KCSAN: data-race in batadv_bla_tx / batadv_bla

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
6290c2bb-69c1-4cec-b7f7-57007ae42fd1	repro		❓	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (6)	2026/03/06 02:10	2026/03/06 02:10	2026/03/06 02:13	31e9c887f7dc24e04b3ca70d0d54fc34141844b0
17418469-fff5-40d3-9ee1-b4baf2ab015d	assessment-kcsan	Benign: ✅ Confident: ✅	✅	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (6)	2026/01/25 07:42	2026/01/25 07:46	2026/01/25 07:48	252831309f92afe40cc8f6407200c6b12176b8f4
975534a8-3a2e-4d45-8ab7-70a1eabe8129	assessment-kcsan		💥	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (6)	2026/01/25 07:41	2026/01/25 07:41	2026/01/25 07:41	6dc4179c52dcf953184c0afeb014ccdc89f64484	labels parameter is not supported in Gemini API
42f830d9-1fac-4b55-b917-47dd42d96676	assessment-kcsan		🏃	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (6)	2026/01/25 07:32	2026/01/25 07:32		e1ce1868b1603c2c9b11f2c63dddad78c9668a7f

Kernel	Title	Rank 🛈	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (3) batman	6	2	490d	523d	0/29	auto-obsoleted due to no activity on 2024/12/28 07:27
upstream	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx batman	6	1	1526d	1509d	0/29	auto-closed as invalid on 2022/02/05 10:48
upstream	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (2) batman	6	1	1452d	1435d	0/29	auto-closed as invalid on 2022/04/19 23:52
upstream	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (5) batman	6	1	163d	163d	0/29	auto-obsoleted due to no activity on 2025/11/19 20:12
upstream	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (4) batman	6	2	357d	370d	0/29	auto-obsoleted due to no activity on 2025/05/10 03:09

Kernel

Title

Rank 🛈

upstream

KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (3) batman

490d

523d

0/29

auto-obsoleted due to no activity on 2024/12/28 07:27

upstream

KCSAN: data-race in batadv_bla_tx / batadv_bla_tx batman

1526d

1509d

0/29

auto-closed as invalid on 2022/02/05 10:48

upstream

KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (2) batman

1452d

1435d

0/29

auto-closed as invalid on 2022/04/19 23:52

upstream

KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (5) batman

163d

0/29

auto-obsoleted due to no activity on 2025/11/19 20:12

upstream

KCSAN: data-race in batadv_bla_tx / batadv_bla_tx (4) batman

357d

370d

0/29

auto-obsoleted due to no activity on 2025/05/10 03:09

batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:3f ================================================================== BUG: KCSAN: data-race in batadv_bla_tx / batadv_bla_tx write to 0xffff88811b2a2aa0 of 8 bytes by interrupt on cpu 0: batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline] batadv_bla_tx+0x7f4/0xc80 net/batman-adv/bridge_loop_avoidance.c:2104 batadv_interface_tx+0x349/0xae0 net/batman-adv/mesh-interface.c:227 __netdev_start_xmit include/linux/netdevice.h:5275 [inline] netdev_start_xmit include/linux/netdevice.h:5284 [inline] xmit_one net/core/dev.c:3871 [inline] dev_hard_start_xmit+0x136/0x3f0 net/core/dev.c:3887 __dev_queue_xmit+0xd9a/0x1f20 net/core/dev.c:4840 dev_queue_xmit include/linux/netdevice.h:3384 [inline] br_dev_queue_push_xmit+0x233/0x2a0 net/bridge/br_forward.c:53 NF_HOOK include/linux/netfilter.h:318 [inline] br_forward_finish+0x89/0x190 net/bridge/br_forward.c:66 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline] br_nf_forward_finish+0x6ff/0x780 net/bridge/br_netfilter_hooks.c:662 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_forward_arp net/bridge/br_netfilter_hooks.c:752 [inline] br_nf_forward+0xae3/0xec0 net/bridge/br_netfilter_hooks.c:775 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0x78/0x180 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK include/linux/netfilter.h:316 [inline] __br_forward+0x282/0x360 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver net/bridge/br_forward.c:191 [inline] br_flood+0x451/0x6d0 net/bridge/br_forward.c:238 br_handle_frame_finish+0xd96/0xfc0 net/bridge/br_input.c:229 nf_hook_bridge_pre net/bridge/br_input.c:313 [inline] br_handle_frame+0x452/0xa60 net/bridge/br_input.c:442 __netif_receive_skb_core+0x5b1/0x1980 net/core/dev.c:6054 __netif_receive_skb_one_core net/core/dev.c:6165 [inline] __netif_receive_skb net/core/dev.c:6280 [inline] process_backlog+0x25b/0x670 net/core/dev.c:6631 __napi_poll+0x61/0x330 net/core/dev.c:7695 napi_poll net/core/dev.c:7758 [inline] net_rx_action+0x452/0x930 net/core/dev.c:7910 handle_softirqs+0xb9/0x2a0 kernel/softirq.c:622 do_softirq+0x45/0x60 kernel/softirq.c:523 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:196 [inline] _raw_spin_unlock_bh+0x18/0x20 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:395 [inline] neigh_periodic_work+0x5e9/0x690 net/core/neighbour.c:1038 process_one_work kernel/workqueue.c:3275 [inline] process_scheduled_works+0x4de/0x9e0 kernel/workqueue.c:3358 worker_thread+0x581/0x770 kernel/workqueue.c:3439 kthread+0x22a/0x280 kernel/kthread.c:467 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 write to 0xffff88811b2a2aa0 of 8 bytes by interrupt on cpu 1: batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline] batadv_bla_tx+0x7f4/0xc80 net/batman-adv/bridge_loop_avoidance.c:2104 batadv_interface_tx+0x349/0xae0 net/batman-adv/mesh-interface.c:227 __netdev_start_xmit include/linux/netdevice.h:5275 [inline] netdev_start_xmit include/linux/netdevice.h:5284 [inline] xmit_one net/core/dev.c:3871 [inline] dev_hard_start_xmit+0x136/0x3f0 net/core/dev.c:3887 __dev_queue_xmit+0xd9a/0x1f20 net/core/dev.c:4840 dev_queue_xmit include/linux/netdevice.h:3384 [inline] br_dev_queue_push_xmit+0x233/0x2a0 net/bridge/br_forward.c:53 NF_HOOK include/linux/netfilter.h:318 [inline] br_forward_finish+0x89/0x190 net/bridge/br_forward.c:66 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline] br_nf_forward_finish+0x6ff/0x780 net/bridge/br_netfilter_hooks.c:662 NF_HOOK include/linux/netfilter.h:318 [inline] br_nf_forward_arp net/bridge/br_netfilter_hooks.c:752 [inline] br_nf_forward+0xae3/0xec0 net/bridge/br_netfilter_hooks.c:775 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline] nf_hook_slow+0x78/0x180 net/netfilter/core.c:623 nf_hook include/linux/netfilter.h:273 [inline] NF_HOOK include/linux/netfilter.h:316 [inline] __br_forward+0x282/0x360 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver net/bridge/br_forward.c:191 [inline] br_flood+0x451/0x6d0 net/bridge/br_forward.c:238 br_handle_frame_finish+0xd96/0xfc0 net/bridge/br_input.c:229 nf_hook_bridge_pre net/bridge/br_input.c:313 [inline] br_handle_frame+0x452/0xa60 net/bridge/br_input.c:442 __netif_receive_skb_core+0x5b1/0x1980 net/core/dev.c:6054 __netif_receive_skb_one_core net/core/dev.c:6165 [inline] __netif_receive_skb net/core/dev.c:6280 [inline] process_backlog+0x25b/0x670 net/core/dev.c:6631 __napi_poll+0x61/0x330 net/core/dev.c:7695 napi_poll net/core/dev.c:7758 [inline] net_rx_action+0x452/0x930 net/core/dev.c:7910 handle_softirqs+0xb9/0x2a0 kernel/softirq.c:622 do_softirq+0x45/0x60 kernel/softirq.c:523 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline] kernel_fpu_end+0x6c/0x80 arch/x86/kernel/fpu/core.c:506 blake2s_compress+0x67/0x1740 lib/crypto/x86/blake2s.h:42 blake2s_update+0xa3/0x160 lib/crypto/blake2s.c:119 hmac+0x396/0x400 drivers/net/wireguard/noise.c:332 kdf+0x118/0x1e0 drivers/net/wireguard/noise.c:375 mix_precomputed_dh drivers/net/wireguard/noise.c:426 [inline] wg_noise_handshake_create_initiation+0x372/0x610 drivers/net/wireguard/noise.c:560 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:34 [inline] wg_packet_handshake_send_worker+0xb2/0x160 drivers/net/wireguard/send.c:51 process_one_work kernel/workqueue.c:3275 [inline] process_scheduled_works+0x4de/0x9e0 kernel/workqueue.c:3358 worker_thread+0x581/0x770 kernel/workqueue.c:3439 kthread+0x22a/0x280 kernel/kthread.c:467 ret_from_fork+0x150/0x360 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 value changed: 0x0000000100002e23 -> 0x0000000100002e24 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 3449 Comm: kworker/u8:8 Tainted: G W syzkaller #0 PREEMPT(full) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker ================================================================== net_ratelimit: 92156 callbacks suppressed batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:3f batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:3f batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:3f batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:3f batman_adv: batadv0: Local translation table size (68) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:3f

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/03/04 20:51	upstream	0031c06807cf	e6b6b96b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx
2026/01/24 20:10	upstream	62085877ae65	40acda8a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in batadv_bla_tx / batadv_bla_tx

Crashes (2):

Assets (help?)