syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1334]
Subsystems
🐞 Fixed [7143]
🐞 Invalid [18889]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KCSAN: data-race in data_push_tail / symbol_string (13)

Status: moderation: reported on 2026/05/26 13:43
Subsystems: kernel
Labels: race:benign prio:high
[Documentation on labels]
Reported-by: syzbot+87ceb230e13b905151cb@syzkaller.appspotmail.com
First crash: 12d, last: 12d
✨ AI Jobs (3)
ID Workflow Result Correct Bug Created Started Finished Revision Error
8efa9a64-c1b2-4ee2-9db7-e47806203676 assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ✅ NetworkTrigger: ✅ PeripheralTrigger: ✅ RemoteTrigger: ✅ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ✅ VMHostTrigger: ✅ KCSAN: data-race in data_push_tail / symbol_string (13) 2026/06/02 16:26 2026/06/02 16:26 2026/06/02 17:15 62fe15281f5011cd203d8845b8767b10e7443aa5
d41d2006-7eda-4f81-b6fa-16f9e8a6ce61 assessment-kcsan Benign: ✅ KCSAN: data-race in data_push_tail / symbol_string (13) 2026/06/02 16:22 2026/06/02 16:22 2026/06/02 17:00 62fe15281f5011cd203d8845b8767b10e7443aa5
67baf85c-d992-4d15-bb37-4285075fb655 assessment-kcsan 💥 KCSAN: data-race in data_push_tail / symbol_string (13) 2026/05/26 13:46 2026/05/26 13:46 2026/05/26 13:46 c69befb30ac10e158cc9d1557b508ee3f0eca1de failed to run ["git" "-c" "core.hooksPath=/dev/null" "fetch" "--force" "--tags" "f569e972c8e9057ee9c286220c83a480ebf30cc5" "e8c2f9fdadee7cbc75134dc463c1e0d856d6e5c7"]: exit status 128 error: insufficient permission for adding an object to repository database .git/objects fatal: failed to write object fatal: unpack-objects failed
Similar bugs (12)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / symbol_string (3) kernel 6 1 1559d 1559d 0/29 auto-closed as invalid on 2022/04/05 16:28
upstream KCSAN: data-race in data_push_tail / symbol_string (10) kernel 6 1 392d 392d 0/29 auto-obsoleted due to no activity on 2025/07/07 00:26
upstream KCSAN: data-race in data_push_tail / symbol_string (7) kernel 6 2 830d 832d 0/29 auto-obsoleted due to no activity on 2024/04/04 01:53
upstream KCSAN: data-race in data_push_tail / symbol_string kernel 6 1 1818d 1818d 0/29 auto-closed as invalid on 2021/07/21 00:16
upstream KCSAN: data-race in data_push_tail / symbol_string (9) kernel 6 1 493d 493d 0/29 auto-obsoleted due to no activity on 2025/03/27 22:14
upstream KCSAN: data-race in data_push_tail / symbol_string (6) kernel 6 1 926d 915d 0/29 auto-obsoleted due to no activity on 2023/12/29 16:49
upstream KCSAN: data-race in data_push_tail / symbol_string (5) kernel 6 4 968d 1043d 0/29 auto-obsoleted due to no activity on 2023/11/17 08:46
upstream KCSAN: data-race in data_push_tail / symbol_string (4) kernel 6 2 1137d 1163d 0/29 auto-obsoleted due to no activity on 2023/06/01 14:03
upstream KCSAN: data-race in data_push_tail / symbol_string (12) kernel 6 2 157d 188d 0/29 auto-obsoleted due to no activity on 2026/02/26 12:42
upstream KCSAN: data-race in data_push_tail / symbol_string (11) kernel 6 1 288d 288d 0/29 auto-obsoleted due to no activity on 2025/10/18 10:19
upstream KCSAN: data-race in data_push_tail / symbol_string (8) kernel 6 1 553d 553d 0/29 auto-obsoleted due to no activity on 2025/01/26 20:37
upstream KCSAN: data-race in data_push_tail / symbol_string (2) kernel 6 1 1638d 1638d 0/29 auto-closed as invalid on 2022/01/16 12:11

Sample crash report:
BUG: KCSAN: data-race in data_push_tail / symbol_string

write to 0xffffffff89398bb8 of 1 bytes by task 18568 on cpu 1:
 string_nocheck lib/vsprintf.c:659 [inline]
 symbol_string+0x1ce/0x250 lib/vsprintf.c:1015
 pointer+0x60c/0xcb0 lib/vsprintf.c:2536
 vsnprintf+0x491/0x860 lib/vsprintf.c:2952
 vscnprintf+0x41/0x90 lib/vsprintf.c:3013
 printk_sprint+0x30/0x2b0 kernel/printk/printk.c:2222
 vprintk_store+0x57b/0x910 kernel/printk/printk.c:2364
 vprintk_emit+0x1a4/0x600 kernel/printk/printk.c:2455
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2494
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2504
 printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
 __show_trace_log_lvl+0x460/0x560 arch/x86/kernel/dumpstack.c:282
 __dump_stack+0x1d/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x95/0xd0 lib/dump_stack.c:120
 dump_stack+0x15/0x1b lib/dump_stack.c:129
 fail_dump lib/fault-inject.c:73 [inline]
 should_fail_ex+0x263/0x280 lib/fault-inject.c:174
 should_fail+0xb/0x20 lib/fault-inject.c:184
 should_fail_usercopy+0x1a/0x20 lib/fault-inject-usercopy.c:35
 _inline_copy_from_user include/linux/uaccess.h:170 [inline]
 _copy_from_user+0x1c/0xb0 lib/usercopy.c:18
 copy_from_user include/linux/uaccess.h:223 [inline]
 copy_from_sockptr_offset include/linux/sockptr.h:48 [inline]
 copy_from_sockptr include/linux/sockptr.h:61 [inline]
 copy_group_source_from_sockptr net/ipv4/ip_sockglue.c:714 [inline]
 do_mcast_group_source+0x123/0x420 net/ipv4/ip_sockglue.c:729
 do_ip_setsockopt+0x175a/0x2290 net/ipv4/ip_sockglue.c:1334
 ip_setsockopt+0x58/0x110 net/ipv4/ip_sockglue.c:1417
 udp_setsockopt+0x89/0xa0 net/ipv4/udp.c:2986
 sock_common_setsockopt+0x69/0x80 net/core/sock.c:3989
 do_sock_setsockopt net/socket.c:2381 [inline]
 __sys_setsockopt+0x184/0x200 net/socket.c:2406
 __do_sys_setsockopt net/socket.c:2412 [inline]
 __se_sys_setsockopt net/socket.c:2409 [inline]
 __x64_sys_setsockopt+0x64/0x80 net/socket.c:2409
 x64_sys_call+0x2327/0x3020 arch/x86/include/generated/asm/syscalls_64.h:55
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff89398bb8 of 8 bytes by task 18540 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:608 [inline]
 data_push_tail+0x100/0x470 kernel/printk/printk_ringbuffer.c:693
 data_alloc+0x11b/0x390 kernel/printk/printk_ringbuffer.c:1089
 prb_reserve+0x8d6/0xad0 kernel/printk/printk_ringbuffer.c:1727
 vprintk_store+0x54a/0x910 kernel/printk/printk.c:2354
 vprintk_emit+0x1a4/0x600 kernel/printk/printk.c:2455
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2494
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2504
 set_capacity_and_notify+0x1dd/0x230 block/genhd.c:93
 loop_set_size+0x2e/0x70 drivers/block/loop.c:220
 loop_configure+0x828/0x9c0 drivers/block/loop.c:1079
 lo_ioctl+0x1e1/0x13a0 drivers/block/loop.c:1534
 blkdev_ioctl+0x387/0x460 block/ioctl.c:797
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583
 x64_sys_call+0x1563/0x3020 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x3ffffffffffff49e -> 0x6863735f6b736174

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 18540 Comm: syz.9.3805 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================
EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
EXT4-fs (loop9): 1 orphan inode deleted
EXT4-fs (loop9): 1 truncate cleaned up
EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/26 13:43 upstream e8c2f9fdadee a3e47276 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / symbol_string
* Struck through repros no longer work on HEAD.