syzbot

 sign-in | mailing list | source | docs
🐞 Open [1387]
Subsystems
🐞 Fixed [7018]
🐞 Invalid [18316]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free (3)

Status: moderation: reported on 2026/02/02 07:55
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+a9df912d90719592f2fd@syzkaller.appspotmail.com
First crash: 51d, last: 33d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
ce3a3fe7-3a56-4490-800e-2e8fc5907116 repro KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free (3) 2026/03/07 01:38 2026/03/07 01:38 2026/03/07 01:44 31e9c887f7dc24e04b3ca70d0d54fc34141844b0
e07b3de2-6b2b-4b4d-b197-413b7e0baa87 assessment-kcsan Benign: ✅  Confident: ✅  KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free (3) 2026/02/02 07:55 2026/02/02 07:55 2026/02/02 07:57 2186dcabcd743737b50c1a9f99a8bf0d3a5a7914
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free bpf 6 10 2034d 2105d 0/29 auto-closed as invalid on 2020/10/03 23:58
upstream KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free (2) bpf 6 32 1865d 1934d 20/29 fixed on 2021/04/09 19:46

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free

write to 0xffff8881417e8022 of 1 bytes by task 5082 on cpu 0:
 __bpf_lru_node_move kernel/bpf/bpf_lru_list.c:108 [inline]
 __bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:148 [inline]
 __bpf_lru_list_rotate+0x2ec/0x780 kernel/bpf/bpf_lru_list.c:237
 bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:326 [inline]
 bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:444 [inline]
 bpf_lru_pop_free+0x640/0xe40 kernel/bpf/bpf_lru_list.c:496
 prealloc_lru_pop kernel/bpf/hashtab.c:296 [inline]
 htab_lru_map_update_elem+0xc6/0x700 kernel/bpf/hashtab.c:1221
 bpf_map_update_value+0x4f3/0x570 kernel/bpf/syscall.c:297
 generic_map_update_batch+0x52d/0x680 kernel/bpf/syscall.c:2032
 bpf_map_do_batch+0x25c/0x380 kernel/bpf/syscall.c:5669
 __sys_bpf+0x6a2/0x7e0 kernel/bpf/syscall.c:-1
 __do_sys_bpf kernel/bpf/syscall.c:6342 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6340 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6340
 x64_sys_call+0x10cb/0x3020 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff8881417e8022 of 1 bytes by task 5074 on cpu 1:
 bpf_lru_list_push_free kernel/bpf/bpf_lru_list.c:307 [inline]
 bpf_common_lru_push_free kernel/bpf/bpf_lru_list.c:530 [inline]
 bpf_lru_push_free+0x578/0x590 kernel/bpf/bpf_lru_list.c:553
 htab_lru_push_free kernel/bpf/hashtab.c:1189 [inline]
 htab_lru_map_update_elem+0x5a4/0x700 kernel/bpf/hashtab.c:1253
 bpf_map_update_value+0x4f3/0x570 kernel/bpf/syscall.c:297
 generic_map_update_batch+0x52d/0x680 kernel/bpf/syscall.c:2032
 bpf_map_do_batch+0x25c/0x380 kernel/bpf/syscall.c:5669
 __sys_bpf+0x6a2/0x7e0 kernel/bpf/syscall.c:-1
 __do_sys_bpf kernel/bpf/syscall.c:6342 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6340 [inline]
 __x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6340
 x64_sys_call+0x10cb/0x3020 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x370 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00 -> 0x01

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5074 Comm: syz.2.11395 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/20 07:21 upstream 8bf22c33e7a1 17d780d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
2026/02/02 07:55 upstream 9f2693489ef8 6b8752f2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free
* Struck through repros no longer work on HEAD.