syzbot

 sign-in | mailing list | source | docs
🐞 Open [1584]
Subsystems
🐞 Fixed [6380]
🐞 Invalid [16231]
Missing Backports [194]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __bpf_lru_node_move / bpf_lru_push_free (2)

Status: moderation: reported on 2025/07/04 14:54
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+64f9e87c9b1e0427e03b@syzkaller.appspotmail.com
First crash: 5d23h, last: 1d14h
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __bpf_lru_node_move / bpf_lru_push_free bpf 6 1 1884d 1884d 0/29 closed as invalid on 2020/06/18 14:24

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __bpf_lru_node_move / bpf_lru_push_free

write to 0xffff88811902a022 of 1 bytes by task 13968 on cpu 0:
 __bpf_lru_node_move+0xdc/0x1f0 kernel/bpf/bpf_lru_list.c:116
 __bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:-1 [inline]
 __bpf_lru_list_rotate+0xb4/0x270 kernel/bpf/bpf_lru_list.c:245
 bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:334 [inline]
 bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:452 [inline]
 bpf_lru_pop_free+0x4ce/0xcd0 kernel/bpf/bpf_lru_list.c:504
 prealloc_lru_pop kernel/bpf/hashtab.c:303 [inline]
 htab_lru_map_update_elem+0xc5/0x6f0 kernel/bpf/hashtab.c:1216
 bpf_map_update_value+0x354/0x3a0 kernel/bpf/syscall.c:290
 generic_map_update_batch+0x3f5/0x540 kernel/bpf/syscall.c:1982
 bpf_map_do_batch+0x258/0x380 kernel/bpf/syscall.c:5344
 __sys_bpf+0x2e0/0x790 kernel/bpf/syscall.c:-1
 __do_sys_bpf kernel/bpf/syscall.c:5943 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5941 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:5941
 x64_sys_call+0x2478/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88811902a022 of 1 bytes by task 13962 on cpu 1:
 bpf_lru_list_push_free kernel/bpf/bpf_lru_list.c:315 [inline]
 bpf_common_lru_push_free kernel/bpf/bpf_lru_list.c:538 [inline]
 bpf_lru_push_free+0x578/0x590 kernel/bpf/bpf_lru_list.c:561
 htab_lru_push_free kernel/bpf/hashtab.c:1183 [inline]
 htab_lru_map_update_elem+0x59e/0x6f0 kernel/bpf/hashtab.c:1248
 bpf_map_update_value+0x354/0x3a0 kernel/bpf/syscall.c:290
 generic_map_update_batch+0x3f5/0x540 kernel/bpf/syscall.c:1982
 bpf_map_do_batch+0x258/0x380 kernel/bpf/syscall.c:5344
 __sys_bpf+0x2e0/0x790 kernel/bpf/syscall.c:-1
 __do_sys_bpf kernel/bpf/syscall.c:5943 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5941 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:5941
 x64_sys_call+0x2478/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 13962 Comm: syz.7.2748 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/08 23:10 upstream d006330be3f7 4d9fdfa4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_node_move / bpf_lru_push_free
2025/07/04 14:53 upstream 4c06e63b9203 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_node_move / bpf_lru_push_free
* Struck through repros no longer work on HEAD.