x64_sys_symlink+0x52/0x60 fs/namei.c:4348
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
write to 0xffff888134afc220 of 8 bytes by interrupt on cpu 0:
batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:576 [inline]
batadv_bla_tx+0xe30/0x1300 net/batman-adv/bridge_loop_avoidance.c:2105
batadv_interface_tx+0x292/0xc30 net/batman-adv/soft-interface.c:239
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit_accel+0x19/0x20 net/core/dev.c:4155
macvlan_queue_xmit drivers/net/macvlan.c:543 [inline]
macvlan_start_xmit+0x2b3/0x3d0 drivers/net/macvlan.c:567
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit+0x13/0x20 net/core/dev.c:4149
neigh_hh_output include/net/neighbour.h:533 [inline]
neigh_output include/net/neighbour.h:547 [inline]
ip6_finish_output2+0x9a5/0xbe0 net/ipv6/ip6_output.c:126
__ip6_finish_output net/ipv6/ip6_output.c:191 [inline]
ip6_finish_output+0x446/0x4c0 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:307 [inline]
ndisc_send_skb+0x488/0x610 net/ipv6/ndisc.c:508
ndisc_send_rs+0x3b0/0x3e0 net/ipv6/ndisc.c:702
addrconf_rs_timer+0x363/0x540 net/ipv6/addrconf.c:3915
call_timer_fn+0x2e/0x240 kernel/time/timer.c:1421
expire_timers+0x116/0x240 kernel/time/timer.c:1466
__run_timers+0x368/0x410 kernel/time/timer.c:1734
run_timer_softirq+0x2e/0x60 kernel/time/timer.c:1747
__do_softirq+0x158/0x2de kernel/softirq.c:558
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0x37/0x70 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20
kcsan_setup_watchpoint+0x43d/0x460 kernel/kcsan/core.c:694
batadv_check_known_mac_addr+0x59/0x190 net/batman-adv/hard-interface.c:511
batadv_hardif_add_interface net/batman-adv/hard-interface.c:882 [inline]
batadv_hard_if_event+0x9b7/0x1010 net/batman-adv/hard-interface.c:946
notifier_call_chain kernel/notifier.c:84 [inline]
raw_notifier_call_chain+0x53/0xb0 kernel/notifier.c:392
call_netdevice_notifiers_info net/core/dev.c:1919 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1931 [inline]
call_netdevice_notifiers net/core/dev.c:1945 [inline]
register_netdevice+0xe0b/0x10b0 net/core/dev.c:9698
br_dev_newlink+0x23/0xe0 net/bridge/br_netlink.c:1443
__rtnl_newlink net/core/rtnetlink.c:3483 [inline]
rtnl_newlink+0xdd6/0x13e0 net/core/rtnetlink.c:3531
rtnetlink_rcv_msg+0x745/0x7e0 net/core/rtnetlink.c:5596
netlink_rcv_skb+0x14e/0x250 net/netlink/af_netlink.c:2494
rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:5614
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x602/0x6d0 net/netlink/af_netlink.c:1343
netlink_sendmsg+0x728/0x850 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg net/socket.c:725 [inline]
____sys_sendmsg+0x39a/0x510 net/socket.c:2413
___sys_sendmsg net/socket.c:2467 [inline]
__sys_sendmsg+0x195/0x230 net/socket.c:2496
__do_sys_sendmsg net/socket.c:2505 [inline]
__se_sys_sendmsg net/socket.c:2503 [inline]
__x64_sys_sendmsg+0x42/0x50 net/socket.c:2503
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00000001000392b4 -> 0x00000001000392c0
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 22524 Comm: syz-executor.1 Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 56e337f2cf13 Revert "gpio: Revert regression in sysfs-gpio..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d6a503700000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f2d7d6f883e09d4
dashboard link: https://syzkaller.appspot.com/bug?extid=5d7c08a7c944f5aaadb3
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [a...@unstable.cc b.a.t...@lists.open-mesh.org da...@davemloft.net ku...@kernel.org linux-...@vger.kernel.org marekl...@neomailbox.ch net...@vger.kernel.org sv...@narfation.org s...@simonwunderlich.de]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5d7c08...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx
write to 0xffff888134afc220 of 8 bytes by interrupt on cpu 1:
batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:576 [inline]
batadv_bla_tx+0xe30/0x1300 net/batman-adv/bridge_loop_avoidance.c:2105
batadv_interface_tx+0x292/0xc30 net/batman-adv/soft-interface.c:239
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit_accel+0x19/0x20 net/core/dev.c:4155
macvlan_queue_xmit drivers/net/macvlan.c:543 [inline]
macvlan_start_xmit+0x2b3/0x3d0 drivers/net/macvlan.c:567
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit+0x13/0x20 net/core/dev.c:4149
neigh_hh_output include/net/neighbour.h:533 [inline]
neigh_output include/net/neighbour.h:547 [inline]
ip6_finish_output2+0x9a5/0xbe0 net/ipv6/ip6_output.c:126
__ip6_finish_output net/ipv6/ip6_output.c:191 [inline]
ip6_finish_output+0x446/0x4c0 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:307 [inline]
ndisc_send_skb+0x488/0x610 net/ipv6/ndisc.c:508
ndisc_send_rs+0x3b0/0x3e0 net/ipv6/ndisc.c:702
addrconf_rs_timer+0x363/0x540 net/ipv6/addrconf.c:3915
call_timer_fn+0x2e/0x240 kernel/time/timer.c:1421
expire_timers+0x116/0x240 kernel/time/timer.c:1466
__run_timers+0x368/0x410 kernel/time/timer.c:1734
run_timer_softirq+0x2e/0x60 kernel/time/timer.c:1747
__do_softirq+0x158/0x2de kernel/softirq.c:558
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0x37/0x70 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20
is_atomic kernel/kcsan/core.c:258 [inline]
should_watch kernel/kcsan/core.c:275 [inline]
check_access kernel/kcsan/core.c:741 [inline]
__tsan_read4+0x138/0x180 kernel/kcsan/core.c:1013
crc32_body lib/crc32.c:106 [inline]
crc32_le_generic lib/crc32.c:179 [inline]
__crc32c_le_base+0x99/0x350 lib/crc32.c:202
chksum_update+0x2e/0x50 crypto/crct10dif_generic.c:56
crypto_shash_update+0x13c/0x1a0 crypto/shash.c:131
ext4_chksum fs/ext4/ext4.h:2452 [inline]
ext4_inode_bitmap_csum_set+0xc9/0x190 fs/ext4/bitmap.c:51
__ext4_new_inode+0x17a1/0x24e0 fs/ext4/ialloc.c:1226
ext4_symlink+0x23b/0x5d0 fs/ext4/namei.c:3293
vfs_symlink+0x18a/0x280 fs/namei.c:4299
do_symlinkat+0x104/0x380 fs/namei.c:4328
__do_sys_symlink fs/namei.c:4350 [inline]
__se_sys_symlink fs/namei.c:4348 [inline]
__x64_sys_symlink+0x52/0x60 fs/namei.c:4348
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
write to 0xffff888134afc220 of 8 bytes by interrupt on cpu 0:
batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:576 [inline]
batadv_bla_tx+0xe30/0x1300 net/batman-adv/bridge_loop_avoidance.c:2105
batadv_interface_tx+0x292/0xc30 net/batman-adv/soft-interface.c:239
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit_accel+0x19/0x20 net/core/dev.c:4155
macvlan_queue_xmit drivers/net/macvlan.c:543 [inline]
macvlan_start_xmit+0x2b3/0x3d0 drivers/net/macvlan.c:567
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one+0x105/0x2f0 net/core/dev.c:3473
dev_hard_start_xmit net/core/dev.c:3489 [inline]
__dev_queue_xmit+0x86d/0xfa0 net/core/dev.c:4116
dev_queue_xmit+0x13/0x20 net/core/dev.c:4149
neigh_hh_output include/net/neighbour.h:533 [inline]
neigh_output include/net/neighbour.h:547 [inline]
ip6_finish_output2+0x9a5/0xbe0 net/ipv6/ip6_output.c:126
__ip6_finish_output net/ipv6/ip6_output.c:191 [inline]
ip6_finish_output+0x446/0x4c0 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip6_output+0x10e/0x210 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:307 [inline]
ndisc_send_skb+0x488/0x610 net/ipv6/ndisc.c:508
ndisc_send_rs+0x3b0/0x3e0 net/ipv6/ndisc.c:702
addrconf_rs_timer+0x363/0x540 net/ipv6/addrconf.c:3915
call_timer_fn+0x2e/0x240 kernel/time/timer.c:1421
expire_timers+0x116/0x240 kernel/time/timer.c:1466
__run_timers+0x368/0x410 kernel/time/timer.c:1734
run_timer_softirq+0x2e/0x60 kernel/time/timer.c:1747
__do_softirq+0x158/0x2de kernel/softirq.c:558
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0x37/0x70 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x8d/0xb0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x12/0x20
kcsan_setup_watchpoint+0x43d/0x460 kernel/kcsan/core.c:694
batadv_check_known_mac_addr+0x59/0x190 net/batman-adv/hard-interface.c:511
batadv_hardif_add_interface net/batman-adv/hard-interface.c:882 [inline]
batadv_hard_if_event+0x9b7/0x1010 net/batman-adv/hard-interface.c:946
notifier_call_chain kernel/notifier.c:84 [inline]
raw_notifier_call_chain+0x53/0xb0 kernel/notifier.c:392
call_netdevice_notifiers_info net/core/dev.c:1919 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1931 [inline]
call_netdevice_notifiers net/core/dev.c:1945 [inline]
register_netdevice+0xe0b/0x10b0 net/core/dev.c:9698
br_dev_newlink+0x23/0xe0 net/bridge/br_netlink.c:1443
__rtnl_newlink net/core/rtnetlink.c:3483 [inline]
rtnl_newlink+0xdd6/0x13e0 net/core/rtnetlink.c:3531
rtnetlink_rcv_msg+0x745/0x7e0 net/core/rtnetlink.c:5596
netlink_rcv_skb+0x14e/0x250 net/netlink/af_netlink.c:2494
rtnetlink_rcv+0x18/0x20 net/core/rtnetlink.c:5614
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x602/0x6d0 net/netlink/af_netlink.c:1343
netlink_sendmsg+0x728/0x850 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg net/socket.c:725 [inline]
____sys_sendmsg+0x39a/0x510 net/socket.c:2413
___sys_sendmsg net/socket.c:2467 [inline]
__sys_sendmsg+0x195/0x230 net/socket.c:2496
__do_sys_sendmsg net/socket.c:2505 [inline]
__se_sys_sendmsg net/socket.c:2503 [inline]
__x64_sys_sendmsg+0x42/0x50 net/socket.c:2503
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00000001000392b4 -> 0x00000001000392c0
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 22524 Comm: syz-executor.1 Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 19, 2022, 7:52:16 PM4/19/22
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages