syzbot

 sign-in | mailing list | source | docs
🐞 Open [1411]
Subsystems
🐞 Fixed [6987]
🐞 Invalid [18212]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in fib_table_lookup / fib_table_lookup (4)

Status: upstream: reported on 2026/01/27 04:27
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+d24f940f770afda885cf@syzkaller.appspotmail.com
Fix commit: 6e84fc395e90 ipv4: fib: Annotate access to struct fib_alias.fa_state.
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64 ci-upstream-gce-arm64]
First crash: 46d, last: 46d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
0225e205-8d5a-40ae-9013-9cbb901db54e repro KCSAN: data-race in fib_table_lookup / fib_table_lookup (4) 2026/03/09 23:16 2026/03/09 23:16 2026/03/09 23:46 6972f30219093b03bcc1a54487e12a7097245c01
cf630462-36cb-4c04-8a37-262ade83c62f assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in fib_table_lookup / fib_table_lookup (4) 2026/01/27 09:55 2026/01/27 09:55 2026/01/27 10:05 b3ce4d18c7b05999fd01cb28e254ebf79ba8ec2f
Discussions (4)
Title Replies (including bot) Last reply
[PATCH 6.19 314/844] ipv4: fib: Annotate access to struct fib_alias.fa_state. 1 (1) 2026/02/28 17:23
[PATCH AUTOSEL 6.19-5.10] ipv4: fib: Annotate access to struct fib_alias.fa_state. 1 (1) 2026/02/14 21:23
[PATCH v1 net-next] ipv4: fib: Annotate access to struct fib_alias.fa_state. 3 (3) 2026/01/29 03:50
[syzbot] [net?] KCSAN: data-race in fib_table_lookup / fib_table_lookup (4) 0 (1) 2026/01/27 04:27
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in fib_table_lookup / fib_table_lookup net 6 1 696d 696d 0/29 auto-obsoleted due to no activity on 2024/05/21 11:44
upstream KCSAN: data-race in fib_table_lookup / fib_table_lookup (3) net 6 1 368d 368d 0/29 auto-obsoleted due to no activity on 2025/05/06 06:58
upstream KCSAN: data-race in fib_table_lookup / fib_table_lookup (2) net 6 1 619d 619d 0/29 auto-obsoleted due to no activity on 2024/08/07 11:31

Sample crash report:
==================================================================
BUG: KCSAN: data-race in fib_table_lookup / fib_table_lookup

write to 0xffff88811b06a7fa of 1 bytes by task 4167 on cpu 0:
 fib_alias_accessed net/ipv4/fib_lookup.h:32 [inline]
 fib_table_lookup+0x361/0xd60 net/ipv4/fib_trie.c:1565
 fib_lookup include/net/ip_fib.h:390 [inline]
 ip_route_output_key_hash_rcu+0x378/0x1380 net/ipv4/route.c:2814
 ip_route_output_key_hash net/ipv4/route.c:2705 [inline]
 __ip_route_output_key include/net/route.h:169 [inline]
 ip_route_output_flow+0x65/0x110 net/ipv4/route.c:2932
 udp_sendmsg+0x13c3/0x15d0 net/ipv4/udp.c:1450
 inet_sendmsg+0xac/0xd0 net/ipv4/af_inet.c:859
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0x53a/0x600 net/socket.c:2592
 ___sys_sendmsg+0x195/0x1e0 net/socket.c:2646
 __sys_sendmmsg+0x185/0x320 net/socket.c:2735
 __do_sys_sendmmsg net/socket.c:2762 [inline]
 __se_sys_sendmmsg net/socket.c:2759 [inline]
 __x64_sys_sendmmsg+0x57/0x70 net/socket.c:2759
 x64_sys_call+0x1e28/0x3000 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811b06a7fa of 1 bytes by task 4168 on cpu 1:
 fib_alias_accessed net/ipv4/fib_lookup.h:31 [inline]
 fib_table_lookup+0x338/0xd60 net/ipv4/fib_trie.c:1565
 fib_lookup include/net/ip_fib.h:390 [inline]
 ip_route_output_key_hash_rcu+0x378/0x1380 net/ipv4/route.c:2814
 ip_route_output_key_hash net/ipv4/route.c:2705 [inline]
 __ip_route_output_key include/net/route.h:169 [inline]
 ip_route_output_flow+0x65/0x110 net/ipv4/route.c:2932
 udp_sendmsg+0x13c3/0x15d0 net/ipv4/udp.c:1450
 inet_sendmsg+0xac/0xd0 net/ipv4/af_inet.c:859
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0x53a/0x600 net/socket.c:2592
 ___sys_sendmsg+0x195/0x1e0 net/socket.c:2646
 __sys_sendmmsg+0x185/0x320 net/socket.c:2735
 __do_sys_sendmmsg net/socket.c:2762 [inline]
 __se_sys_sendmmsg net/socket.c:2759 [inline]
 __x64_sys_sendmmsg+0x57/0x70 net/socket.c:2759
 x64_sys_call+0x1e28/0x3000 arch/x86/include/generated/asm/syscalls_64.h:308
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc0/0x2a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 4168 Comm: syz.4.206 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/27 01:56 upstream fcb70a56f4d8 efb3e894 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in fib_table_lookup / fib_table_lookup
* Struck through repros no longer work on HEAD.