syzbot

 sign-in | mailing list | source | docs
🐞 Open [1468]
Subsystems
🐞 Fixed [6810]
🐞 Invalid [17601]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in data_push_tail / number (5)

Status: moderation: reported on 2025/07/22 09:11
Subsystems: audit
[Documentation on labels]
Reported-by: syzbot+7b1cbf8ab9b0340d009e@syzkaller.appspotmail.com
First crash: 154d, last: 1d15h
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / number (2) audit 6 46 1086d 1420d 0/29 auto-obsoleted due to no activity on 2023/02/11 10:05
upstream KCSAN: data-race in data_push_tail / number (4) block 6 103 212d 745d 0/29 auto-obsoleted due to no activity on 2025/07/20 09:23
upstream KCSAN: data-race in data_push_tail / number (3) ext4 6 15 961d 1046d 0/29 auto-obsoleted due to no activity on 2023/06/10 22:29
upstream KCSAN: data-race in data_push_tail / number ext4 6 87 1457d 1598d 0/29 auto-closed as invalid on 2022/01/31 12:18

Sample crash report:
Bluetooth: hci0: Opcode 0x1003 failed: -110
==================================================================
BUG: KCSAN: data-race in data_push_tail / number

write to 0xffffffff88eb4338 of 1 bytes by task 3641 on cpu 1:
 number+0x8fd/0xab0 lib/vsprintf.c:572
 vsnprintf+0x64e/0x860 lib/vsprintf.c:2911
 va_format lib/vsprintf.c:1722 [inline]
 pointer+0x821/0xcb0 lib/vsprintf.c:2568
 vsnprintf+0x491/0x860 lib/vsprintf.c:2951
 vscnprintf+0x41/0x90 lib/vsprintf.c:3012
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2192
 vprintk_store+0x568/0x830 kernel/printk/printk.c:2312
 vprintk_emit+0x15a/0x5c0 kernel/printk/printk.c:2402
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2441
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2451
 bt_err+0x9d/0xd0 net/bluetooth/lib.c:296
 hci_cmd_timeout+0x97/0x140 net/bluetooth/hci_core.c:1469
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

read to 0xffffffff88eb4338 of 8 bytes by task 44 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:608 [inline]
 data_push_tail+0x100/0x470 kernel/printk/printk_ringbuffer.c:693
 data_alloc+0x11b/0x390 kernel/printk/printk_ringbuffer.c:1089
 prb_reserve+0x8d7/0xad0 kernel/printk/printk_ringbuffer.c:1724
 vprintk_store+0x53c/0x830 kernel/printk/printk.c:2302
 vprintk_emit+0x15a/0x5c0 kernel/printk/printk.c:2402
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2441
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2451
 bt_err+0x9d/0xd0 net/bluetooth/lib.c:296
 __hci_cmd_sync_status_sk net/bluetooth/hci_sync.c:271 [inline]
 __hci_cmd_sync_status net/bluetooth/hci_sync.c:287 [inline]
 hci_read_local_features_sync net/bluetooth/hci_sync.c:3708 [inline]
 hci_init_stage_sync net/bluetooth/hci_sync.c:3623 [inline]
 hci_init1_sync net/bluetooth/hci_sync.c:3755 [inline]
 hci_init_sync net/bluetooth/hci_sync.c:4885 [inline]
 hci_dev_init_sync net/bluetooth/hci_sync.c:5077 [inline]
 hci_dev_open_sync+0xfa4/0x2290 net/bluetooth/hci_sync.c:5155
 hci_dev_do_open net/bluetooth/hci_core.c:430 [inline]
 hci_power_on+0xef/0x390 net/bluetooth/hci_core.c:959
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340
 worker_thread+0x582/0x770 kernel/workqueue.c:3421
 kthread+0x489/0x510 kernel/kthread.c:463
 ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

value changed: 0x00000000ffffe607 -> 0x6f656d6974207874

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 44 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: hci0 hci_power_on
==================================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/22 05:21 upstream 765b233a9b94 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2025/12/05 09:28 upstream 2061f18ad76e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2025/11/04 00:55 upstream 8bb886cb8f3a 686bf657 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2025/09/18 16:15 upstream 8b789f2b7602 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2025/08/07 18:37 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2025/07/22 09:10 upstream 89be9a83ccf1 1555463b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
* Struck through repros no longer work on HEAD.