syzbot

 sign-in | mailing list | source | docs
🐞 Open [1517]
Subsystems
🐞 Fixed [6480]
🐞 Invalid [16461]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in __bpf_get_stackid / bcmp

Status: moderation: reported on 2025/06/18 12:38
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+505324320caac3303e6f@syzkaller.appspotmail.com
First crash: 46d, last: 2d16h

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __bpf_get_stackid / bcmp

write to 0xffff88811afa3250 of 152 bytes by interrupt on cpu 0:
 __bpf_get_stackid+0x761/0x800 kernel/bpf/stackmap.c:288
 ____bpf_get_stackid kernel/bpf/stackmap.c:324 [inline]
 bpf_get_stackid+0xee/0x120 kernel/bpf/stackmap.c:300
 ____bpf_get_stackid_raw_tp kernel/trace/bpf_trace.c:1810 [inline]
 bpf_get_stackid_raw_tp+0xf6/0x120 kernel/trace/bpf_trace.c:1799
 bpf_prog_e6fc920cfeff8120+0x2a/0x32
 bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2257 [inline]
 bpf_trace_run2+0x104/0x1c0 kernel/trace/bpf_trace.c:2298
 __do_trace_kfree include/trace/events/kmem.h:94 [inline]
 trace_kfree include/trace/events/kmem.h:94 [inline]
 kfree+0x27b/0x320 mm/slub.c:4866
 netlbl_secattr_destroy include/net/netlabel.h:367 [inline]
 netlbl_secattr_free include/net/netlabel.h:399 [inline]
 selinux_netlbl_sk_security_free+0x76/0x1d0 security/selinux/netlabel.c:162
 selinux_sk_free_security+0x3b/0x50 security/selinux/hooks.c:5415
 security_sk_free+0x65/0x80 security/security.c:4903
 sk_prot_free net/core/sock.c:2271 [inline]
 __sk_destruct+0x392/0x4c0 net/core/sock.c:2373
 sk_destruct net/core/sock.c:2401 [inline]
 __sk_free+0x227/0x270 net/core/sock.c:2412
 sk_free+0x39/0x80 net/core/sock.c:2423
 sock_put include/net/sock.h:1960 [inline]
 sctp_endpoint_destroy_rcu+0x66/0xb0 net/sctp/endpointola.c:193
 rcu_do_batch kernel/rcu/tree.c:2605 [inline]
 rcu_core+0x5aa/0xc30 kernel/rcu/tree.c:2861
 rcu_core_si+0xd/0x20 kernel/rcu/tree.c:2878
 handle_softirqs+0xba/0x290 kernel/softirq.c:579
 run_ksoftirqd+0x1c/0x30 kernel/softirq.c:968
 smpboot_thread_fn+0x32b/0x530 kernel/smpboot.c:160
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88811afa3278 of 8 bytes by task 3612 on cpu 1:
 memcmp lib/string.c:683 [inline]
 bcmp+0x23/0x90 lib/string.c:715
 memcmp include/linux/fortify-string.h:727 [inline]
 __bpf_get_stackid+0x371/0x800 kernel/bpf/stackmap.c:279
 ____bpf_get_stackid kernel/bpf/stackmap.c:324 [inline]
 bpf_get_stackid+0xee/0x120 kernel/bpf/stackmap.c:300
 ____bpf_get_stackid_raw_tp kernel/trace/bpf_trace.c:1810 [inline]
 bpf_get_stackid_raw_tp+0xf6/0x120 kernel/trace/bpf_trace.c:1799
 bpf_prog_e6fc920cfeff8120+0x2a/0x32
 bpf_dispatcher_nop_func include/linux/bpf.h:1322 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2257 [inline]
 bpf_trace_run2+0x104/0x1c0 kernel/trace/bpf_trace.c:2298
 __do_trace_kfree include/trace/events/kmem.h:94 [inline]
 trace_kfree include/trace/events/kmem.h:94 [inline]
 kfree+0x27b/0x320 mm/slub.c:4866
 skb_kfree_head net/core/skbuff.c:1047 [inline]
 skb_free_head+0xb8/0x150 net/core/skbuff.c:1059
 skb_release_data+0x33b/0x370 net/core/skbuff.c:1086
 skb_release_all net/core/skbuff.c:1151 [inline]
 __kfree_skb+0x44/0x150 net/core/skbuff.c:1165
 consume_skb+0x49/0x150 net/core/skbuff.c:1397
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:836 [inline]
 nsim_dev_trap_report_work+0x533/0x630 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0xdd/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

value changed: 0xffffffff844aeefb -> 0xffffffff81d4449b

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 3612 Comm: kworker/u8:43 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events_unbound nsim_dev_trap_report_work
==================================================================

Crashes (25):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/01 12:00 upstream f2d282e1dfb3 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/31 05:30 upstream e8d780dcd957 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/30 08:55 upstream 0919a5b3b11c f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/28 06:12 upstream b711733e89a3 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/27 20:59 upstream ec2df4364666 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/26 21:55 upstream 302f88ff3584 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/26 05:30 upstream 5f33ebd2018c fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/25 16:44 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/22 23:46 upstream 89be9a83ccf1 8e9d1dc1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/16 10:52 upstream 155a3c003e55 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/12 16:09 upstream 379f604cc3dc 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/11 01:37 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/07 00:44 upstream d7b8f8e20813 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/05 11:40 upstream a79a588fc176 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/03 07:22 upstream b4911fb0b060 115ceea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/07/01 01:15 upstream 66701750d556 6e83b42d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/30 14:59 upstream d0b3b7b22dfa fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/29 15:51 upstream dfba48a70cb6 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/28 00:41 upstream 67a993863163 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/27 08:45 upstream f02769e7f272 803ce19b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/26 00:01 upstream 92ca6c498a5e 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/24 18:27 upstream 78f4e737a53e 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/24 08:18 upstream 78f4e737a53e e2f27c35 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/23 08:07 upstream b67ec639010f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
2025/06/18 12:37 upstream 52da431bf03b ca631f70 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __bpf_get_stackid / bcmp
* Struck through repros no longer work on HEAD.