syzbot

 sign-in | mailing list | source | docs
🐞 Open [1438]
Subsystems
🐞 Fixed [6894]
🐞 Invalid [17920]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (5)

Status: auto-obsoleted due to no activity on 2025/11/19 20:12
Subsystems: batman
[Documentation on labels]
First crash: 128d, last: 128d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (3) batman 6 2 454d 487d 0/29 auto-obsoleted due to no activity on 2024/12/28 07:27
upstream KCSAN: data-race in batadv_bla_tx / batadv_bla_tx batman 6 1 1490d 1474d 0/29 auto-closed as invalid on 2022/02/05 10:48
upstream KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (2) batman 6 1 1417d 1399d 0/29 auto-closed as invalid on 2022/04/19 23:52
upstream KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (4) batman 6 2 321d 334d 0/29 auto-obsoleted due to no activity on 2025/05/10 03:09

Sample crash report:
==================================================================
BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx

write to 0xffff88811a225720 of 8 bytes by interrupt on cpu 0:
 batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
 batadv_bla_tx+0x7a6/0xc30 net/batman-adv/bridge_loop_avoidance.c:2105
 batadv_interface_tx+0x35c/0xb30 net/batman-adv/mesh-interface.c:227
 __netdev_start_xmit include/linux/netdevice.h:5222 [inline]
 netdev_start_xmit include/linux/netdevice.h:5231 [inline]
 xmit_one net/core/dev.c:3839 [inline]
 dev_hard_start_xmit+0x122/0x3e0 net/core/dev.c:3855
 __dev_queue_xmit+0x10f9/0x2000 net/core/dev.c:4725
 dev_queue_xmit include/linux/netdevice.h:3361 [inline]
 br_dev_queue_push_xmit+0x42d/0x4e0 net/bridge/br_forward.c:53
 br_nf_dev_queue_xmit+0x412/0xc50 net/bridge/br_netfilter_hooks.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_post_routing+0x887/0x950 net/bridge/br_netfilter_hooks.c:966
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 br_forward_finish+0x116/0x160 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6c1/0x740 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_ip+0x5c1/0x5e0 net/bridge/br_netfilter_hooks.c:716
 br_nf_forward+0x5a2/0xe90 net/bridge/br_netfilter_hooks.c:773
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x275/0x350 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0x1ae/0x250 net/bridge/br_forward.c:190
 br_flood+0x21f/0x460 net/bridge/br_forward.c:237
 br_handle_frame_finish+0xdd3/0xf50 net/bridge/br_input.c:221
 br_nf_hook_thresh+0x1eb/0x220 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x4c6/0x570 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x1fa/0x2b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x52b/0xbd0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:283 [inline]
 br_handle_frame+0x4f7/0x9e0 net/bridge/br_input.c:434
 __netif_receive_skb_core+0xad3/0x23b0 net/core/dev.c:5878
 __netif_receive_skb_one_core net/core/dev.c:5989 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6104
 process_backlog+0x229/0x420 net/core/dev.c:6456
 __napi_poll+0x63/0x310 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7696
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 do_softirq+0x5d/0x90 kernel/softirq.c:480
 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:407
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline]
 nsim_dev_trap_report_work+0x52b/0x630 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x11f/0x1b0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

write to 0xffff88811a225720 of 8 bytes by interrupt on cpu 1:
 batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
 batadv_bla_tx+0x7a6/0xc30 net/batman-adv/bridge_loop_avoidance.c:2105
 batadv_interface_tx+0x35c/0xb30 net/batman-adv/mesh-interface.c:227
 __netdev_start_xmit include/linux/netdevice.h:5222 [inline]
 netdev_start_xmit include/linux/netdevice.h:5231 [inline]
 xmit_one net/core/dev.c:3839 [inline]
 dev_hard_start_xmit+0x122/0x3e0 net/core/dev.c:3855
 __dev_queue_xmit+0x10f9/0x2000 net/core/dev.c:4725
 dev_queue_xmit include/linux/netdevice.h:3361 [inline]
 br_dev_queue_push_xmit+0x42d/0x4e0 net/bridge/br_forward.c:53
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_forward_finish+0x89/0x160 net/bridge/br_forward.c:66
 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline]
 br_nf_forward_finish+0x6c1/0x740 net/bridge/br_netfilter_hooks.c:662
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_forward_arp net/bridge/br_netfilter_hooks.c:752 [inline]
 br_nf_forward+0xae3/0xe90 net/bridge/br_netfilter_hooks.c:775
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0x75/0x180 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x275/0x350 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0x1ae/0x250 net/bridge/br_forward.c:190
 br_flood+0x21f/0x460 net/bridge/br_forward.c:237
 br_handle_frame_finish+0xdd3/0xf50 net/bridge/br_input.c:221
 nf_hook_bridge_pre net/bridge/br_input.c:305 [inline]
 br_handle_frame+0x5d1/0x9e0 net/bridge/br_input.c:434
 __netif_receive_skb_core+0xad3/0x23b0 net/core/dev.c:5878
 __netif_receive_skb_one_core net/core/dev.c:5989 [inline]
 __netif_receive_skb+0x59/0x270 net/core/dev.c:6104
 process_backlog+0x229/0x420 net/core/dev.c:6456
 __napi_poll+0x63/0x310 net/core/dev.c:7506
 napi_poll net/core/dev.c:7569 [inline]
 net_rx_action+0x391/0x830 net/core/dev.c:7696
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 clear_page_erms+0xd/0x20 arch/x86/lib/clear_page_64.S:52
 clear_page arch/x86/include/asm/page_64.h:54 [inline]
 clear_highpage_kasan_tagged include/linux/highmem.h:248 [inline]
 kernel_init_pages mm/page_alloc.c:1228 [inline]
 post_alloc_hook mm/page_alloc.c:1849 [inline]
 prep_new_page mm/page_alloc.c:1859 [inline]
 alloc_pages_bulk_noprof+0x310/0x540 mm/page_alloc.c:5084
 alloc_pages_bulk_mempolicy_noprof+0x2e3/0xb00 mm/mempolicy.c:2724
 vm_area_alloc_pages mm/vmalloc.c:3616 [inline]
 __vmalloc_area_node mm/vmalloc.c:3720 [inline]
 __vmalloc_node_range_noprof+0x52b/0xe00 mm/vmalloc.c:3893
 __vmalloc_node_noprof mm/vmalloc.c:3956 [inline]
 __vmalloc_noprof+0x83/0xc0 mm/vmalloc.c:3970
 pcpu_mem_zalloc mm/percpu.c:512 [inline]
 pcpu_alloc_chunk mm/percpu.c:1456 [inline]
 pcpu_create_chunk+0x278/0x680 mm/percpu-vm.c:338
 pcpu_alloc_noprof+0x6b6/0x1250 mm/percpu.c:1838
 bpf_map_alloc_percpu+0xb3/0x200 kernel/bpf/syscall.c:558
 prealloc_init+0x19f/0x490 kernel/bpf/hashtab.c:336
 htab_map_alloc+0x4ba/0x6d0 kernel/bpf/hashtab.c:561
 map_create+0x843/0xca0 kernel/bpf/syscall.c:1480
 __sys_bpf+0x545/0x7b0 kernel/bpf/syscall.c:6011
 __do_sys_bpf kernel/bpf/syscall.c:6139 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6137 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6137
 x64_sys_call+0x2aea/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffda7b -> 0x00000000ffffda7c

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 15503 Comm:  Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/24 20:11 upstream 4ea5af085908 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in batadv_bla_tx / batadv_bla_tx
* Struck through repros no longer work on HEAD.