syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1366]
Subsystems
🐞 Fixed [7042]
🐞 Invalid [18446]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (3)

Status: auto-obsoleted due to no activity on 2024/05/17 04:58
Subsystems: batman
[Documentation on labels]
First crash: 727d, last: 727d
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add batman 6 18 2264d 2344d 0/29 auto-closed as invalid on 2020/04/06 03:45
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (5) batman 6 2 376d 384d 0/29 auto-obsoleted due to no activity on 2025/05/23 22:11
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (4) batman 6 2 580d 600d 0/29 auto-obsoleted due to no activity on 2024/10/11 08:22
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (6) batman 6 1 262d 262d 0/29 auto-obsoleted due to no activity on 2025/09/15 10:36
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (7) batman 6 1 75d 50d 0/29 auto-obsoleted due to no activity on 2026/03/21 18:00
upstream KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add (2) batman 6 1 1528d 1528d 0/29 auto-closed as invalid on 2022/03/08 09:06

Sample crash report:
==================================================================
BUG: KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add

write to 0xffff888115918f40 of 8 bytes by task 34 on cpu 1:
 batadv_tt_local_add+0x162/0x1010 net/batman-adv/translation-table.c:665
 batadv_interface_tx+0x3e8/0xaf0 net/batman-adv/soft-interface.c:249
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x119/0x3f0 net/core/dev.c:3547
 __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 neigh_resolve_output+0x3e3/0x450 net/core/neighbour.c:1563
 neigh_output include/net/neighbour.h:542 [inline]
 ip6_finish_output2+0xa73/0xd10 net/ipv6/ip6_output.c:137
 ip6_finish_output+0x438/0x540 net/ipv6/ip6_output.c:222
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243
 dst_output include/net/dst.h:450 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 mld_sendpack+0x41f/0x6d0 net/ipv6/mcast.c:1818
 mld_send_cr net/ipv6/mcast.c:2119 [inline]
 mld_ifc_work+0x517/0x7e0 net/ipv6/mcast.c:2650
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335
 worker_thread+0x526/0x730 kernel/workqueue.c:3416
 kthread+0x1d1/0x210 kernel/kthread.c:388
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

write to 0xffff888115918f40 of 8 bytes by task 3201 on cpu 0:
 batadv_tt_local_add+0x162/0x1010 net/batman-adv/translation-table.c:665
 batadv_interface_tx+0x3e8/0xaf0 net/batman-adv/soft-interface.c:249
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x119/0x3f0 net/core/dev.c:3547
 __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 neigh_resolve_output+0x3e3/0x450 net/core/neighbour.c:1563
 neigh_output include/net/neighbour.h:542 [inline]
 ip6_finish_output2+0xa73/0xd10 net/ipv6/ip6_output.c:137
 ip6_finish_output+0x438/0x540 net/ipv6/ip6_output.c:222
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243
 dst_output include/net/dst.h:450 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ndisc_send_skb+0x4a0/0x6b0 net/ipv6/ndisc.c:509
 ndisc_send_ns+0x79/0xe0 net/ipv6/ndisc.c:667
 addrconf_dad_work+0x6f1/0xbd0 net/ipv6/addrconf.c:4280
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335
 worker_thread+0x526/0x730 kernel/workqueue.c:3416
 kthread+0x1d1/0x210 kernel/kthread.c:388
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

value changed: 0x00000000ffffb36c -> 0x00000000ffffb370

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 3201 Comm: kworker/u8:7 Not tainted 6.9.0-rc3-syzkaller-00208-g586b5dfb51b9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: ipv6_addrconf addrconf_dad_work
==================================================================
nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x16

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/12 04:58 upstream 586b5dfb51b9 27de0a5c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add
* Struck through repros no longer work on HEAD.