syzbot


KCSAN: data-race in data_push_tail / hex_string (3)

Status: moderation: reported on 2025/04/09 16:05
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+b8f5619e254504ea69c3@syzkaller.appspotmail.com
First crash: 14d, last: 14d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / hex_string kernel 1 1370d 1370d 0/28 auto-closed as invalid on 2021/08/27 18:21
upstream KCSAN: data-race in data_push_tail / hex_string (2) kernel 1 495d 495d 0/28 auto-obsoleted due to no activity on 2024/01/19 21:50

Sample crash report:
==================================================================
BUG: KCSAN: data-race in data_push_tail / hex_string

write to 0xffffffff88e643f8 of 1 bytes by task 9969 on cpu 0:
 hex_string+0x2d2/0x330 lib/vsprintf.c:1214
 pointer+0x300/0xcf0 lib/vsprintf.c:2446
 vsnprintf+0x48f/0x8a0 lib/vsprintf.c:2856
 vscnprintf+0x42/0x90 lib/vsprintf.c:2917
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
 vprintk_store+0x583/0x860 kernel/printk/printk.c:2336
 vprintk_emit+0x1a0/0x6c0 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x7f/0xb0 kernel/printk/printk.c:2475
 show_opcodes+0x100/0x120 arch/x86/kernel/dumpstack.c:123
 show_ip arch/x86/kernel/dumpstack.c:144 [inline]
 show_iret_regs+0x32/0x60 arch/x86/kernel/dumpstack.c:149
 __show_regs+0x2b/0x450 arch/x86/kernel/process_64.c:76
 show_trace_log_lvl+0x2c1/0x3d0 arch/x86/kernel/dumpstack.c:300
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0xf6/0x150 lib/dump_stack.c:120
 dump_stack+0x15/0x1a lib/dump_stack.c:129
 fail_dump lib/fault-inject.c:73 [inline]
 should_fail_ex+0x261/0x270 lib/fault-inject.c:174
 should_failslab+0x8f/0xb0 mm/failslab.c:46
 slab_pre_alloc_hook mm/slub.c:4104 [inline]
 slab_alloc_node mm/slub.c:4180 [inline]
 __do_kmalloc_node mm/slub.c:4330 [inline]
 __kmalloc_node_track_caller_noprof+0xaa/0x410 mm/slub.c:4350
 kmemdup_noprof+0x2b/0x70 mm/util.c:137
 _Z14kmemdup_noprofPKvU25pass_dynamic_object_size0mj include/linux/fortify-string.h:765 [inline]
 sidtab_sid2str_get+0xb8/0x140 security/selinux/ss/sidtab.c:625
 sidtab_entry_to_string security/selinux/ss/services.c:1296 [inline]
 security_sid_to_context_core+0x1eb/0x2f0 security/selinux/ss/services.c:1399
 security_sid_to_context+0x27/0x30 security/selinux/ss/services.c:1420
 selinux_secid_to_secctx security/selinux/hooks.c:6695 [inline]
 selinux_lsmprop_to_secctx+0x6c/0xf0 security/selinux/hooks.c:6709
 security_lsmprop_to_secctx+0x40/0x80 security/security.c:4343
 audit_log_task_context+0x7a/0x180 kernel/audit.c:2190
 audit_log_task+0xfb/0x250 kernel/auditsc.c:2954
 audit_seccomp+0x68/0x130 kernel/auditsc.c:3004
 seccomp_log kernel/seccomp.c:1033 [inline]
 __seccomp_filter+0x694/0x10e0 kernel/seccomp.c:1328
 __secure_computing+0x7e/0x160 kernel/seccomp.c:1388
 syscall_trace_enter+0xcf/0x1f0 kernel/entry/common.c:52
 syscall_enter_from_user_mode_work include/linux/entry-common.h:169 [inline]
 syscall_enter_from_user_mode include/linux/entry-common.h:199 [inline]
 do_syscall_64+0xaa/0x1c0 arch/x86/entry/syscall_64.c:90
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e643f8 of 8 bytes by task 9972 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0x107/0x440 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbd/0x2c0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x86a/0xb80 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x552/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x1a0/0x6c0 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x7f/0xb0 kernel/printk/printk.c:2475
 __netdev_printk+0x2d1/0x3e0 net/core/dev.c:12409
 netdev_info+0x9e/0xd0 net/core/dev.c:12456
 netif_set_allmulti+0x15f/0x250 net/core/dev.c:9252
 __dev_change_flags+0x32b/0x410 net/core/dev.c:9395
 rtnl_configure_link net/core/rtnetlink.c:3588 [inline]
 rtnl_newlink_create+0x36a/0x640 net/core/rtnetlink.c:3843
 __rtnl_newlink net/core/rtnetlink.c:3950 [inline]
 rtnl_newlink+0xf38/0x12d0 net/core/rtnetlink.c:4065
 rtnetlink_rcv_msg+0x65a/0x740 net/core/rtnetlink.c:6955
 netlink_rcv_skb+0x12f/0x230 net/netlink/af_netlink.c:2534
 rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6982
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x605/0x6c0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x609/0x720 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x140/0x180 net/socket.c:727
 ____sys_sendmsg+0x350/0x4e0 net/socket.c:2566
 ___sys_sendmsg net/socket.c:2620 [inline]
 __sys_sendmsg+0x1a0/0x240 net/socket.c:2652
 __do_sys_sendmsg net/socket.c:2657 [inline]
 __se_sys_sendmsg net/socket.c:2655 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2655
 x64_sys_call+0x26f3/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffe8f5 -> 0x3620336320666620

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9972 Comm: syz.0.1845 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/09 16:05 upstream a24588245776 47d015b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / hex_string
* Struck through repros no longer work on HEAD.