syzbot

 sign-in | mailing list | source | docs
🐞 Open [1433]
Subsystems
🐞 Fixed [6917]
🐞 Invalid [17995]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (9)

Status: moderation: reported on 2026/02/06 13:20
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+80806cf7508e92c7cc86@syzkaller.appspotmail.com
First crash: 5d15h, last: 5d15h
Discussions (1)
Title Replies (including bot) Last reply
[PATCH] tty: n_tty: fix KCSAN data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl 1 (1) 2026/02/11 21:08
Similar bugs (8)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl serial 6 1 1241d 1241d 0/29 auto-obsoleted due to no activity on 2022/10/24 16:46
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (8) serial 6 1 146d 146d 0/29 auto-obsoleted due to no activity on 2025/11/13 20:33
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (5) serial 6 11 544d 703d 0/29 auto-obsoleted due to no activity on 2024/09/20 19:47
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (4) serial 6 1 782d 782d 0/29 auto-obsoleted due to no activity on 2024/01/26 04:56
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (2) serial 6 14 1016d 1192d 0/29 auto-obsoleted due to no activity on 2023/06/06 13:18
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (7) serial 6 2 210d 215d 0/29 auto-obsoleted due to no activity on 2025/09/10 16:46
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (3) serial 6 6 907d 971d 0/29 auto-obsoleted due to no activity on 2023/09/23 08:11
upstream KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl (6) serial 6 13 285d 457d 0/29 auto-obsoleted due to no activity on 2025/06/27 12:49

Sample crash report:
==================================================================
BUG: KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl

read-write to 0xffffc9000729b270 of 8 bytes by task 5323 on cpu 0:
 n_tty_lookahead_flow_ctrl+0x51/0x300 drivers/tty/n_tty.c:1483
 tty_port_default_lookahead_buf+0x91/0xc0 drivers/tty/tty_port.c:59
 lookahead_bufs drivers/tty/tty_buffer.c:428 [inline]
 flush_to_ldisc+0x288/0x340 drivers/tty/tty_buffer.c:498
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4cd/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x6bc/0x8b0 kernel/workqueue.c:3421
 kthread+0x488/0x510 kernel/kthread.c:463
 ret_from_fork+0x148/0x280 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

write to 0xffffc9000729b270 of 8 bytes by task 11199 on cpu 1:
 reset_buffer_flags drivers/tty/n_tty.c:322 [inline]
 n_tty_flush_buffer+0xa8/0x1d0 drivers/tty/n_tty.c:350
 tty_ldisc_hangup+0x77/0x480 drivers/tty/tty_ldisc.c:699
 __tty_hangup+0x3c2/0x540 drivers/tty/tty_io.c:621
 tty_vhangup+0x17/0x20 drivers/tty/tty_io.c:691
 pty_close+0x2c5/0x2f0 drivers/tty/pty.c:77
 tty_release+0x1ff/0xb10 drivers/tty/tty_io.c:1745
 __fput+0x29b/0x650 fs/file_table.c:468
 ____fput+0x1c/0x30 fs/file_table.c:496
 task_work_run+0x130/0x1a0 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x466/0x1590 kernel/exit.c:971
 do_group_exit+0xfe/0x140 kernel/exit.c:1112
 get_signal+0xe4f/0xf60 kernel/signal.c:3034
 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x1d3/0x2a0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000801 -> 0x0000000000001001

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 11199 Comm: syz.2.1559 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/06 13:19 upstream b7ff7151e653 97745f52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in n_tty_flush_buffer / n_tty_lookahead_flow_ctrl
* Struck through repros no longer work on HEAD.