syzbot

 sign-in | mailing list | source | docs
🐞 Open [1676]
Subsystems
🐞 Fixed [6053]
🐞 Invalid [15018]
Missing Backports [150]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in data_push_tail / vsnprintf (9)

Status: moderation: reported on 2025/02/21 08:47
Subsystems: block
[Documentation on labels]
Reported-by: syzbot+504460beb7923d347fba@syzkaller.appspotmail.com
First crash: 120d, last: 14d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / vsnprintf (6) ext4 23 362d 442d 0/28 auto-obsoleted due to no activity on 2024/03/31 12:46
upstream KCSAN: data-race in data_push_tail / vsnprintf (4) ext4 4 695d 782d 0/28 auto-obsoleted due to no activity on 2023/05/03 19:58
upstream KCSAN: data-race in data_push_tail / vsnprintf (3) kernel 8 906d 1005d 0/28 auto-closed as invalid on 2022/10/04 16:48
upstream KCSAN: data-race in data_push_tail / vsnprintf (7) block batman 2 289d 316d 0/28 auto-obsoleted due to no activity on 2024/06/13 03:32
upstream KCSAN: data-race in data_push_tail / vsnprintf (2) ext4 1 1063d 1063d 0/28 auto-closed as invalid on 2022/05/01 03:50
upstream KCSAN: data-race in data_push_tail / vsnprintf (5) block net 2 605d 633d 0/28 closed as invalid on 2023/06/28 10:46
upstream KCSAN: data-race in data_push_tail / vsnprintf (8) ext4 bridge 4 190d 229d 0/28 auto-obsoleted due to no activity on 2024/09/19 07:21
upstream KCSAN: data-race in data_push_tail / vsnprintf usb 36 1127d 1440d 0/28 auto-closed as invalid on 2022/02/26 00:52

Sample crash report:
truncated
loop0: p225 size 108986237 extends beyond EOD, truncated
loop0: p226 size 108986237 extends beyond EOD, 
==================================================================
BUG: KCSAN: data-race in data_push_tail / vsnprintf

write to 0xffffffff88bf7090 of 1 bytes by task 5529 on cpu 0:
 vsnprintf+0x844/0x890
 vscnprintf+0x42/0x90 lib/vsprintf.c:2908
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
 vprintk_store+0x589/0x870 kernel/printk/printk.c:2336
 vprintk_emit+0x15e/0x680 kernel/printk/printk.c:2408
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2447
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x7a/0xa0 kernel/printk/printk.c:2457
 blk_add_partition block/partitions/core.c:549 [inline]
 blk_add_partitions block/partitions/core.c:633 [inline]
 bdev_disk_changed+0x87f/0xb90 block/partitions/core.c:693
 loop_reread_partitions drivers/block/loop.c:537 [inline]
 loop_set_status+0x37e/0x590 drivers/block/loop.c:1305
 lo_ioctl+0x81b/0x14d0
 blkdev_ioctl+0x359/0x450 block/ioctl.c:693
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xc9/0x140 fs/ioctl.c:892
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:892
 x64_sys_call+0x1690/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88bf7090 of 8 bytes by task 5461 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x85e/0xb60 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x558/0x870 kernel/printk/printk.c:2326
 vprintk_emit+0x15e/0x680 kernel/printk/printk.c:2408
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2447
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x7a/0xa0 kernel/printk/printk.c:2457
 blk_add_partition block/partitions/core.c:549 [inline]
 blk_add_partitions block/partitions/core.c:633 [inline]
 bdev_disk_changed+0x87f/0xb90 block/partitions/core.c:693
 loop_reread_partitions drivers/block/loop.c:537 [inline]
 loop_set_status+0x37e/0x590 drivers/block/loop.c:1305
 lo_ioctl+0x81b/0x14d0
 blkdev_ioctl+0x359/0x450 block/ioctl.c:693
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xc9/0x140 fs/ioctl.c:892
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:892
 x64_sys_call+0x1690/0x2dc0 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffec35 -> 0x6564657461636e75

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5461 Comm: syz.0.704 Not tainted 6.14.0-rc1-syzkaller-00081-gbb066fe812d6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
==================================================================
truncated
loop0: p227 size 108986237 extends beyond EOD, 
truncated
loop0: p228 size 108986237 extends beyond EOD, truncated
loop0: p229 size 108986237 extends beyond EOD, truncated
loop0: p230 size 108986237 extends beyond EOD, truncated
loop0: p231 size 108986237 extends beyond EOD, truncated
loop0: p232 size 108986237 extends beyond EOD, truncated
loop0: p233 size 108986237 extends beyond EOD, truncated
loop0: p234 size 108986237 extends beyond EOD, 
truncated
loop0: p235 size 108986237 extends beyond EOD, 
truncated
loop0: p236 size 108986237 extends beyond EOD, 
truncated
loop0: p237 size 108986237 extends beyond EOD, 
truncated
loop0: p238 size 108986237 extends beyond EOD, 
truncated
loop0: p239 size 108986237 extends beyond EOD, 
truncated
loop0: p240 size 108986237 extends beyond EOD, 
truncated
loop0: p241 size 108986237 extends beyond EOD, 
truncated
loop0: p242 size 108986237 extends beyond EOD, 
truncated
loop0: p243 size 108986237 extends beyond EOD, 
truncated
loop0: p244 size 108986237 extends beyond EOD, 
truncated
loop0: p245 size 108986237 extends beyond EOD, 
truncated
loop0: p246 size 108986237 extends beyond EOD, 
truncated
loop0: p247 size 108986237 extends beyond EOD, 
truncated
loop0: p248 size 108986237 extends beyond EOD, 
truncated
loop0: p249 size 108986237 extends beyond EOD, 
truncated
loop0: p250 size 108986237 extends beyond EOD, 
truncated
loop0: p251 size 108986237 extends beyond EOD, 
truncated
loop0: p252 size 108986237 extends beyond EOD, 
truncated
loop0: p253 size 108986237 extends beyond EOD, 
truncated
loop0: p254 size 108986237 extends beyond EOD, 
truncated
loop0: p255 size 108986237 extends beyond EOD, 
truncated

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/07 10:10 upstream bb066fe812d6 53657d1b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2025/01/27 01:00 upstream c2da8b3f914f 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2025/01/26 09:58 upstream aa22f4da2a46 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2025/01/18 04:08 upstream 595523945be0 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2025/01/16 15:08 upstream 619f0b6fad52 f9e07a6e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2025/01/06 06:31 upstream 9244696b34f2 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2025/01/05 16:50 upstream ab75170520d4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2024/12/25 13:59 upstream 9b2ffa6148b1 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2024/12/14 05:45 upstream 243f750a2df0 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2024/12/04 05:08 upstream ceb8bf2ceaa7 b50eb251 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2024/12/02 09:52 upstream f788b5ef1ca9 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2024/11/27 23:35 upstream 7d4050728c83 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2024/11/23 17:30 upstream 06afb0f36106 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
2024/10/24 08:22 upstream c2ee9f594da8 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / vsnprintf
* Struck through repros no longer work on HEAD.