Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 ================================================================== BUG: KCSAN: data-race in data_push_tail / string write to 0xffffffff893be288 of 1 bytes by task 28 on cpu 0: string_nocheck lib/vsprintf.c:659 [inline] string+0x187/0x220 lib/vsprintf.c:737 vsnprintf+0x532/0x860 lib/vsprintf.c:2948 vscnprintf+0x41/0x90 lib/vsprintf.c:3013 printk_sprint+0x30/0x2b0 kernel/printk/printk.c:2222 vprintk_store+0x57b/0x910 kernel/printk/printk.c:2364 vprintk_emit+0x1a4/0x600 kernel/printk/printk.c:2455 vprintk_default+0x26/0x30 kernel/printk/printk.c:2494 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82 _printk+0x79/0xa0 kernel/printk/printk.c:2504 kauditd_printk_skb kernel/audit.c:587 [inline] kauditd_hold_skb+0x1b1/0x1c0 kernel/audit.c:622 kauditd_send_queue+0x273/0x2c0 kernel/audit.c:807 kauditd_thread+0x444/0x670 kernel/audit.c:931 kthread+0x22a/0x280 kernel/kthread.c:436 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 read to 0xffffffff893be288 of 8 bytes by task 14714 on cpu 1: data_make_reusable kernel/printk/printk_ringbuffer.c:608 [inline] data_push_tail+0x100/0x470 kernel/printk/printk_ringbuffer.c:693 data_alloc+0x11b/0x390 kernel/printk/printk_ringbuffer.c:1089 prb_reserve+0x8d7/0xae0 kernel/printk/printk_ringbuffer.c:1724 vprintk_store+0x54a/0x910 kernel/printk/printk.c:2354 vprintk_emit+0x1a4/0x600 kernel/printk/printk.c:2455 vprintk_default+0x26/0x30 kernel/printk/printk.c:2494 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82 _printk+0x79/0xa0 kernel/printk/printk.c:2504 show_opcodes+0xfd/0x120 arch/x86/kernel/dumpstack.c:121 show_iret_regs+0x12/0x40 arch/x86/kernel/dumpstack.c:147 __show_regs+0x2a/0x430 arch/x86/kernel/process_64.c:78 show_regs_if_on_stack arch/x86/kernel/dumpstack.c:165 [inline] __show_trace_log_lvl+0x38f/0x560 arch/x86/kernel/dumpstack.c:298 __warn+0x159/0x330 kernel/panic.c:1060 __report_bug+0x241/0x490 lib/bug.c:246 report_bug_entry+0xb2/0x100 lib/bug.c:266 handle_bug+0xce/0x200 arch/x86/kernel/traps.c:431 exc_invalid_op+0x1a/0x50 arch/x86/kernel/traps.c:490 asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:616 ext4_xattr_inode_update_ref+0x332/0x350 fs/ext4/xattr.c:1057 ext4_xattr_inode_dec_ref fs/ext4/xattr.c:1082 [inline] ext4_xattr_inode_dec_ref_all+0x57c/0x880 fs/ext4/xattr.c:1228 ext4_xattr_delete_inode+0x6c1/0x7a0 fs/ext4/xattr.c:2950 ext4_evict_inode+0xb16/0xe30 fs/ext4/inode.c:284 evict+0x2af/0x510 fs/inode.c:841 iput_final fs/inode.c:1960 [inline] iput+0x41a/0x580 fs/inode.c:2009 ext4_process_orphan+0x1a9/0x1c0 fs/ext4/orphan.c:358 ext4_orphan_cleanup+0x6a2/0xa00 fs/ext4/orphan.c:472 __ext4_fill_super fs/ext4/super.c:5695 [inline] ext4_fill_super+0x3408/0x37c0 fs/ext4/super.c:5818 get_tree_bdev_flags+0x291/0x300 fs/super.c:1694 get_tree_bdev+0x1f/0x30 fs/super.c:1717 ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5850 vfs_get_tree+0x57/0x1d0 fs/super.c:1754 fc_mount fs/namespace.c:1193 [inline] do_new_mount_fc fs/namespace.c:3758 [inline] do_new_mount+0x288/0x8d0 fs/namespace.c:3834 path_mount+0x4d0/0xbc0 fs/namespace.c:4154 do_mount fs/namespace.c:4167 [inline] __do_sys_mount fs/namespace.c:4383 [inline] __se_sys_mount+0x28c/0x2e0 fs/namespace.c:4360 __x64_sys_mount+0x67/0x80 fs/namespace.c:4360 x64_sys_call+0x2d61/0x3020 arch/x86/include/generated/asm/syscalls_64.h:166 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000ffffea06 -> 0x747865746e6f6373 Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 14714 Comm: syz.9.3986 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 ================================================================== RSP: 002b:00007efeec3eee58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007efeec3eeee0 RCX: 00007efeed99da8a RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007efeec3eeea0 RBP: 00002000000009c0 R08: 00007efeec3eeee0 R09: 0000000000800718 R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 R13: 00007efeec3eeea0 R14: 000000000000048d R15: 0000200000000200 ---[ end trace 0000000000000000 ]--- EXT4-fs (loop9): 1 orphan inode deleted EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. ---------------- Code disassembly (best guess): 0: 48 c7 c2 e8 ff ff ff mov $0xffffffffffffffe8,%rdx 7: f7 d8 neg %eax 9: 64 89 02 mov %eax,%fs:(%rdx) c: b8 ff ff ff ff mov $0xffffffff,%eax 11: c3 ret 12: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 19: 00 00 00 1c: 0f 1f 40 00 nopl 0x0(%rax) 20: 49 89 ca mov %rcx,%r10 23: b8 a5 00 00 00 mov $0xa5,%eax 28: 0f 05 syscall * 2a: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 c7 c1 e8 ff ff ff mov $0xffffffffffffffe8,%rcx 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W