syzbot

 sign-in | mailing list | source | docs
🐞 Open [1006] Subsystems 🐞 Fixed [5248] 🐞 Invalid [12552] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in data_push_tail / uuid_string (3)

Status: moderation: reported on 2024/04/19 03:21
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+ba73edaf029d68325e09@syzkaller.appspotmail.com
First crash: 13d, last: 13d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / uuid_string ext4 4 222d 300d 0/26 auto-obsoleted due to no activity on 2023/10/28 05:07
upstream KCSAN: data-race in data_push_tail / uuid_string (2) ext4 1 150d 146d 0/26 auto-obsoleted due to no activity on 2024/01/09 18:19

Sample crash report:
loop3: p1 size 108986237 extends beyond EOD, 
==================================================================
BUG: KCSAN: data-race in data_push_tail / uuid_string

write to 0xffffffff883ce06e of 1 bytes by task 11739 on cpu 0:
 string_nocheck lib/vsprintf.c:650 [inline]
 uuid_string+0x435/0x4b0 lib/vsprintf.c:1731
 pointer+0x3ee/0xd20 lib/vsprintf.c:2453
 vsnprintf+0x861/0xe30 lib/vsprintf.c:2828
 va_format lib/vsprintf.c:1683 [inline]
 pointer+0x8a1/0xd20 lib/vsprintf.c:2455
 vsnprintf+0x861/0xe30 lib/vsprintf.c:2828
 vscnprintf+0x42/0x90 lib/vsprintf.c:2930
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2165
 vprintk_store+0x570/0x810 kernel/printk/printk.c:2279
 vprintk_emit+0x10c/0x5e0 kernel/printk/printk.c:2329
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2363
 vprintk+0x75/0x80 kernel/printk/printk_safe.c:45
 _printk+0x7a/0xa0 kernel/printk/printk.c:2373
 __ext4_msg+0x18e/0x1a0 fs/ext4/super.c:1006
 ext4_fill_super+0x1a1e/0x39d0 fs/ext4/super.c:5714
 get_tree_bdev+0x253/0x2e0 fs/super.c:1614
 ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5731
 vfs_get_tree+0x56/0x1d0 fs/super.c:1779
 do_new_mount+0x227/0x690 fs/namespace.c:3352
 path_mount+0x49b/0xb30 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount+0x27f/0x2d0 fs/namespace.c:3875
 __x64_sys_mount+0x67/0x80 fs/namespace.c:3875
 x64_sys_call+0x2591/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff883ce068 of 8 bytes by task 11719 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x85e/0xb60 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x53f/0x810 kernel/printk/printk.c:2269
 vprintk_emit+0x10c/0x5e0 kernel/printk/printk.c:2329
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2363
 vprintk+0x75/0x80 kernel/printk/printk_safe.c:45
 _printk+0x7a/0xa0 kernel/printk/printk.c:2373
 blk_add_partition block/partitions/core.c:541 [inline]
 blk_add_partitions block/partitions/core.c:626 [inline]
 bdev_disk_changed+0x888/0xbe0 block/partitions/core.c:686
 loop_reread_partitions drivers/block/loop.c:514 [inline]
 loop_set_status+0x4ab/0x550 drivers/block/loop.c:1316
 lo_ioctl+0x892/0x1330
 blkdev_ioctl+0x37f/0x470 block/ioctl.c:641
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:904 [inline]
 __se_sys_ioctl+0xd3/0x150 fs/ioctl.c:890
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:890
 x64_sys_call+0x155d/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffe6bf -> 0x0000206d65747379

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 11719 Comm: syz-executor.3 Not tainted 6.9.0-rc4-syzkaller-00113-g2668e3ae2ef3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================
truncated
loop3: p2 size 520093696 extends beyond EOD, 
truncated
loop3: p5 size 108986237 extends beyond EOD, 
truncated
loop3: p6 size 520093696 extends beyond EOD, 
truncated
loop3: p7 size 108986237 extends beyond EOD, 
truncated
loop3: p8 size 520093696 extends beyond EOD, 
truncated
loop3: p9 size 108986237 extends beyond EOD, truncated
loop3: p10 size 520093696 extends beyond EOD, truncated
loop3: p11 size 108986237 extends beyond EOD, truncated
loop3: p12 size 520093696 extends beyond EOD, truncated
loop3: p13 size 108986237 extends beyond EOD, truncated
loop3: p14 size 520093696 extends beyond EOD, truncated
loop3: p15 size 108986237 extends beyond EOD, truncated
loop3: p16 size 520093696 extends beyond EOD, truncated
loop3: p17 size 108986237 extends beyond EOD, truncated
loop3: p18 size 520093696 extends beyond EOD, truncated
loop3: p19 size 108986237 extends beyond EOD, truncated
loop3: p20 size 520093696 extends beyond EOD, truncated
loop3: p21 size 108986237 extends beyond EOD, truncated
loop3: p22 size 520093696 extends beyond EOD, truncated
loop3: p23 size 108986237 extends beyond EOD, truncated
loop3: p24 size 520093696 extends beyond EOD, truncated
loop3: p25 size 108986237 extends beyond EOD, truncated
loop3: p26 size 520093696 extends beyond EOD, truncated
loop3: p27 size 108986237 extends beyond EOD, truncated
loop3: p28 size 520093696 extends beyond EOD, truncated
loop3: p29 size 108986237 extends beyond EOD, truncated
loop3: p30 size 520093696 extends beyond EOD, truncated
loop3: p31 size 108986237 extends beyond EOD, truncated
loop3: p32 size 520093696 extends beyond EOD, truncated
loop3: p33 size 108986237 extends beyond EOD, truncated
loop3: p34 size 520093696 extends beyond EOD, truncated
loop3: p35 size 108986237 extends beyond EOD, truncated
loop3: p36 size 520093696 extends beyond EOD, truncated
loop3: p37 size 108986237 extends beyond EOD, truncated
loop3: p38 size 520093696 extends beyond EOD, truncated
loop3: p39 size 108986237 extends beyond EOD, truncated
loop3: p40 size 520093696 extends beyond EOD, truncated
loop3: p41 size 108986237 extends beyond EOD, truncated
loop3: p42 size 520093696 extends beyond EOD, truncated
loop3: p43 size 108986237 extends beyond EOD, truncated
loop3: p44 size 520093696 extends beyond EOD, truncated
loop3: p45 size 108986237 extends beyond EOD, truncated
loop3: p46 size 520093696 extends beyond EOD, truncated
loop3: p47 size 108986237 extends beyond EOD, truncated
loop3: p48 size 520093696 extends beyond EOD, truncated
loop3: p49 size 108986237 extends beyond EOD, truncated
loop3: p50 size 520093696 extends beyond EOD, truncated
loop3: p51 size 108986237 extends beyond EOD, truncated
loop3: p52 size 520093696 extends beyond EOD, truncated
loop3: p53 size 108986237 extends beyond EOD, truncated
loop3: p54 size 520093696 extends beyond EOD, truncated
loop3: p55 size 108986237 extends beyond EOD, truncated
loop3: p56 size 520093696 extends beyond EOD, truncated
loop3: p57 size 108986237 extends beyond EOD, truncated
loop3: p58 size 520093696 extends beyond EOD, truncated
loop3: p59 size 108986237 extends beyond EOD, truncated
loop3: p60 size 520093696 extends beyond EOD, truncated
loop3: p61 size 108986237 extends beyond EOD, truncated
loop3: p62 size 520093696 extends beyond EOD, truncated
loop3: p63 size 108986237 extends beyond EOD, truncated
loop3: p64 size 520093696 extends beyond EOD, truncated
loop3: p65 size 108986237 extends beyond EOD, truncated
loop3: p66 size 520093696 extends beyond EOD, truncated
loop3: p67 size 108986237 extends beyond EOD, truncated
loop3: p68 size 520093696 extends beyond EOD, truncated
loop3: p69 size 108986237 extends beyond EOD, truncated
loop3: p70 size 520093696 extends beyond EOD, truncated
loop3: p71 size 108986237 extends beyond EOD, truncated
loop3: p72 size 520093696 extends beyond EOD, truncated
loop3: p73 size 108986237 extends beyond EOD, truncated
loop3: p74 size 520093696 extends beyond EOD, truncated
loop3: p75 size 108986237 extends beyond EOD, truncated
loop3: p76 size 520093696 extends beyond EOD, truncated
loop3: p77 size 108986237 extends beyond EOD, truncated
loop3: p78 size 520093696 extends beyond EOD, truncated
loop3: p79 size 108986237 extends beyond EOD, truncated
loop3: p80 size 520093696 extends beyond EOD, truncated
loop3: p81 size 108986237 extends beyond EOD, truncated
loop3: p82 size 520093696 extends beyond EOD, truncated
loop3: p83 size 108986237 extends beyond EOD, truncated
loop3: p84 size 520093696 extends beyond EOD, truncated
loop3: p85 size 108986237 extends beyond EOD, truncated
loop3: p86 size 520093696 extends beyond EOD, truncated
loop3: p87 size 108986237 extends beyond EOD, truncated
loop3: p88 size 520093696 extends beyond EOD, truncated
loop3: p89 size 108986237 extends beyond EOD, truncated
loop3: p90 size 520093696 extends beyond EOD, truncated
loop3: p91 size 108986237 extends beyond EOD, truncated
loop3: p92 size 520093696 extends beyond EOD, truncated
loop3: p93 size 108986237 extends beyond EOD, truncated
loop3: p94 size 520093696 extends beyond EOD, truncated
loop3: p95 size 108986237 extends beyond EOD, truncated
loop3: p96 size 520093696 extends beyond EOD, truncated
loop3: p97 size 108986237 extends beyond EOD, truncated
loop3: p98 size 520093696 extends beyond EOD, truncated
loop3: p99 size 108986237 extends beyond EOD, truncated
loop3: p100 size 520093696 extends beyond EOD, truncated
loop3: p101 size 108986237 extends beyond EOD, truncated
loop3: p102 size 520093696 extends beyond EOD, truncated
loop3: p103 size 108986237 extends beyond EOD, truncated
loop3: p104 size 520093696 extends beyond EOD, truncated
loop3: p105 size 108986237 extends beyond EOD, truncated
loop3: p106 size 520093696 extends beyond EOD, truncated
loop3: p107 size 108986237 extends beyond EOD, truncated
loop3: p108 size 520093696 extends beyond EOD, truncated
loop3: p109 size 108986237 extends beyond EOD, truncated
loop3: p110 size 520093696 extends beyond EOD, truncated
loop3: p111 size 108986237 extends beyond EOD, truncated
loop3: p112 size 520093696 extends beyond EOD, truncated
loop3: p113 size 108986237 extends beyond EOD, truncated
loop3: p114 size 520093696 extends beyond EOD, truncated
loop3: p115 size 108986237 extends beyond EOD, truncated
loop3: p116 size 520093696 extends beyond EOD, truncated
loop3: p117 size 108986237 extends beyond EOD, truncated
loop3: p118 size 520093696 extends beyond EOD, truncated
loop3: p119 size 108986237 extends beyond EOD, truncated
loop3: p120 size 520093696 extends beyond EOD, truncated
loop3: p121 size 108986237 extends beyond EOD, truncated
loop3: p122 size 520093696 extends beyond EOD, truncated
loop3: p123 size 108986237 extends beyond EOD, truncated
loop3: p124 size 520093696 extends beyond EOD, truncated
loop3: p125 size 108986237 extends beyond EOD, truncated
loop3: p126 size 520093696 extends beyond EOD, truncated
loop3: p127 size 108986237 extends beyond EOD, truncated
loop3: p128 size 520093696 extends beyond EOD, truncated
loop3: p129 size 108986237 extends beyond EOD, truncated
loop3: p130 size 520093696 extends beyond EOD, truncated
loop3: p131 size 108986237 extends beyond EOD, truncated
loop3: p132 size 520093696 extends beyond EOD, truncated
loop3: p133 size 108986237 extends beyond EOD, truncated
loop3: p134 size 520093696 extends beyond EOD, truncated
loop3: p135 size 108986237 extends beyond EOD, truncated
loop3: p136 size 520093696 extends beyond EOD, truncated
loop3: p137 size 108986237 extends beyond EOD, truncated
loop3: p138 size 520093696 extends beyond EOD, truncated
loop3: p139 size 108986237 extends beyond EOD, truncated
loop3: p140 size 520093696 extends beyond EOD, truncated
loop3: p141 size 108986237 extends beyond EOD, truncated
loop3: p142 size 520093696 extends beyond EOD, truncated
loop3: p143 size 108986237 extends beyond EOD, truncated
loop3: p144 size 520093696 extends beyond EOD, truncated
loop3: p145 size 108986237 extends beyond EOD, truncated
loop3: p146 size 520093696 extends beyond EOD, truncated
loop3: p147 size 108986237 extends beyond EOD, truncated
loop3: p148 size 520093696 extends beyond EOD, truncated
loop3: p149 size 108986237 extends beyond EOD, truncated
loop3: p150 size 520093696 extends beyond EOD, truncated
loop3: p151 size 108986237 extends beyond EOD, truncated
loop3: p152 size 520093696 extends beyond EOD, truncated
loop3: p153 size 108986237 extends beyond EOD, truncated
loop3: p154 size 520093696 extends beyond EOD, truncated
loop3: p155 size 108986237 extends beyond EOD, truncated
loop3: p156 size 520093696 extends beyond EOD, truncated
loop3: p157 size 108986237 extends beyond EOD, truncated
loop3: p158 size 520093696 extends beyond EOD, truncated
loop3: p159 size 108986237 extends beyond EOD, truncated
loop3: p160 size 520093696 extends beyond EOD, truncated
loop3: p161 size 108986237 extends beyond EOD, truncated
loop3: p162 size 520093696 extends beyond EOD, truncated
loop3: p163 size 108986237 extends beyond EOD, truncated
loop3: p164 size 520093696 extends beyond EOD, truncated
loop3: p165 size 108986237 extends beyond EOD, truncated
loop3: p166 size 520093696 extends beyond EOD, truncated
loop3: p167 size 108986237 extends beyond EOD, truncated
loop3: p168 size 520093696 extends beyond EOD, truncated
loop3: p169 size 108986237 extends beyond EOD, truncated
loop3: p170 size 520093696 extends beyond EOD, truncated
loop3: p171 size 108986237 extends beyond EOD, truncated
loop3: p172 size 520093696 extends beyond EOD, truncated
loop3: p173 size 108986237 extends beyond EOD, truncated
loop3: p174 size 520093696 extends beyond EOD, truncated
loop3: p175 size 108986237 extends beyond EOD, truncated
loop3: p176 size 520093696 extends beyond EOD, truncated
loop3: p177 size 108986237 extends beyond EOD, truncated
loop3: p178 size 520093696 extends beyond EOD, truncated
loop3: p179 size 108986237 extends beyond EOD, truncated
loop3: p180 size 520093696 extends beyond EOD, truncated
loop3: p181 size 108986237 extends beyond EOD, truncated
loop3: p182 size 520093696 extends beyond EOD, truncated
loop3: p183 size 108986237 extends beyond EOD, truncated
loop3: p184 size 520093696 extends beyond EOD, truncated
loop3: p185 size 108986237 extends beyond EOD, truncated
loop3: p186 size 520093696 extends beyond EOD, truncated
loop3: p187 size 108986237 extends beyond EOD, truncated
loop3: p188 size 520093696 extends beyond EOD, truncated
loop3: p189 size 108986237 extends beyond EOD, truncated
loop3: p190 size 520093696 extends beyond EOD, truncated
loop3: p191 size 108986237 extends beyond EOD, truncated
loop3: p192 size 520093696 extends beyond EOD, truncated
loop3: p193 size 108986237 extends beyond EOD, truncated
loop3: p194 size 520093696 extends beyond EOD, truncated
loop3: p195 size 108986237 extends beyond EOD, truncated
loop3: p196 size 520093696 extends beyond EOD, truncated
loop3: p197 size 108986237 extends beyond EOD, truncated
loop3: p198 size 520093696 extends beyond EOD, truncated
loop3: p199 size 108986237 extends beyond EOD, truncated
loop3: p200 size 520093696 extends beyond EOD, truncated
loop3: p201 size 108986237 extends beyond EOD, truncated
loop3: p202 size 520093696 extends beyond EOD, truncated
loop3: p203 size 108986237 extends beyond EOD, truncated
loop3: p204 size 520093696 extends beyond EOD, truncated
loop3: p205 size 108986237 extends beyond EOD, truncated
loop3: p206 size 520093696 extends beyond EOD, truncated
loop3: p207 size 108986237 extends beyond EOD, truncated
loop3: p208 size 520093696 extends beyond EOD, truncated
loop3: p209 size 108986237 extends beyond EOD, truncated
loop3: p210 size 520093696 extends beyond EOD, truncated
loop3: p211 size 108986237 extends beyond EOD, truncated
loop3: p212 size 520093696 extends beyond EOD, truncated
loop3: p213 size 108986237 extends beyond EOD, truncated
loop3: p214 size 520093696 extends beyond EOD, truncated
loop3: p215 size 108986237 extends beyond EOD, truncated
loop3: p216 size 520093696 extends beyond EOD, truncated
loop3: p217 size 108986237 extends beyond EOD, truncated
loop3: p218 size 520093696 extends beyond EOD, truncated
loop3: p219 size 108986237 extends beyond EOD, truncated
loop3: p220 size 520093696 extends beyond EOD, truncated
loop3: p221 size 108986237 extends beyond EOD, truncated
loop3: p222 size 520093696 extends beyond EOD, truncated
loop3: p223 size 108986237 extends beyond EOD, truncated
loop3: p224 size 520093696 extends beyond EOD, truncated
loop3: p225 size 108986237 extends beyond EOD, truncated
loop3: p226 size 520093696 extends beyond EOD, truncated
loop3: p227 size 108986237 extends beyond EOD, truncated
loop3: p228 size 520093696 extends beyond EOD, truncated
loop3: p229 size 108986237 extends beyond EOD, truncated
loop3: p230 size 520093696 extends beyond EOD, truncated
loop3: p231 size 108986237 extends beyond EOD, truncated
loop3: p232 size 520093696 extends beyond EOD, truncated
loop3: p233 size 108986237 extends beyond EOD, truncated
loop3: p234 size 520093696 extends beyond EOD, truncated
loop3: p235 size 108986237 extends beyond EOD, truncated
loop3: p236 size 520093696 extends beyond EOD, truncated
loop3: p237 size 108986237 extends beyond EOD, truncated
loop3: p238 size 520093696 extends beyond EOD, truncated
loop3: p239 size 108986237 extends beyond EOD, truncated
loop3: p240 size 520093696 extends beyond EOD, truncated
loop3: p241 size 108986237 extends beyond EOD, truncated
loop3: p242 size 520093696 extends beyond EOD, truncated
loop3: p243 size 108986237 extends beyond EOD, truncated
loop3: p244 size 520093696 extends beyond EOD, truncated
loop3: p245 size 108986237 extends beyond EOD, truncated
loop3: p246 size 520093696 extends beyond EOD, truncated
loop3: p247 size 108986237 extends beyond EOD, truncated
loop3: p248 size 520093696 extends beyond EOD, truncated
loop3: p249 size 108986237 extends beyond EOD, truncated
loop3: p250 size 520093696 extends beyond EOD, truncated
loop3: p251 size 108986237 extends beyond EOD, truncated
loop3: p252 size 520093696 extends beyond EOD, truncated
loop3: p253 size 108986237 extends beyond EOD, truncated
loop3: p254 size 520093696 extends beyond EOD, truncated
loop3: p255 size 108986237 extends beyond EOD, truncated

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/19 03:20 upstream 2668e3ae2ef3 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / uuid_string
* Struck through repros no longer work on HEAD.