syzbot

 sign-in | mailing list | source | docs
🐞 Open [1434]
Subsystems
🐞 Fixed [6777]
🐞 Invalid [17479]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in data_push_tail / symbol_string (12)

Status: moderation: reported on 2025/12/01 10:18
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+62a88c50f1c841e21c32@syzkaller.appspotmail.com
First crash: 3d19h, last: 3d19h
Similar bugs (11)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / symbol_string (3) kernel 6 1 1374d 1374d 0/29 auto-closed as invalid on 2022/04/05 16:28
upstream KCSAN: data-race in data_push_tail / symbol_string (10) kernel 6 1 207d 207d 0/29 auto-obsoleted due to no activity on 2025/07/07 00:26
upstream KCSAN: data-race in data_push_tail / symbol_string (7) kernel 6 2 645d 647d 0/29 auto-obsoleted due to no activity on 2024/04/04 01:53
upstream KCSAN: data-race in data_push_tail / symbol_string kernel 6 1 1633d 1633d 0/29 auto-closed as invalid on 2021/07/21 00:16
upstream KCSAN: data-race in data_push_tail / symbol_string (9) kernel 6 1 308d 308d 0/29 auto-obsoleted due to no activity on 2025/03/27 22:14
upstream KCSAN: data-race in data_push_tail / symbol_string (6) kernel 6 1 741d 730d 0/29 auto-obsoleted due to no activity on 2023/12/29 16:49
upstream KCSAN: data-race in data_push_tail / symbol_string (5) kernel 6 4 783d 858d 0/29 auto-obsoleted due to no activity on 2023/11/17 08:46
upstream KCSAN: data-race in data_push_tail / symbol_string (4) kernel 6 2 952d 978d 0/29 auto-obsoleted due to no activity on 2023/06/01 14:03
upstream KCSAN: data-race in data_push_tail / symbol_string (11) kernel 6 1 103d 103d 0/29 auto-obsoleted due to no activity on 2025/10/18 10:19
upstream KCSAN: data-race in data_push_tail / symbol_string (8) kernel 6 1 368d 368d 0/29 auto-obsoleted due to no activity on 2025/01/26 20:37
upstream KCSAN: data-race in data_push_tail / symbol_string (2) kernel 6 1 1453d 1453d 0/29 auto-closed as invalid on 2022/01/16 12:11

Sample crash report:
BUG: KCSAN: data-race in data_push_tail / symbol_string

write to 0xffffffff88e79b18 of 1 bytes by task 10651 on cpu 0:
 string_nocheck lib/vsprintf.c:657 [inline]
 symbol_string+0x1ce/0x250 lib/vsprintf.c:1013
 pointer+0x60c/0xcf0 lib/vsprintf.c:2515
 vsnprintf+0x491/0x890 lib/vsprintf.c:2930
 vscnprintf+0x41/0x90 lib/vsprintf.c:2991
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2189
 vprintk_store+0x599/0x860 kernel/printk/printk.c:2309
 vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2438
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2448
 printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
 show_trace_log_lvl+0x4e3/0x560 arch/x86/kernel/dumpstack.c:282
 __dump_stack+0x1d/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
 dump_stack+0x15/0x1b lib/dump_stack.c:129
 fail_dump lib/fault-inject.c:73 [inline]
 should_fail_ex+0x265/0x280 lib/fault-inject.c:174
 should_failslab+0x8c/0xb0 mm/failslab.c:46
 slab_pre_alloc_hook mm/slub.c:4931 [inline]
 slab_alloc_node mm/slub.c:5264 [inline]
 __do_kmalloc_node mm/slub.c:5649 [inline]
 __kmalloc_noprof+0xa5/0x570 mm/slub.c:5662
 kmalloc_noprof include/linux/slab.h:961 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 lsm_blob_alloc security/security.c:690 [inline]
 lsm_cred_alloc security/security.c:707 [inline]
 security_prepare_creds+0x52/0x120 security/security.c:3310
 prepare_creds+0x34a/0x4c0 kernel/cred.c:242
 copy_creds+0x8f/0x3f0 kernel/cred.c:312
 copy_process+0x658/0x2000 kernel/fork.c:2046
 kernel_clone+0x16c/0x5c0 kernel/fork.c:2609
 __do_sys_clone kernel/fork.c:2750 [inline]
 __se_sys_clone kernel/fork.c:2734 [inline]
 __x64_sys_clone+0xe6/0x120 kernel/fork.c:2734
 x64_sys_call+0x119c/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e79b18 of 8 bytes by task 10654 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:591 [inline]
 data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:676
 data_alloc+0xfb/0x2e0 kernel/printk/printk_ringbuffer.c:1061
 prb_reserve+0x807/0xaf0 kernel/printk/printk_ringbuffer.c:1685
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2299
 vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2438
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2448
 validate_nla lib/nlattr.c:414 [inline]
 __nla_validate_parse+0x1227/0x1d00 lib/nlattr.c:635
 __nla_parse+0x40/0x60 lib/nlattr.c:732
 __nlmsg_parse include/net/netlink.h:789 [inline]
 nlmsg_parse_deprecated include/net/netlink.h:830 [inline]
 rtnl_setlink+0xd2/0x420 net/core/rtnetlink.c:3436
 rtnetlink_rcv_msg+0x5fe/0x6d0 net/core/rtnetlink.c:6951
 netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2552
 rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6978
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x145/0x180 net/socket.c:742
 sock_write_iter+0x1a7/0x1f0 net/socket.c:1195
 do_iter_readv_writev+0x4a1/0x540 fs/read_write.c:-1
 vfs_writev+0x2df/0x8b0 fs/read_write.c:1057
 do_writev+0xe7/0x210 fs/read_write.c:1103
 __do_sys_writev fs/read_write.c:1171 [inline]
 __se_sys_writev fs/read_write.c:1168 [inline]
 __x64_sys_writev+0x45/0x50 fs/read_write.c:1168
 x64_sys_call+0x1e9a/0x3000 arch/x86/include/generated/asm/syscalls_64.h:21
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffe985 -> 0x663878302b736465

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10654 Comm: syz.1.2889 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================
syz.1.2889 (10654) used greatest stack depth: 9432 bytes left

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/01 10:17 upstream 7d0a66e4bb90 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / symbol_string
* Struck through repros no longer work on HEAD.