syzbot

 sign-in | mailing list | source | docs
🐞 Open [1471]
Subsystems
🐞 Fixed [6848]
🐞 Invalid [17769]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in br_fdb_update / br_fdb_update (8)

Status: upstream: reported on 2026/01/07 11:03
Subsystems: bridge
[Documentation on labels]
Reported-by: syzbot+bfab43087ad57222ce96@syzkaller.appspotmail.com
Fix commit: net: bridge: annotate data-races around fdb->{updated,used}
Patched on: [ci-upstream-net-this-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 476d, last: 6d06h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH v3 net] net: bridge: annotate data-races around fdb->{updated,used} 3 (3) 2026/01/10 01:40
[syzbot] [bridge?] KCSAN: data-race in br_fdb_update / br_fdb_update (8) 1 (2) 2026/01/07 11:05
Similar bugs (7)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (5) bridge 6 2 1199d 1204d 0/29 auto-obsoleted due to no activity on 2022/11/05 14:29
upstream KCSAN: data-race in br_fdb_update / br_fdb_update bridge 6 1 2069d 2069d 0/29 auto-closed as invalid on 2020/06/18 13:53
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (4) bridge 6 3 1302d 1303d 0/29 auto-closed as invalid on 2022/07/25 17:10
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (2) bridge 6 1 1952d 1952d 0/29 auto-closed as invalid on 2020/10/13 10:41
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (7) bridge 6 1 572d 572d 0/29 auto-obsoleted due to no activity on 2024/07/25 03:33
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (3) bridge 6 2 1497d 1522d 0/29 auto-closed as invalid on 2022/01/11 04:42
upstream KCSAN: data-race in br_fdb_update / br_fdb_update (6) bridge 6 1 1161d 1161d 0/29 auto-obsoleted due to no activity on 2022/12/13 11:36

Sample crash report:
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
==================================================================
BUG: KCSAN: data-race in br_fdb_update / br_fdb_update

read to 0xffff88811a0655c0 of 8 bytes by interrupt on cpu 1:
 br_fdb_update+0x106/0x460 net/bridge/br_fdb.c:1005
 br_handle_frame_finish+0x340/0xfc0 net/bridge/br_input.c:144
 br_nf_hook_thresh+0x1eb/0x220 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x4d1/0x570 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x1fa/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x4f0/0x9e0 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5df/0x1920 net/core/dev.c:6026
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 __alloc_skb+0x476/0x4b0 net/core/skbuff.c:674
 alloc_skb include/linux/skbuff.h:1383 [inline]
 wg_socket_send_buffer_to_peer+0x35/0x120 drivers/net/wireguard/socket.c:192
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
 wg_packet_handshake_send_worker+0x10d/0x160 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

write to 0xffff88811a0655c0 of 8 bytes by interrupt on cpu 0:
 br_fdb_update+0x13e/0x460 net/bridge/br_fdb.c:1006
 br_handle_frame_finish+0x340/0xfc0 net/bridge/br_input.c:144
 br_nf_hook_thresh+0x1eb/0x220 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x4d1/0x570 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x1fa/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x4f0/0x9e0 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x5df/0x1920 net/core/dev.c:6026
 __netif_receive_skb_one_core net/core/dev.c:6137 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6252
 process_backlog+0x228/0x420 net/core/dev.c:6604
 __napi_poll+0x5f/0x300 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x425/0x8c0 net/core/dev.c:7883
 handle_softirqs+0xba/0x290 kernel/softirq.c:622
 do_softirq+0x45/0x60 kernel/softirq.c:523
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline]
 kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:480
 blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42
 blake2s_update+0xa3/0x160 lib/crypto/blake2s.c:119
 hmac+0x141/0x270 drivers/net/wireguard/noise.c:324
 kdf+0x10b/0x1d0 drivers/net/wireguard/noise.c:375
 mix_dh drivers/net/wireguard/noise.c:413 [inline]
 wg_noise_handshake_create_initiation+0x1ac/0x520 drivers/net/wireguard/noise.c:550
 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline]
 wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x0000000100026abc -> 0x0000000100026abd

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 8678 Comm: kworker/u8:42 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
==================================================================
net_ratelimit: 6540 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:6e:14:75:db:9d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:6e:14:75:db:9d, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
net_ratelimit: 7050 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:6e:14:75:db:9d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:96:6e:14:75:db:9d, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)

Crashes (44):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/06 21:12 upstream f0b9d8eb98df d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/12/31 12:34 upstream c8ebd433459b d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/12/10 07:44 upstream c9b47175e913 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/12/08 02:28 upstream ba65a4e7120a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/11/07 11:00 upstream 4a0c9b339199 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/11/01 16:09 upstream ba36dd5ee6fd 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/10/03 19:30 upstream 9b0d551bcc05 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/09/22 06:01 upstream 2d5bd41a4505 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/09/04 05:54 upstream b9a10f876409 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/09/04 05:53 upstream b9a10f876409 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/08/17 12:17 upstream 99bade344cfa 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/06/24 19:48 upstream 78f4e737a53e 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/05/25 21:22 upstream 0f8c0258bf04 2d4582d0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/04/13 15:47 upstream 5aaaedb0cb54 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/03/10 14:24 upstream 80e54e84911a 16256247 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/03/10 01:54 upstream 1110ce6a1e34 163f510d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/03/05 07:59 upstream 48a5eed9ad58 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/02/26 07:27 upstream ac9c34d1e45a d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/02/25 04:21 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/02/08 09:44 upstream 7ee983c850b4 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/02/07 10:58 upstream bb066fe812d6 53657d1b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/01/21 13:36 upstream 95ec54a420b8 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2025/01/18 06:29 upstream 595523945be0 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/12/23 09:43 upstream 4bbf9020becb b4fbdbd4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/12/06 11:22 upstream b8f52214c61a 946d28f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/11/20 23:37 upstream 8f7c8b88bda4 4fca1650 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/11/18 00:53 upstream adc218676eef cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/11/12 12:22 upstream 2d5404caa8c7 75bb1b32 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/11/10 12:13 upstream de2f378f2b77 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/11/05 16:53 upstream 2e1b3cc9d7f7 da38b4c9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/31 00:35 upstream 4236f913808c 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/31 00:12 upstream 4236f913808c fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/30 18:09 upstream c1e939a21eb1 fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/25 22:16 upstream ae90f6a6170d 045e728d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/24 22:17 upstream 4e46774408d9 c79b8ca5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/19 23:33 upstream f9e4825524aa cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/19 02:44 upstream b04ae0f45168 cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/15 08:57 upstream eca631b8fe80 eddfb4c9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/13 14:08 upstream 36c254515dc6 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/06 23:33 upstream 8f602276d390 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/10/02 00:38 upstream e32cde8d2bd7 ea2b66a6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/09/30 01:58 upstream e7ed34365879 ba29ff75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/09/23 08:03 upstream de5cb0dcb74c 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
2024/09/23 08:03 upstream de5cb0dcb74c 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in br_fdb_update / br_fdb_update
* Struck through repros no longer work on HEAD.