syzbot |
sign-in | mailing list | source | docs | 🏰 |
| ID | Workflow | Result | Correct | Bug | Created | Started | Finished | Revision | Error |
|---|---|---|---|---|---|---|---|---|---|
| d2e7702c-ae73-4643-a2b6-c8cdf2218f0a | assessment-kcsan | Benign: ✅ Confident: ✅ | ❓ | KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt (8) | 2026/05/06 06:54 | 2026/05/06 06:54 | 2026/05/06 07:18 | 26da2c6603bcf76ab7d96bee30f110140de68ea2 |
================================================================== BUG: KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt read-write to 0xffff88810224b25c of 2 bytes by interrupt on cpu 0: virtqueue_get_buf_ctx_split drivers/virtio/virtio_ring.c:959 [inline] virtqueue_get_buf_ctx+0x607/0xdb0 drivers/virtio/virtio_ring.c:3086 virtqueue_get_buf+0x1f/0x30 drivers/virtio/virtio_ring.c:3092 __free_old_xmit+0x53/0x340 drivers/net/virtio_net.c:588 virtnet_free_old_xmit+0x39/0x1b0 drivers/net/virtio_net.c:629 free_old_xmit drivers/net/virtio_net.c:958 [inline] virtnet_poll_tx+0x2de/0xca0 drivers/net/virtio_net.c:3239 __napi_poll+0x61/0x300 net/core/dev.c:7730 napi_poll net/core/dev.c:7793 [inline] net_rx_action+0x452/0x930 net/core/dev.c:7950 handle_softirqs+0xb9/0x280 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x42/0xd0 kernel/softirq.c:735 common_interrupt+0x83/0x90 arch/x86/kernel/irq.c:326 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline] _raw_spin_unlock_irqrestore+0x1a/0x30 kernel/locking/spinlock.c:198 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline] __skb_try_recv_datagram+0x123/0x320 net/core/datagram.c:267 __unix_dgram_recvmsg+0x25a/0x870 net/unix/af_unix.c:2587 unix_dgram_recvmsg+0x7e/0x90 net/unix/af_unix.c:2686 sock_recvmsg_nosec+0xc2/0xf0 net/socket.c:1137 ____sys_recvmsg+0x26f/0x280 net/socket.c:2916 ___sys_recvmsg+0x11f/0x3b0 net/socket.c:2960 do_recvmmsg+0x1ef/0x560 net/socket.c:3055 __sys_recvmmsg net/socket.c:3129 [inline] __do_sys_recvmmsg net/socket.c:3152 [inline] __se_sys_recvmmsg net/socket.c:3145 [inline] __x64_sys_recvmmsg+0xe5/0x170 net/socket.c:3145 x64_sys_call+0x80f/0x3020 arch/x86/include/generated/asm/syscalls_64.h:300 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff88810224b25c of 2 bytes by interrupt on cpu 1: more_used_split drivers/virtio/virtio_ring.c:906 [inline] more_used drivers/virtio/virtio_ring.c:3218 [inline] vring_interrupt+0x48/0x310 drivers/virtio/virtio_ring.c:3233 __handle_irq_event_percpu+0x8b/0x480 kernel/irq/handle.c:209 handle_irq_event_percpu kernel/irq/handle.c:246 [inline] handle_irq_event+0x64/0xf0 kernel/irq/handle.c:263 handle_edge_irq+0x154/0x450 kernel/irq/chip.c:856 generic_handle_irq_desc include/linux/irqdesc.h:186 [inline] handle_irq arch/x86/kernel/irq.c:262 [inline] call_irq_handler arch/x86/kernel/irq.c:-1 [inline] __common_interrupt+0x60/0xb0 arch/x86/kernel/irq.c:333 common_interrupt+0x7e/0x90 arch/x86/kernel/irq.c:326 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 __preempt_count_dec_and_test arch/x86/include/asm/preempt.h:95 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline] _raw_spin_unlock_irqrestore+0x1a/0x30 kernel/locking/spinlock.c:198 spin_unlock_irqrestore include/linux/spinlock.h:408 [inline] avc_reclaim_node security/selinux/avc.c:488 [inline] avc_alloc_node+0x21c/0x280 security/selinux/avc.c:507 avc_insert security/selinux/avc.c:618 [inline] avc_compute_av+0xb0/0x430 security/selinux/avc.c:993 avc_perm_nonode+0x5e/0xe0 security/selinux/avc.c:1117 avc_has_perm_noaudit+0xf2/0x130 security/selinux/avc.c:1160 avc_has_perm+0x60/0x190 security/selinux/avc.c:1195 may_create+0x455/0x4a0 security/selinux/hooks.c:1880 selinux_inode_symlink+0x22/0x30 security/selinux/hooks.c:3092 security_inode_symlink+0x75/0xb0 security/security.c:1698 vfs_symlink+0x8e/0x220 fs/namei.c:5635 filename_symlinkat+0xe8/0x2b0 fs/namei.c:5668 __do_sys_symlinkat fs/namei.c:5688 [inline] __se_sys_symlinkat+0x43/0x1b0 fs/namei.c:5683 __x64_sys_symlinkat+0x43/0x50 fs/namei.c:5683 x64_sys_call+0x2b7d/0x3020 arch/x86/include/generated/asm/syscalls_64.h:267 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x25f1 -> 0x25f2 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 8527 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(full) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/05/06 06:54 | upstream | 9207d47f966b | 26da2c66 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-kcsan-gce | KCSAN: data-race in virtqueue_get_buf_ctx / vring_interrupt |