KCSAN: data-race in virtqueue_get_buf_ctx / vring

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
dafe1991-87de-4836-833c-7e873c78a4eb	assessment-security	DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ✅ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ✅ VMHostTrigger: ❌	❓	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (8)	2026/05/21 22:18	2026/05/21 22:18	2026/05/21 22:53	d57425845dbe663f86e1e54a4997e95bd557b624
d2e7702c-ae73-4643-a2b6-c8cdf2218f0a	assessment-kcsan	Benign: ✅ Confident: ✅	❓	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (8)	2026/05/06 06:54	2026/05/06 06:54	2026/05/06 07:18	26da2c6603bcf76ab7d96bee30f110140de68ea2

Kernel	Title	Rank 🛈	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (6) virt	6	1	1112d	1112d	0/29	auto-obsoleted due to no activity on 2023/07/15 08:54
upstream	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (7) virt	6	1	318d	318d	0/29	auto-obsoleted due to no activity on 2025/10/07 07:38
upstream	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt virt	6	3	2426d	2436d	0/29	closed as invalid on 2019/11/19 13:44
upstream	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (5) virt	6	1	1448d	1448d	0/29	auto-closed as invalid on 2022/08/13 10:50
upstream	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (2) virt	6	4	2329d	2355d	0/29	auto-closed as invalid on 2020/04/19 05:34
upstream	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (3) virt	6	1	1711d	1711d	0/29	auto-closed as invalid on 2021/11/23 01:54
upstream	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (4) virt	6	1	1526d	1526d	0/29	auto-closed as invalid on 2022/05/27 01:16

Kernel

Title

Rank 🛈

upstream

KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (6) virt

1112d

0/29

auto-obsoleted due to no activity on 2023/07/15 08:54

upstream

KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (7) virt

318d

0/29

auto-obsoleted due to no activity on 2025/10/07 07:38

upstream

KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt virt

2426d

2436d

0/29

closed as invalid on 2019/11/19 13:44

upstream

KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (5) virt

1448d

0/29

auto-closed as invalid on 2022/08/13 10:50

upstream

KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (2) virt

2329d

2355d

0/29

auto-closed as invalid on 2020/04/19 05:34

upstream

KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (3) virt

1711d

0/29

auto-closed as invalid on 2021/11/23 01:54

upstream

KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (4) virt

1526d

0/29

auto-closed as invalid on 2022/05/27 01:16

================================================================== BUG: KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt read-write to 0xffff88810224b25c of 2 bytes by interrupt on cpu 0: virtqueue_get_buf_ctx_split drivers/virtio/virtio_ring.c:959 [inline] virtqueue_get_buf_ctx+0x607/0xdb0 drivers/virtio/virtio_ring.c:3086 virtqueue_get_buf+0x1f/0x30 drivers/virtio/virtio_ring.c:3092 __free_old_xmit+0x53/0x340 drivers/net/virtio_net.c:588 virtnet_free_old_xmit+0x39/0x1b0 drivers/net/virtio_net.c:629 free_old_xmit drivers/net/virtio_net.c:958 [inline] virtnet_poll_tx+0x2de/0xca0 drivers/net/virtio_net.c:3239 __napi_poll+0x61/0x300 net/core/dev.c:7730 napi_poll net/core/dev.c:7793 [inline] net_rx_action+0x452/0x930 net/core/dev.c:7950 handle_softirqs+0xb9/0x280 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x42/0xd0 kernel/softirq.c:735 common_interrupt+0x83/0x90 arch/x86/kernel/irq.c:326 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline] _raw_spin_unlock_irqrestore+0x1a/0x30 kernel/locking/spinlock.c:198 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline] __skb_try_recv_datagram+0x123/0x320 net/core/datagram.c:267 __unix_dgram_recvmsg+0x25a/0x870 net/unix/af_unix.c:2587 unix_dgram_recvmsg+0x7e/0x90 net/unix/af_unix.c:2686 sock_recvmsg_nosec+0xc2/0xf0 net/socket.c:1137 ____sys_recvmsg+0x26f/0x280 net/socket.c:2916 ___sys_recvmsg+0x11f/0x3b0 net/socket.c:2960 do_recvmmsg+0x1ef/0x560 net/socket.c:3055 __sys_recvmmsg net/socket.c:3129 [inline] __do_sys_recvmmsg net/socket.c:3152 [inline] __se_sys_recvmmsg net/socket.c:3145 [inline] __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3145 x64_sys_call+0x80f/0x3020 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff88810224b25c of 2 bytes by interrupt on cpu 1: more_used_split drivers/virtio/virtio_ring.c:906 [inline] more_used drivers/virtio/virtio_ring.c:3218 [inline] vring_interrupt+0x48/0x310 drivers/virtio/virtio_ring.c:3233 __handle_irq_event_percpu+0x8b/0x480 kernel/irq/handle.c:209 handle_irq_event_percpu kernel/irq/handle.c:246 [inline] handle_irq_event+0x64/0xf0 kernel/irq/handle.c:263 handle_edge_irq+0x154/0x450 kernel/irq/chip.c:856 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline] handle_irq arch/x86/kernel/irq.c:262 [inline] call_irq_handler arch/x86/kernel/irq.c:-1 [inline] __common_interrupt+0x60/0xb0 arch/x86/kernel/irq.c:333 common_interrupt+0x7e/0x90 arch/x86/kernel/irq.c:326 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline] _raw_spin_unlock_irqrestore+0x1a/0x30 kernel/locking/spinlock.c:198 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline] avc_reclaim_node security/selinux/avc.c:488 [inline] avc_alloc_node+0x21c/0x280 security/selinux/avc.c:507 avc_insert security/selinux/avc.c:618 [inline] avc_compute_av+0xb0/0x430 security/selinux/avc.c:993 avc_perm_nonode+0x5e/0xe0 security/selinux/avc.c:1117 avc_has_perm_noaudit+0xf2/0x130 security/selinux/avc.c:1160 avc_has_perm+0x60/0x190 security/selinux/avc.c:1195 may_create+0x455/0x4a0 security/selinux/hooks.c:1880 selinux_inode_symlink+0x22/0x30 security/selinux/hooks.c:3092 security_inode_symlink+0x75/0xb0 security/security.c:1698 vfs_symlink+0x8e/0x220 fs/namei.c:5635 filename_symlinkat+0xe8/0x2b0 fs/namei.c:5668 __do_sys_symlinkat fs/namei.c:5688 [inline] __se_sys_symlinkat+0x43/0x1b0 fs/namei.c:5683 __x64_sys_symlinkat+0x43/0x50 fs/namei.c:5683 x64_sys_call+0x2b7d/0x3020 arch/x86/include/generated/asm/syscalls_64.h:267 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x25f1 -> 0x25f2 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 8527 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(full) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 ==================================================================

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/05/06 06:54	upstream	9207d47f966b	26da2c66	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt

Crashes (1):

Assets (help?)