syzbot


KCSAN: data-race in data_push_tail / number (4)

Status: moderation: reported on 2023/12/09 00:05
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+eeb6cc68c766a7407715@syzkaller.appspotmail.com
First crash: 252d, last: 2d09h
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / number (2) audit 46 423d 758d 0/26 auto-obsoleted due to no activity on 2023/02/11 10:05
upstream KCSAN: data-race in data_push_tail / number (3) ext4 15 299d 384d 0/26 auto-obsoleted due to no activity on 2023/06/10 22:29
upstream KCSAN: data-race in data_push_tail / number ext4 87 795d 936d 0/26 auto-closed as invalid on 2022/01/31 12:18

Sample crash report:
CPU: 1 PID: 21334 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00021-gcf1182944c7c #0
==================================================================
BUG: KCSAN: data-race in data_push_tail / number

write to 0xffffffff8710668b of 1 bytes by task 21330 on cpu 0:
 number+0x7d0/0xa90 lib/vsprintf.c:564
 vsnprintf+0xa44/0xe30 lib/vsprintf.c:2890
 vscnprintf+0x42/0x80 lib/vsprintf.c:2930
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2124
 vprintk_store+0x56f/0x800 kernel/printk/printk.c:2238
 vprintk_emit+0xd0/0x5d0 kernel/printk/printk.c:2284
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2318
 vprintk+0x71/0x80 kernel/printk/printk_safe.c:45
 _printk+0x7a/0xa0 kernel/printk/printk.c:2328
 br_set_state+0x2e2/0x390 net/bridge/br_stp.c:54
 br_make_forwarding+0xbc/0x150 net/bridge/br_stp.c:455
 br_port_state_selection+0x115/0x310
 br_set_port_state net/bridge/br_netlink.c:924 [inline]
 br_setport+0xc38/0xc50 net/bridge/br_netlink.c:1014
 br_setlink+0x314/0x450 net/bridge/br_netlink.c:1117
 rtnl_bridge_setlink+0x34a/0x480 net/core/rtnetlink.c:5216
 rtnetlink_rcv_msg+0x80a/0x8c0 net/core/rtnetlink.c:6618
 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2543
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6636
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x589/0x660 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x37c/0x4d0 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x1e9/0x270 net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

read to 0xffffffff87106688 of 8 bytes by task 21334 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:590 [inline]
 data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:675
 data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1046
 prb_reserve+0x897/0xbc0 kernel/printk/printk_ringbuffer.c:1555
 vprintk_store+0x53e/0x800 kernel/printk/printk.c:2228
 vprintk_emit+0xd0/0x5d0 kernel/printk/printk.c:2284
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2318
 vprintk+0x71/0x80 kernel/printk/printk_safe.c:45
 _printk+0x7a/0xa0 kernel/printk/printk.c:2328
 dump_stack_print_info+0xb4/0x120 lib/dump_stack.c:57
 __dump_stack lib/dump_stack.c:87 [inline]
 dump_stack_lvl+0xce/0x130 lib/dump_stack.c:106
 dump_stack+0x15/0x20 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:52 [inline]
 should_fail_ex+0x21f/0x230 lib/fault-inject.c:153
 should_fail+0xb/0x10 lib/fault-inject.c:163
 should_fail_usercopy+0x1a/0x20 lib/fault-inject-usercopy.c:37
 _copy_from_user+0x1e/0xd0 lib/usercopy.c:15
 copy_from_user include/linux/uaccess.h:183 [inline]
 copy_msghdr_from_user+0x54/0x2a0 net/socket.c:2514
 sendmsg_copy_msghdr net/socket.c:2615 [inline]
 ___sys_sendmsg net/socket.c:2634 [inline]
 __sys_sendmsg+0x17d/0x270 net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

value changed: 0x00000001000058a1 -> 0x0000000100207472

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 21334 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00021-gcf1182944c7c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
==================================================================
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xda/0x130 lib/dump_stack.c:106
 dump_stack+0x15/0x20 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:52 [inline]
 should_fail_ex+0x21f/0x230 lib/fault-inject.c:153
 should_fail+0xb/0x10 lib/fault-inject.c:163
 should_fail_usercopy+0x1a/0x20 lib/fault-inject-usercopy.c:37
 _copy_from_user+0x1e/0xd0 lib/usercopy.c:15
 copy_from_user include/linux/uaccess.h:183 [inline]
 copy_msghdr_from_user+0x54/0x2a0 net/socket.c:2514
 sendmsg_copy_msghdr net/socket.c:2615 [inline]
 ___sys_sendmsg net/socket.c:2634 [inline]
 __sys_sendmsg+0x17d/0x270 net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fd6b9b64da9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd6b8ee60c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fd6b9c92f80 RCX: 00007fd6b9b64da9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 00007fd6b8ee6120 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 000000000000000b R14: 00007fd6b9c92f80 R15: 00007ffd22e77968
 </TASK>

Crashes (43):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/02/28 09:06 upstream cf1182944c7c d367cbe5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2024/02/18 17:53 upstream c02197fc9076 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2024/02/17 15:00 upstream c1ca10ceffbb 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2024/02/07 18:28 upstream 6d280f4d760e 6404acf9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2024/01/16 15:23 upstream 052d534373b7 2a7bcc7f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2024/01/12 02:24 upstream 3e7aeb78ab01 dda5a988 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2024/01/08 03:17 upstream 0dd3ee311255 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2024/01/06 10:03 upstream a4ab2706bb12 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/12/30 06:09 upstream f016f7547aee fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/12/22 22:06 upstream 24e0d2e527a3 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/12/19 06:16 upstream 2cf4f94d8e86 924661f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/30 07:04 upstream 3b47bc037bd4 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/27 00:16 upstream d2da77f431ac 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/19 04:48 upstream 23dfa043f6d5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/12 12:00 upstream 1b907d050735 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/11 04:04 upstream ac347a0655db d80eec66 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/10 03:29 upstream 4bbdb725a36b 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/07 16:56 upstream be3ca57cfb77 83211397 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/05 05:59 upstream aea6bf908d73 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/11/02 09:15 upstream babe393974de 69904c9f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/10/29 07:47 upstream 2af9b20dbb39 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/10/27 18:03 upstream 750b95887e56 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/10/14 19:06 upstream 70f8c6f8f880 f757a323 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/09/30 22:19 upstream 3b517966c561 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/09/25 21:45 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/09/25 09:08 upstream 8a511e7efc5a 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/09/18 04:33 upstream ce9ecca0238b 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/09/02 14:47 upstream 0468be89b3fa 696ea0d2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/08/31 05:11 upstream ef2a0b7cdbc5 84803932 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/08/29 02:04 upstream 727dbda16b83 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/08/27 00:09 upstream 3b35375f19fe 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/08/18 08:58 upstream 0e8860d2125f 74b106b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/08/08 17:41 upstream 14f9643dc90a 9552ae77 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/08/04 19:26 upstream c1a515d3c027 cdae481e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/07/29 19:12 upstream ffabf7c73176 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/07/26 13:44 upstream 18b44bc5a672 2a509c27 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/07/22 23:29 upstream 295e1388de2d 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/07/21 13:40 upstream 57f1f9dd3abe 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/07/17 11:27 upstream fdf0eaf11452 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/07/17 06:14 upstream 20edcec23f92 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/07/10 10:14 upstream 06c2afb862f9 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/06/26 23:45 upstream c0a572d9d32f 4cd5bb25 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
2023/06/23 14:59 upstream 8a28a0b6f1a1 79782afc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / number
* Struck through repros no longer work on HEAD.