On Wed, May 29, 2019 at 4:58 PM Herbert Xu [off-list ref] wrote:

Hi Dmitry:

On Thu, Feb 21, 2019 at 11:54:42AM +0100, Dmitry Vyukov wrote:

quoted

Taking into account that this still happened only once, I tend to
write it off onto a previous silent memory corruption (we have dozens
of known bugs that corrupt memory). So if several people already
looked at it and don't see the root cause, it's probably time to stop
spending time on this until we have more info.

Although, there was also this one:
https://groups.google.com/d/msg/syzkaller-bugs/QfCCSxdB1aM/y2cn9IZJCwAJ
I have not checked if it can be the root cause of this report, but it
points suspiciously close to this stack and when I looked at it, it
the report looked legit.

Have you had any more reports of this kind coming from br_multicast?

It looks like

ommit 1515a63fc413f160d20574ab0894e7f1020c7be2
Author: Nikolay Aleksandrov [off-list ref]
Date:   Wed Apr 3 23:27:24 2019 +0300

    net: bridge: always clear mcast matching struct on reports and leaves

may have at least fixed the uninitialised value error.

The most up-to-date info is always available here:

quoted

dashboard link: https://syzkaller.appspot.com/bug?extid=bc5ab0af2dbf3b0ae897

It says no new crashes happened besides the original one.

We now have the following choices:

1. Invalidate with "#syz invalid"
2. Mark as tentatively fixed by that commit (could it fix it?) with
"#syz fix: net: bridge: always clear mcast matching struct on reports
and leaves"
3. Do nothing, then syzbot will auto-close it soon (bugs without
reproducers that did not happen in the past 180 days)