syzbot

 sign-in | mailing list | source | docs
🞠Open [1231]
≡ Subsystems
🞠Fixed [5633]
🞠Invalid [13693]
⬇ Missing Backports [99]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in data_alloc / data_push_tail (3)

Status: moderation: reported on 2024/09/08 06:11
Subsystems: audit
[Documentation on labels]
Reported-by: syzbot+faa791a3223590f7f155@syzkaller.appspotmail.com
First crash: 10d, last: 1d02h
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_alloc / data_push_tail (2) batman 44 56d 199d 0/28 auto-obsoleted due to no activity on 2024/08/28 06:32
upstream KCSAN: data-race in data_alloc / data_push_tail ext4 94 510d 973d 0/28 auto-obsoleted due to no activity on 2023/05/31 17:30

Sample crash report:
netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
==================================================================
BUG: KCSAN: data-race in data_alloc / data_push_tail

write to 0xffffffff88b9fb60 of 8 bytes by task 8398 on cpu 1:
 data_alloc+0x216/0x2c0 kernel/printk/printk_ringbuffer.c:1082
 prb_reserve+0x85e/0xb60 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x53f/0x810 kernel/printk/printk.c:2269
 vprintk_emit+0x13a/0x610 kernel/printk/printk.c:2329
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2363
 vprintk+0x75/0x80 kernel/printk/printk_safe.c:45
 _printk+0x7a/0xa0 kernel/printk/printk.c:2373
 set_capacity_and_notify+0xff/0x160 block/genhd.c:86
 loop_set_size+0x2e/0x70 drivers/block/loop.c:232
 loop_configure+0x8a7/0xa30 drivers/block/loop.c:1102
 lo_ioctl+0x5f6/0x11c0
 blkdev_ioctl+0x359/0x450 block/ioctl.c:693
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xcd/0x140 fs/ioctl.c:893
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:893
 x64_sys_call+0x15cc/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:17
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88b9fb60 of 8 bytes by task 6180 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x85e/0xb60 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x53f/0x810 kernel/printk/printk.c:2269
 vprintk_emit+0x13a/0x610 kernel/printk/printk.c:2329
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2363
 vprintk+0x75/0x80 kernel/printk/printk_safe.c:45
 _printk+0x7a/0xa0 kernel/printk/printk.c:2373
 __netdev_printk+0x2d1/0x3e0 net/core/dev.c:11817
 netdev_info+0x99/0xc0 net/core/dev.c:11864
 __bond_release_one+0x349/0xa00 drivers/net/bonding/bond_main.c:2530
 bond_uninit+0x1b3/0x320 drivers/net/bonding/bond_main.c:6044
 unregister_netdevice_many_notify+0xc9d/0x11b0 net/core/dev.c:11421
 unregister_netdevice_many+0x19/0x20 net/core/dev.c:11461
 cleanup_net+0x411/0x810 net/core/net_namespace.c:621
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3312
 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3393
 kthread+0x1d1/0x210 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

value changed: 0x00000000ffffeb81 -> 0x00000000fffff74a

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 6180 Comm: kworker/u8:11 Tainted: G        W          6.11.0-syzkaller-02574-ga430d95c5efa #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: netns cleanup_net
==================================================================
bond0 (unregistering): Released all slaves
hsr_slave_0: left promiscuous mode
1·: left promiscuous mode
veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/17 10:28 upstream a430d95c5efa c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/08 06:10 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
* Struck through repros no longer work on HEAD.