syzbot

 sign-in | mailing list | source | docs
🐞 Open [1487]
Subsystems
🐞 Fixed [6563]
🐞 Invalid [16798]
Missing Backports [203]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in data_push_tail / number (5)

Status: moderation: reported on 2025/07/22 09:11
Subsystems: audit
[Documentation on labels]
Reported-by: syzbot+7b1cbf8ab9b0340d009e@syzkaller.appspotmail.com
First crash: 52d, last: 35d
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / number (2) audit 6 46 983d 1318d 0/29 auto-obsoleted due to no activity on 2023/02/11 10:05
upstream KCSAN: data-race in data_push_tail / number (4) block 6 103 110d 643d 0/29 auto-obsoleted due to no activity on 2025/07/20 09:23
upstream KCSAN: data-race in data_push_tail / number (3) ext4 6 15 859d 943d 0/29 auto-obsoleted due to no activity on 2023/06/10 22:29
upstream KCSAN: data-race in data_push_tail / number ext4 6 87 1354d 1496d 0/29 auto-closed as invalid on 2022/01/31 12:18

Sample crash report:
netlink: 'syz.4.1742': attribute type 27 has an invalid length.
==================================================================
BUG: KCSAN: data-race in data_push_tail / number

write to 0xffffffff88e31bb8 of 1 bytes by task 9282 on cpu 1:
 number+0x8af/0xab0 lib/vsprintf.c:572
 vsnprintf+0x691/0x890 lib/vsprintf.c:2890
 vscnprintf+0x41/0x90 lib/vsprintf.c:2991
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
 vprintk_store+0x599/0x860 kernel/printk/printk.c:2336
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 __show_regs+0xf0/0x440 arch/x86/kernel/process_64.c:92
 show_regs_if_on_stack arch/x86/kernel/dumpstack.c:165 [inline]
 show_trace_log_lvl+0x423/0x560 arch/x86/kernel/dumpstack.c:298
 __dump_stack+0x1d/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
 dump_stack+0x15/0x1b lib/dump_stack.c:129
 fail_dump lib/fault-inject.c:73 [inline]
 should_fail_ex+0x265/0x280 lib/fault-inject.c:174
 should_failslab+0x8c/0xb0 mm/failslab.c:46
 slab_pre_alloc_hook mm/slub.c:4133 [inline]
 slab_alloc_node mm/slub.c:4209 [inline]
 __kmalloc_cache_noprof+0x4c/0x320 mm/slub.c:4391
 kmalloc_noprof include/linux/slab.h:905 [inline]
 copy_mount_options fs/namespace.c:3998 [inline]
 __do_sys_mount fs/namespace.c:4339 [inline]
 __se_sys_mount+0xef/0x2e0 fs/namespace.c:4321
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4321
 x64_sys_call+0x2b4d/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e31bb8 of 8 bytes by task 9193 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbf/0x2b0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 validate_nla lib/nlattr.c:414 [inline]
 __nla_validate_parse+0x1227/0x1d00 lib/nlattr.c:635
 __nla_parse+0x40/0x60 lib/nlattr.c:732
 __nlmsg_parse include/net/netlink.h:789 [inline]
 nlmsg_parse_deprecated include/net/netlink.h:830 [inline]
 rtnl_newlink+0xf1/0x12d0 net/core/rtnetlink.c:3962
 rtnetlink_rcv_msg+0x5fb/0x6d0 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2552
 rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6973
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5bd/0x690 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x142/0x180 net/socket.c:729
 ____sys_sendmsg+0x31e/0x4e0 net/socket.c:2614
 ___sys_sendmsg+0x17b/0x1d0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2703
 x64_sys_call+0x191e/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffe60a -> 0x3a35315220306166

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 9193 Comm: syz.4.1742 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/07 18:37 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2025/07/22 09:10 upstream 89be9a83ccf1 1555463b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
* Struck through repros no longer work on HEAD.