syzbot

 sign-in | mailing list | source | docs
🐞 Open [1437]
Subsystems
🐞 Fixed [6967]
🐞 Invalid [18158]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in wg_expired_retransmit_handshake / wg_packet_send_queued_handshake_initiation (4)

Status: moderation: reported on 2026/03/06 16:21
Subsystems: wireguard
[Documentation on labels]
Reported-by: syzbot+60a44977e723239440cc@syzkaller.appspotmail.com
First crash: 1d02h, last: 1d02h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
c8afbb7b-b66b-415d-bb51-d4501b56da7f assessment-kcsan 💥 KCSAN: data-race in wg_expired_retransmit_handshake / wg_packet_send_queued_handshake_initiation (4) 2026/03/06 11:06 2026/03/06 11:06 2026/03/06 11:27 31e9c887f7dc24e04b3ca70d0d54fc34141844b0 Error 429, Message: You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. , Status: RESOURCE_EXHAUSTED, Details: [map[@type:type.googleapis.com/google.rpc.Help links:[map[description:Learn more about Gemini API quotas url:https://ai.google.dev/gemini-api/docs/rate-limits]]] map[@type:type.googleapis.com/google.rpc.DebugInfo detail:[ORIGINAL ERROR] generic::resource_exhausted: You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. [google.rpc.error_details_ext] { message: "You exceeded your current quota, please check your plan and billing details. For more information on this error, head to: https://ai.google.dev/gemini-api/docs/rate-limits. To monitor your current usage, head to: https://ai.dev/rate-limit. " details { type_url: "type.googleapis.com/language_labs.genai.debug.GeminiApiDebugInfo" value: "R\212\001\n\207\001\nTgenerativelanguage.googleapis.com/generate_content_paid_tier_1_input_tokens_internal\022\022\n\010location\022\006global\022\027\n\005model\022\016gemini-3-flash\030\300\204=" } details { [type.googleapis.com/google.rpc.Help] { links { description: "Learn more about Gemini API quotas" url: "https://ai.google.dev/gemini-api/docs/rate-limits" } } } }]]
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in wg_expired_retransmit_handshake / wg_packet_send_queued_handshake_initiation wireguard 6 1 327d 327d 0/29 auto-obsoleted due to no activity on 2025/06/08 20:20
upstream KCSAN: data-race in wg_expired_retransmit_handshake / wg_packet_send_queued_handshake_initiation (2) wireguard 6 1 134d 134d 0/29 auto-obsoleted due to no activity on 2025/12/18 18:21
upstream KCSAN: data-race in wg_expired_retransmit_handshake / wg_packet_send_queued_handshake_initiation (3) wireguard 6 2 63d 59d 0/29 auto-obsoleted due to no activity on 2026/02/28 13:08

Sample crash report:
==================================================================
BUG: KCSAN: data-race in wg_expired_retransmit_handshake / wg_packet_send_queued_handshake_initiation

read to 0xffff88810b667808 of 4 bytes by interrupt on cpu 0:
 wg_expired_retransmit_handshake+0x2a/0x160 drivers/net/wireguard/timers.c:46
 call_timer_fn+0x3b/0x2a0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x426/0x620 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x31/0x70 kernel/time/timer.c:2404
 handle_softirqs+0xb9/0x2a0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x39/0xc0 kernel/softirq.c:723
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
 pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:62
 arch_safe_halt arch/x86/kernel/process.c:766 [inline]
 default_idle+0x9/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x3b/0x60 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0xcd/0x230 kernel/sched/idle.c:332
 cpu_startup_entry+0x24/0x30 kernel/sched/idle.c:430
 rest_init+0xee/0xf0 init/main.c:760
 start_kernel+0x49a/0x4c0 init/main.c:1210
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0xfc/0x100 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x147

write to 0xffff88810b667808 of 4 bytes by interrupt on cpu 1:
 wg_packet_send_queued_handshake_initiation+0x32/0x180 drivers/net/wireguard/send.c:59
 wg_expired_new_handshake+0x26/0x30 drivers/net/wireguard/timers.c:104
 call_timer_fn+0x3b/0x2a0 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x426/0x620 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x31/0x70 kernel/time/timer.c:2404
 handle_softirqs+0xb9/0x2a0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x39/0xc0 kernel/softirq.c:723
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x74/0x80 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
 pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:62
 arch_safe_halt arch/x86/kernel/process.c:766 [inline]
 default_idle+0x9/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x3b/0x60 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0xcd/0x230 kernel/sched/idle.c:332
 cpu_startup_entry+0x24/0x30 kernel/sched/idle.c:430
 start_secondary+0x95/0xa0 arch/x86/kernel/smpboot.c:312
 common_startup_64+0x13e/0x147

value changed: 0x00000002 -> 0x00000003

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/06 10:58 upstream 5ee8dbf54602 31e9c887 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in wg_expired_retransmit_handshake / wg_packet_send_queued_handshake_initiation
* Struck through repros no longer work on HEAD.