syzbot

 sign-in | mailing list | source | docs
🐞 Open [1443]
Subsystems
🐞 Fixed [6945]
🐞 Invalid [18096]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (7)

Status: moderation: reported on 2026/02/18 04:23
Subsystems: batman
[Documentation on labels]
Reported-by: syzbot+193de096ca5a5a5bdb09@syzkaller.appspotmail.com
First crash: 33d, last: 33d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
ccd49462-8f7b-4011-a01b-89bd6f110cc2 assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (7) 2026/02/25 01:12 2026/02/25 01:12 2026/02/25 01:23 305c0ec5cd886e2d13738e28e1b2df9b0ec20fc9
fb744d94-1102-48b9-aa2f-9c75fd3d3e93 assessment-kcsan 🏃 KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (7) 2026/01/25 07:41 2026/01/25 07:41 6dc4179c52dcf953184c0afeb014ccdc89f64484
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add batman 6 18 2222d 2302d 0/29 auto-closed as invalid on 2020/04/06 03:45
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (5) batman 6 2 335d 342d 0/29 auto-obsoleted due to no activity on 2025/05/23 22:11
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (3) batman 6 1 685d 685d 0/29 auto-obsoleted due to no activity on 2024/05/17 04:58
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (4) batman 6 2 538d 558d 0/29 auto-obsoleted due to no activity on 2024/10/11 08:22
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (6) batman 6 1 220d 220d 0/29 auto-obsoleted due to no activity on 2025/09/15 10:36
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (2) batman 6 1 1486d 1486d 0/29 auto-closed as invalid on 2022/03/08 09:06

Sample crash report:
==================================================================
BUG: KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add

write to 0xffff8881047891c0 of 8 bytes by interrupt on cpu 1:
 batadv_tt_local_add+0x16e/0x1050 net/batman-adv/translation-table.c:619
 batadv_interface_tx+0x42b/0xae0 net/batman-adv/mesh-interface.c:236
 __netdev_start_xmit include/linux/netdevice.h:5273 [inline]
 netdev_start_xmit include/linux/netdevice.h:5282 [inline]
 xmit_one net/core/dev.c:3866 [inline]
 dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
 __dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 br_dev_queue_push_xmit+0x42d/0x4e0 net/bridge/br_forward.c:53
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_forward_finish+0x89/0x190 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6ff/0x780 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_arp net/bridge/br_netfilter_hooks.c:752 [inline]
 br_nf_forward+0xae3/0xec0 net/bridge/br_netfilter_hooks.c:775
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x282/0x360 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0x1b8/0x280 net/bridge/br_forward.c:191
 br_flood+0x21f/0x460 net/bridge/br_forward.c:238
 br_handle_frame_finish+0xd96/0xfc0 net/bridge/br_input.c:229
 nf_hook_bridge_pre net/bridge/br_input.c:313 [inline]
 br_handle_frame+0x5f5/0xa30 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039
 __netif_receive_skb_one_core net/core/dev.c:6150 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6265
 process_backlog+0x228/0x420 net/core/dev.c:6617
 __napi_poll+0x5f/0x300 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 __batadv_dat_purge net/batman-adv/distributed-arp-table.c:185 [inline]
 batadv_dat_purge+0x1e3/0x270 net/batman-adv/distributed-arp-table.c:204
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x581/0x770 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

write to 0xffff8881047891c0 of 8 bytes by interrupt on cpu 0:
 batadv_tt_local_add+0x16e/0x1050 net/batman-adv/translation-table.c:619
 batadv_interface_tx+0x42b/0xae0 net/batman-adv/mesh-interface.c:236
 __netdev_start_xmit include/linux/netdevice.h:5273 [inline]
 netdev_start_xmit include/linux/netdevice.h:5282 [inline]
 xmit_one net/core/dev.c:3866 [inline]
 dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3882
 __dev_queue_xmit+0xdb1/0x1f20 net/core/dev.c:4832
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 br_dev_queue_push_xmit+0x42d/0x4e0 net/bridge/br_forward.c:53
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_forward_finish+0x89/0x190 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6ff/0x780 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_arp net/bridge/br_netfilter_hooks.c:752 [inline]
 br_nf_forward+0xae3/0xec0 net/bridge/br_netfilter_hooks.c:775
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x78/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x282/0x360 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0x1b8/0x280 net/bridge/br_forward.c:191
 br_flood+0x21f/0x460 net/bridge/br_forward.c:238
 br_handle_frame_finish+0xd96/0xfc0 net/bridge/br_input.c:229
 nf_hook_bridge_pre net/bridge/br_input.c:313 [inline]
 br_handle_frame+0x5f5/0xa30 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039
 __netif_receive_skb_one_core net/core/dev.c:6150 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6265
 process_backlog+0x228/0x420 net/core/dev.c:6617
 __napi_poll+0x5f/0x300 net/core/dev.c:7681
 napi_poll net/core/dev.c:7744 [inline]
 net_rx_action+0x452/0x930 net/core/dev.c:7896
 handle_softirqs+0xb9/0x280 kernel/softirq.c:622
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:1063
 smpboot_thread_fn+0x32a/0x510 kernel/smpboot.c:160
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x00000000ffffbe11 -> 0x00000000ffffbe12

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 24713 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/24 17:59 upstream 62085877ae65 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add
* Struck through repros no longer work on HEAD.