syzbot

 sign-in | mailing list | source | docs
🐞 Open [1593]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15777]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in data_alloc / data_push_tail (3)

Status: moderation: reported on 2024/09/08 06:11
Subsystems: block
[Documentation on labels]
Reported-by: syzbot+faa791a3223590f7f155@syzkaller.appspotmail.com
First crash: 250d, last: 15d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_alloc / data_push_tail (2) batman 44 296d 440d 0/28 auto-obsoleted due to no activity on 2024/08/28 06:32
upstream KCSAN: data-race in data_alloc / data_push_tail ext4 94 751d 1214d 0/28 auto-obsoleted due to no activity on 2023/05/31 17:30

Sample crash report:
BUG: KCSAN: data-race in data_alloc / data_push_tail

write to 0xffffffff88e1d5f8 of 8 bytes by task 10316 on cpu 0:
 data_alloc+0x203/0x2b0 kernel/printk/printk_ringbuffer.c:1082
 prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
 show_trace_log_lvl+0x4e3/0x560 arch/x86/kernel/dumpstack.c:284
 __dump_stack+0x1d/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
 dump_stack+0x15/0x1b lib/dump_stack.c:129
 fail_dump lib/fault-inject.c:73 [inline]
 should_fail_ex+0x265/0x280 lib/fault-inject.c:174
 should_failslab+0x8c/0xb0 mm/failslab.c:46
 slab_pre_alloc_hook mm/slub.c:4114 [inline]
 slab_alloc_node mm/slub.c:4190 [inline]
 __do_kmalloc_node mm/slub.c:4340 [inline]
 __kmalloc_node_track_caller_noprof+0xa4/0x410 mm/slub.c:4360
 kmemdup_noprof+0x2b/0x70 mm/util.c:137
 _Z14kmemdup_noprofPKvU25pass_dynamic_object_size0mj include/linux/fortify-string.h:765 [inline]
 sidtab_sid2str_get+0xa0/0x130 security/selinux/ss/sidtab.c:625
 sidtab_entry_to_string security/selinux/ss/services.c:1296 [inline]
 security_sid_to_context_core+0x1eb/0x2e0 security/selinux/ss/services.c:1399
 security_sid_to_context+0x27/0x40 security/selinux/ss/services.c:1420
 selinux_secid_to_secctx security/selinux/hooks.c:6695 [inline]
 selinux_lsmprop_to_secctx+0x67/0xf0 security/selinux/hooks.c:6709
 security_lsmprop_to_secctx+0x43/0x80 security/security.c:4343
 audit_log_task_context+0x77/0x190 kernel/audit.c:2190
 audit_log_task+0xf4/0x250 kernel/auditsc.c:2954
 audit_seccomp+0x61/0x100 kernel/auditsc.c:3004
 seccomp_log kernel/seccomp.c:1033 [inline]
 __seccomp_filter+0x69d/0x10d0 kernel/seccomp.c:1328
 __secure_computing+0x82/0x150 kernel/seccomp.c:1388
 syscall_trace_enter+0xcf/0x1e0 kernel/entry/common.c:52
 syscall_enter_from_user_mode_work include/linux/entry-common.h:169 [inline]
 syscall_enter_from_user_mode include/linux/entry-common.h:199 [inline]
 do_syscall_64+0xaa/0x1a0 arch/x86/entry/syscall_64.c:90
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88e1d5f8 of 8 bytes by task 10305 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbf/0x2b0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
 vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
 vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
 _printk+0x79/0xa0 kernel/printk/printk.c:2475
 __ext4_msg+0x18f/0x1a0 fs/ext4/super.c:985
 ext4_fill_super+0x2d05/0x34e0 fs/ext4/super.c:5741
 get_tree_bdev_flags+0x28e/0x300 fs/super.c:1636
 get_tree_bdev+0x1f/0x30 fs/super.c:1659
 ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5758
 vfs_get_tree+0x54/0x1d0 fs/super.c:1759
 do_new_mount+0x207/0x680 fs/namespace.c:3884
 path_mount+0x4a4/0xb20 fs/namespace.c:4211
 do_mount fs/namespace.c:4224 [inline]
 __do_sys_mount fs/namespace.c:4435 [inline]
 __se_sys_mount+0x28f/0x2e0 fs/namespace.c:4412
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4412
 x64_sys_call+0xd36/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000fffff0b6 -> 0x00000000fffffcda

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10305 Comm: syz.6.2323 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================
ext4 filesystem being mounted at /383/file0 supports timestamps until 2038-01-19 (0x7fffffff)

Crashes (27):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/01 04:01 upstream 7a13c14ee59d ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/04/30 09:06 upstream ca91b9500108 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/04/29 04:17 upstream f15d97df5afa aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/04/28 05:56 upstream b4432656b36e c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/04/18 09:31 upstream b5c6891b2c5b 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/04/10 22:11 upstream 2eb959eeecc6 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/03/24 15:45 upstream 38fec10eb60d 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/03/20 03:04 upstream a7f2e10ecd8f e20d7b13 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/03/13 15:04 upstream b7f94fcf5546 44be8b44 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/03/08 04:59 upstream 21e4543a2e2f 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/03/06 15:50 upstream 848e07631744 831e3629 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/03/02 10:46 upstream ece144f151ac c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/02/28 19:25 upstream 76544811c850 67cf5345 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/02/25 20:55 upstream 2a1944bff549 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/02/20 08:30 upstream 87a132e73910 50668798 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/02/12 23:24 upstream 4dc1d1bec898 b27c2402 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/02/06 19:11 upstream 92514ef226f5 8002dd28 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/01/08 08:35 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/01/06 00:32 upstream 9244696b34f2 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2025/01/03 10:02 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/12/21 04:03 upstream e9b8ffafd20a d7f584ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/12/07 14:13 upstream b5f217084ab3 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/10/31 20:58 upstream 0fc810ae3ae1 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/30 07:01 upstream 9852d85ec9d4 ba29ff75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/19 04:05 upstream 4a39ac5b7d62 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/17 10:28 upstream a430d95c5efa c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/08 06:10 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
* Struck through repros no longer work on HEAD.