syzbot

 sign-in | mailing list | source | docs
🐞 Open [1027] Subsystems 🐞 Fixed [5274] 🐞 Invalid [12597] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in data_push_tail / symbol_string (4)

Status: auto-obsoleted due to no activity on 2023/06/01 14:03
Subsystems: kernel
[Documentation on labels]
First crash: 403d, last: 377d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / symbol_string (3) kernel 1 799d 799d 0/26 auto-closed as invalid on 2022/04/05 16:28
upstream KCSAN: data-race in data_push_tail / symbol_string (7) kernel 2 69d 72d 0/26 auto-obsoleted due to no activity on 2024/04/04 01:53
upstream KCSAN: data-race in data_push_tail / symbol_string kernel 1 1057d 1057d 0/26 auto-closed as invalid on 2021/07/21 00:16
upstream KCSAN: data-race in data_push_tail / symbol_string (6) kernel 1 166d 155d 0/26 auto-obsoleted due to no activity on 2023/12/29 16:49
upstream KCSAN: data-race in data_push_tail / symbol_string (5) kernel 4 208d 283d 0/26 auto-obsoleted due to no activity on 2023/11/17 08:46
upstream KCSAN: data-race in data_push_tail / symbol_string (2) kernel 1 878d 878d 0/26 auto-closed as invalid on 2022/01/16 12:11

Sample crash report:
==================================================================
BUG: KCSAN: data-race in data_push_tail / symbol_string

write to 0xffffffff86f160a8 of 1 bytes by task 17221 on cpu 1:
 string_nocheck lib/vsprintf.c:648 [inline]
 symbol_string+0x1b6/0x240 lib/vsprintf.c:1004
 pointer+0x77a/0xd10 lib/vsprintf.c:2394
 vsnprintf+0x861/0xe20 lib/vsprintf.c:2800
 vscnprintf+0x42/0x80 lib/vsprintf.c:2902
 printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2126
 vprintk_store+0x56f/0x800 kernel/printk/printk.c:2240
 vprintk_emit+0xd0/0x430 kernel/printk/printk.c:2286
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2316
 vprintk+0x83/0x90 kernel/printk/printk_safe.c:50
 _printk+0x7a/0xa0 kernel/printk/printk.c:2326
 printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
 show_trace_log_lvl+0x2fb/0x3d0 arch/x86/kernel/dumpstack.c:282
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xda/0x130 lib/dump_stack.c:106
 dump_stack+0x15/0x20 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:52 [inline]
 should_fail_ex+0x21f/0x230 lib/fault-inject.c:153
 prepare_alloc_pages mm/page_alloc.c:5365 [inline]
 __alloc_pages+0x108/0x340 mm/page_alloc.c:5581
 alloc_pages+0x3e1/0x4e0
 __pte_alloc_one include/asm-generic/pgalloc.h:63 [inline]
 pte_alloc_one+0x2d/0xc0 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x33/0x1f0 mm/memory.c:421
 do_anonymous_page mm/memory.c:4034 [inline]
 handle_pte_fault mm/memory.c:4921 [inline]
 __handle_mm_fault mm/memory.c:5065 [inline]
 handle_mm_fault+0x1ce0/0x21d0 mm/memory.c:5211
 do_user_addr_fault arch/x86/mm/fault.c:1407 [inline]
 handle_page_fault arch/x86/mm/fault.c:1498 [inline]
 exc_page_fault+0x45f/0x640 arch/x86/mm/fault.c:1554
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570

read to 0xffffffff86f160a8 of 8 bytes by task 17215 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:590 [inline]
 data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:675
 data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1046
 prb_reserve+0x893/0xbc0 kernel/printk/printk_ringbuffer.c:1555
 vprintk_store+0x53e/0x800 kernel/printk/printk.c:2230
 vprintk_emit+0xd0/0x430 kernel/printk/printk.c:2286
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2316
 vprintk+0x83/0x90 kernel/printk/printk_safe.c:50
 _printk+0x7a/0xa0 kernel/printk/printk.c:2326
 set_capacity_and_notify+0x175/0x1d0 block/genhd.c:90
 loop_set_size+0x2e/0x70 drivers/block/loop.c:237
 loop_configure+0xaf6/0xca0 drivers/block/loop.c:1100
 lo_ioctl+0x682/0x12e0
 blkdev_ioctl+0x38e/0x480 block/ioctl.c:615
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0xc9/0x140 fs/ioctl.c:856
 __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000000fffff477 -> 0x302b73656761705f

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 17215 Comm: syz-executor.4 Not tainted 6.3.0-syzkaller-07919-g6e98b09da931 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
==================================================================
EXT4-fs (loop4): revision level too high, forcing read-only mode
EXT4-fs mount: 56 callbacks suppressed
EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.
syz-executor.4 (17215) used greatest stack depth: 10744 bytes left

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/04/27 13:58 upstream 6e98b09da931 6f3d6fa7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / symbol_string
2023/04/01 08:25 upstream 5a57b48fdfcb f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_push_tail / symbol_string
* Struck through repros no longer work on HEAD.