[moderation] [kernel?] KCSAN: data-race in data_push_tail / symbol_string (7)
1 view
Skip to first unread message
syzbot
Feb 26, 2024, 11:42:27 AMFeb 26
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d206a76d7d27 Linux 6.8-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1281f474180000
kernel config: https://syzkaller.appspot.com/x/.config?x=53006d590acdf777
dashboard link: https://syzkaller.appspot.com/bug?extid=88e4022eda068b794ac2
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cf7705f6ca07/disk-d206a76d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ebadc9b771c4/vmlinux-d206a76d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ee2467765827/bzImage-d206a76d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+88e402...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in data_push_tail / symbol_string
write to 0xffffffff870e3c38 of 1 bytes by task 27088 on cpu 1:
string_nocheck lib/vsprintf.c:650 [inline]
symbol_string+0x1b6/0x240 lib/vsprintf.c:1006
pointer+0x77a/0xd10 lib/vsprintf.c:2422
vsnprintf+0x861/0xe30 lib/vsprintf.c:2828
vscnprintf+0x42/0x80 lib/vsprintf.c:2930
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2124
vprintk_store+0x56f/0x800 kernel/printk/printk.c:2238
vprintk_emit+0xd0/0x5d0 kernel/printk/printk.c:2284
vprintk_default+0x26/0x30 kernel/printk/printk.c:2318
vprintk+0x71/0x80 kernel/printk/printk_safe.c:45
_printk+0x7a/0xa0 kernel/printk/printk.c:2328
show_ip arch/x86/kernel/dumpstack.c:142 [inline]
show_iret_regs+0x2e/0x60 arch/x86/kernel/dumpstack.c:149
__show_regs+0x2b/0x430 arch/x86/kernel/process_64.c:75
show_trace_log_lvl+0x3d2/0x510 arch/x86/kernel/dumpstack.c:301
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xda/0x130 lib/dump_stack.c:106
dump_stack+0x15/0x20 lib/dump_stack.c:113
fail_dump lib/fault-inject.c:52 [inline]
should_fail_ex+0x21f/0x230 lib/fault-inject.c:153
should_fail+0xb/0x10 lib/fault-inject.c:163
should_fail_usercopy+0x1a/0x20 lib/fault-inject-usercopy.c:37
_copy_from_user+0x1e/0xd0 lib/usercopy.c:15
copy_from_user include/linux/uaccess.h:183 [inline]
____sys_sendmsg+0x1af/0x4d0 net/socket.c:2561
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmmsg+0x269/0x500 net/socket.c:2724
__do_sys_sendmmsg net/socket.c:2753 [inline]
__se_sys_sendmmsg net/socket.c:2750 [inline]
__x64_sys_sendmmsg+0x57/0x60 net/socket.c:2750
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
read to 0xffffffff870e3c38 of 8 bytes by task 27093 on cpu 0:
data_make_reusable kernel/printk/printk_ringbuffer.c:590 [inline]
data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:675
data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1046
prb_reserve+0x897/0xbc0 kernel/printk/printk_ringbuffer.c:1555
vprintk_store+0x53e/0x800 kernel/printk/printk.c:2228
vprintk_emit+0xd0/0x5d0 kernel/printk/printk.c:2284
vprintk_default+0x26/0x30 kernel/printk/printk.c:2318
vprintk+0x71/0x80 kernel/printk/printk_safe.c:45
_printk+0x7a/0xa0 kernel/printk/printk.c:2328
__nla_validate_parse+0x175f/0x1ce0 lib/nlattr.c:643
__nla_parse+0x40/0x50 lib/nlattr.c:728
nla_parse_nested_deprecated include/net/netlink.h:1325 [inline]
__rtnl_newlink net/core/rtnetlink.c:3616 [inline]
rtnl_newlink+0x3fd/0x1670 net/core/rtnetlink.c:3751
rtnetlink_rcv_msg+0x80a/0x8c0 net/core/rtnetlink.c:6618
netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2543
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6636
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x589/0x660 net/netlink/af_netlink.c:1367
netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x37c/0x4d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x1e9/0x270 net/socket.c:2667
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x46/0x50 net/socket.c:2674
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x00000001000046a9 -> 0x3961643362306161
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 27093 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d206a76d7d27 Linux 6.8-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1281f474180000
kernel config: https://syzkaller.appspot.com/x/.config?x=53006d590acdf777
dashboard link: https://syzkaller.appspot.com/bug?extid=88e4022eda068b794ac2
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cf7705f6ca07/disk-d206a76d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ebadc9b771c4/vmlinux-d206a76d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ee2467765827/bzImage-d206a76d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+88e402...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in data_push_tail / symbol_string
write to 0xffffffff870e3c38 of 1 bytes by task 27088 on cpu 1:
string_nocheck lib/vsprintf.c:650 [inline]
symbol_string+0x1b6/0x240 lib/vsprintf.c:1006
pointer+0x77a/0xd10 lib/vsprintf.c:2422
vsnprintf+0x861/0xe30 lib/vsprintf.c:2828
vscnprintf+0x42/0x80 lib/vsprintf.c:2930
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2124
vprintk_store+0x56f/0x800 kernel/printk/printk.c:2238
vprintk_emit+0xd0/0x5d0 kernel/printk/printk.c:2284
vprintk_default+0x26/0x30 kernel/printk/printk.c:2318
vprintk+0x71/0x80 kernel/printk/printk_safe.c:45
_printk+0x7a/0xa0 kernel/printk/printk.c:2328
show_ip arch/x86/kernel/dumpstack.c:142 [inline]
show_iret_regs+0x2e/0x60 arch/x86/kernel/dumpstack.c:149
__show_regs+0x2b/0x430 arch/x86/kernel/process_64.c:75
show_trace_log_lvl+0x3d2/0x510 arch/x86/kernel/dumpstack.c:301
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xda/0x130 lib/dump_stack.c:106
dump_stack+0x15/0x20 lib/dump_stack.c:113
fail_dump lib/fault-inject.c:52 [inline]
should_fail_ex+0x21f/0x230 lib/fault-inject.c:153
should_fail+0xb/0x10 lib/fault-inject.c:163
should_fail_usercopy+0x1a/0x20 lib/fault-inject-usercopy.c:37
_copy_from_user+0x1e/0xd0 lib/usercopy.c:15
copy_from_user include/linux/uaccess.h:183 [inline]
____sys_sendmsg+0x1af/0x4d0 net/socket.c:2561
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmmsg+0x269/0x500 net/socket.c:2724
__do_sys_sendmmsg net/socket.c:2753 [inline]
__se_sys_sendmmsg net/socket.c:2750 [inline]
__x64_sys_sendmmsg+0x57/0x60 net/socket.c:2750
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
read to 0xffffffff870e3c38 of 8 bytes by task 27093 on cpu 0:
data_make_reusable kernel/printk/printk_ringbuffer.c:590 [inline]
data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:675
data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1046
prb_reserve+0x897/0xbc0 kernel/printk/printk_ringbuffer.c:1555
vprintk_store+0x53e/0x800 kernel/printk/printk.c:2228
vprintk_emit+0xd0/0x5d0 kernel/printk/printk.c:2284
vprintk_default+0x26/0x30 kernel/printk/printk.c:2318
vprintk+0x71/0x80 kernel/printk/printk_safe.c:45
_printk+0x7a/0xa0 kernel/printk/printk.c:2328
__nla_validate_parse+0x175f/0x1ce0 lib/nlattr.c:643
__nla_parse+0x40/0x50 lib/nlattr.c:728
nla_parse_nested_deprecated include/net/netlink.h:1325 [inline]
__rtnl_newlink net/core/rtnetlink.c:3616 [inline]
rtnl_newlink+0x3fd/0x1670 net/core/rtnetlink.c:3751
rtnetlink_rcv_msg+0x80a/0x8c0 net/core/rtnetlink.c:6618
netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2543
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6636
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x589/0x660 net/netlink/af_netlink.c:1367
netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x37c/0x4d0 net/socket.c:2584
___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x1e9/0x270 net/socket.c:2667
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x46/0x50 net/socket.c:2674
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
value changed: 0x00000001000046a9 -> 0x3961643362306161
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 27093 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 3, 2024, 9:53:13 PMApr 3
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages