syzbot

 sign-in | mailing list | source | docs
🐞 Open [1493]
Subsystems
🐞 Fixed [6678]
🐞 Invalid [17119]
Missing Backports [214]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in batadv_bla_purge_backbone_gw / batadv_bla_tx

Status: auto-obsoleted due to no activity on 2025/09/04 20:12
Subsystems: batman
[Documentation on labels]
First crash: 106d, last: 106d

Sample crash report:
==================================================================
BUG: KCSAN: data-race in batadv_bla_purge_backbone_gw / batadv_bla_tx

write to 0xffff88811d442a20 of 8 bytes by interrupt on cpu 1:
 batadv_bla_update_own_backbone_gw net/batman-adv/bridge_loop_avoidance.c:577 [inline]
 batadv_bla_tx+0x7a6/0xc30 net/batman-adv/bridge_loop_avoidance.c:2105
 batadv_interface_tx+0x35c/0xb30 net/batman-adv/mesh-interface.c:227
 __netdev_start_xmit include/linux/netdevice.h:5215 [inline]
 netdev_start_xmit include/linux/netdevice.h:5224 [inline]
 xmit_one net/core/dev.c:3830 [inline]
 dev_hard_start_xmit+0x125/0x3e0 net/core/dev.c:3846
 __dev_queue_xmit+0x10b9/0x1fb0 net/core/dev.c:4713
 dev_queue_xmit include/linux/netdevice.h:3355 [inline]
 neigh_hh_output include/net/neighbour.h:523 [inline]
 neigh_output include/net/neighbour.h:537 [inline]
 ip6_finish_output2+0xa3c/0xd30 net/ipv6/ip6_output.c:141
 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline]
 ip6_finish_output+0x3a2/0x530 net/ipv6/ip6_output.c:226
 NF_HOOK_COND include/linux/netfilter.h:306 [inline]
 ip6_output+0xfd/0x240 net/ipv6/ip6_output.c:247
 dst_output include/net/dst.h:459 [inline]
 NF_HOOK include/linux/netfilter.h:317 [inline]
 ndisc_send_skb+0x4da/0x700 net/ipv6/ndisc.c:513
 ndisc_send_rs+0x2e7/0x360 net/ipv6/ndisc.c:723
 addrconf_rs_timer+0x1e5/0x310 net/ipv6/addrconf.c:4041
 call_timer_fn+0x38/0x2c0 kernel/time/timer.c:1747
 expire_timers kernel/time/timer.c:1798 [inline]
 __run_timers kernel/time/timer.c:2372 [inline]
 __run_timer_base+0x415/0x610 kernel/time/timer.c:2384
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0x31/0x70 kernel/time/timer.c:2403
 handle_softirqs+0xb7/0x290 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0x3a/0xc0 kernel/softirq.c:680
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
 pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:81
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:749
 default_idle_call+0x3d/0x70 kernel/sched/idle.c:117
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0xcb/0x240 kernel/sched/idle.c:325
 cpu_startup_entry+0x25/0x30 kernel/sched/idle.c:423
 start_secondary+0x95/0xa0 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x13e/0x147

read to 0xffff88811d442a20 of 8 bytes by task 37 on cpu 0:
 batadv_bla_purge_backbone_gw+0x129/0x2d0 net/batman-adv/bridge_loop_avoidance.c:1241
 batadv_bla_periodic_work+0x103/0x580 net/batman-adv/bridge_loop_avoidance.c:1445
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3321
 worker_thread+0x582/0x770 kernel/workqueue.c:3402
 kthread+0x489/0x510 kernel/kthread.c:464
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0x00000000ffffbb82 -> 0x00000000ffffbf80

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 37 Comm: kworker/u8:2 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: bat_events batadv_bla_periodic_work
==================================================================
netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
bridge_slave_1: left allmulticast mode
bridge_slave_1: left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
bridge_slave_0: left allmulticast mode
bridge_slave_0: left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): Released all slaves
hsr_slave_0: left promiscuous mode
hsr_slave_1: left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/10 20:01 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in batadv_bla_purge_backbone_gw / batadv_bla_tx
* Struck through repros no longer work on HEAD.