syzbot


KCSAN: data-race in data_push_tail / symbol_string

Status: auto-closed as invalid on 2021/07/21 00:16
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 602d, last: 602d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / symbol_string (3) 1 344d 344d 0/24 auto-closed as invalid on 2022/04/05 16:28
upstream KCSAN: data-race in data_push_tail / symbol_string (2) 1 423d 423d 0/24 auto-closed as invalid on 2022/01/16 12:11

Sample crash report:
==================================================================
BUG: KCSAN: data-race in data_push_tail / symbol_string

write to 0xffffffff84516b59 of 1 bytes by task 16053 on cpu 0:
 string_nocheck lib/vsprintf.c:615 [inline]
 symbol_string+0xff/0x190 lib/vsprintf.c:976
 pointer+0x5b8/0x820 lib/vsprintf.c:2349
 vsnprintf+0x8a1/0xed0 lib/vsprintf.c:2756
 vscnprintf+0x29/0x80 lib/vsprintf.c:2855
 printk_sprint kernel/printk/printk.c:2012 [inline]
 vprintk_store+0x4c1/0x9c0 kernel/printk/printk.c:2115
 vprintk_emit+0xca/0x3d0 kernel/printk/printk.c:2157
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2185
 vprintk+0x15a/0x170 kernel/printk/printk_safe.c:392
 printk+0x62/0x87 kernel/printk/printk.c:2216
 printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
 show_trace_log_lvl+0x587/0x600 arch/x86/kernel/dumpstack.c:282
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x137/0x19d lib/dump_stack.c:120
 fail_dump lib/fault-inject.c:52 [inline]
 should_fail+0x23c/0x250 lib/fault-inject.c:146
 should_fail_usercopy+0x16/0x20 lib/fault-inject-usercopy.c:37
 _copy_from_user+0x1c/0xd0 lib/usercopy.c:14
 copy_from_user include/linux/uaccess.h:192 [inline]
 __copy_msghdr_from_user+0x44/0x350 net/socket.c:2232
 copy_msghdr_from_user net/socket.c:2283 [inline]
 sendmsg_copy_msghdr net/socket.c:2381 [inline]
 ___sys_sendmsg net/socket.c:2400 [inline]
 __sys_sendmsg+0x135/0x270 net/socket.c:2433
 __do_sys_sendmsg net/socket.c:2442 [inline]
 __se_sys_sendmsg net/socket.c:2440 [inline]
 __x64_sys_sendmsg+0x42/0x50 net/socket.c:2440
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffffff84516b58 of 8 bytes by task 16054 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:587 [inline]
 data_push_tail+0x125/0x460 kernel/printk/printk_ringbuffer.c:672
 data_alloc+0xbc/0x2b0 kernel/printk/printk_ringbuffer.c:1043
 prb_reserve+0x8f0/0xbc0 kernel/printk/printk_ringbuffer.c:1549
 vprintk_store+0x3e9/0x9c0 kernel/printk/printk.c:2105
 vprintk_emit+0xca/0x3d0 kernel/printk/printk.c:2157
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2185
 vprintk+0x15a/0x170 kernel/printk/printk_safe.c:392
 printk+0x62/0x87 kernel/printk/printk.c:2216
 set_capacity_and_notify+0x15a/0x1c0 block/genhd.c:73
 loop_set_size drivers/block/loop.c:255 [inline]
 loop_configure+0xafc/0xcb0 drivers/block/loop.c:1162
 lo_ioctl+0x555/0x11f0 drivers/block/loop.c:1690
 blkdev_ioctl+0x1d0/0x3c0 block/ioctl.c:585
 block_ioctl+0x6d/0x80 fs/block_dev.c:1662
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:1069 [inline]
 __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:1055
 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:1055
 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00000001000040df -> 0x5f646c756f687320

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 16054 Comm: syz-executor.5 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-kcsan-gce 2021/06/16 00:16 upstream 94f0b2d4a1d0 990d3cbe .config console log report info KCSAN: data-race in data_push_tail / symbol_string
* Struck through repros no longer work on HEAD.