[moderation] [kernel?] KCSAN: data-race in data_push_tail / symbol_string (12)
1 view
Skip to first unread message
syzbot
5:18 AM (12 hours ago) 5:18 AM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7d0a66e4bb90 Linux 6.18
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=108102b4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=655255e3ef31c19b
dashboard link: https://syzkaller.appspot.com/bug?extid=62a88c50f1c841e21c32
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1a08104de23/disk-7d0a66e4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6e085d805b84/vmlinux-7d0a66e4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d85572be6ac8/bzImage-7d0a66e4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+62a88c...@syzkaller.appspotmail.com
BUG: KCSAN: data-race in data_push_tail / symbol_string
write to 0xffffffff88e79b18 of 1 bytes by task 10651 on cpu 0:
string_nocheck lib/vsprintf.c:657 [inline]
symbol_string+0x1ce/0x250 lib/vsprintf.c:1013
pointer+0x60c/0xcf0 lib/vsprintf.c:2515
vsnprintf+0x491/0x890 lib/vsprintf.c:2930
vscnprintf+0x41/0x90 lib/vsprintf.c:2991
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2189
vprintk_store+0x599/0x860 kernel/printk/printk.c:2309
vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399
vprintk_default+0x26/0x30 kernel/printk/printk.c:2438
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2448
printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
show_trace_log_lvl+0x4e3/0x560 arch/x86/kernel/dumpstack.c:282
__dump_stack+0x1d/0x30 lib/dump_stack.c:94
dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
dump_stack+0x15/0x1b lib/dump_stack.c:129
fail_dump lib/fault-inject.c:73 [inline]
should_fail_ex+0x265/0x280 lib/fault-inject.c:174
should_failslab+0x8c/0xb0 mm/failslab.c:46
slab_pre_alloc_hook mm/slub.c:4931 [inline]
slab_alloc_node mm/slub.c:5264 [inline]
__do_kmalloc_node mm/slub.c:5649 [inline]
__kmalloc_noprof+0xa5/0x570 mm/slub.c:5662
kmalloc_noprof include/linux/slab.h:961 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
lsm_blob_alloc security/security.c:690 [inline]
lsm_cred_alloc security/security.c:707 [inline]
security_prepare_creds+0x52/0x120 security/security.c:3310
prepare_creds+0x34a/0x4c0 kernel/cred.c:242
copy_creds+0x8f/0x3f0 kernel/cred.c:312
copy_process+0x658/0x2000 kernel/fork.c:2046
kernel_clone+0x16c/0x5c0 kernel/fork.c:2609
__do_sys_clone kernel/fork.c:2750 [inline]
__se_sys_clone kernel/fork.c:2734 [inline]
__x64_sys_clone+0xe6/0x120 kernel/fork.c:2734
x64_sys_call+0x119c/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e79b18 of 8 bytes by task 10654 on cpu 1:
data_make_reusable kernel/printk/printk_ringbuffer.c:591 [inline]
data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:676
data_alloc+0xfb/0x2e0 kernel/printk/printk_ringbuffer.c:1061
prb_reserve+0x807/0xaf0 kernel/printk/printk_ringbuffer.c:1685
vprintk_store+0x56d/0x860 kernel/printk/printk.c:2299
vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399
vprintk_default+0x26/0x30 kernel/printk/printk.c:2438
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2448
validate_nla lib/nlattr.c:414 [inline]
__nla_validate_parse+0x1227/0x1d00 lib/nlattr.c:635
__nla_parse+0x40/0x60 lib/nlattr.c:732
__nlmsg_parse include/net/netlink.h:789 [inline]
nlmsg_parse_deprecated include/net/netlink.h:830 [inline]
rtnl_setlink+0xd2/0x420 net/core/rtnetlink.c:3436
rtnetlink_rcv_msg+0x5fe/0x6d0 net/core/rtnetlink.c:6951
netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2552
rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6978
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg+0x145/0x180 net/socket.c:742
sock_write_iter+0x1a7/0x1f0 net/socket.c:1195
do_iter_readv_writev+0x4a1/0x540 fs/read_write.c:-1
vfs_writev+0x2df/0x8b0 fs/read_write.c:1057
do_writev+0xe7/0x210 fs/read_write.c:1103
__do_sys_writev fs/read_write.c:1171 [inline]
__se_sys_writev fs/read_write.c:1168 [inline]
__x64_sys_writev+0x45/0x50 fs/read_write.c:1168
x64_sys_call+0x1e9a/0x3000 arch/x86/include/generated/asm/syscalls_64.h:21
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000000ffffe985 -> 0x663878302b736465
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10654 Comm: syz.1.2889 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================
syz.1.2889 (10654) used greatest stack depth: 9432 bytes left
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7d0a66e4bb90 Linux 6.18
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=108102b4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=655255e3ef31c19b
dashboard link: https://syzkaller.appspot.com/bug?extid=62a88c50f1c841e21c32
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c1a08104de23/disk-7d0a66e4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6e085d805b84/vmlinux-7d0a66e4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d85572be6ac8/bzImage-7d0a66e4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+62a88c...@syzkaller.appspotmail.com
BUG: KCSAN: data-race in data_push_tail / symbol_string
write to 0xffffffff88e79b18 of 1 bytes by task 10651 on cpu 0:
string_nocheck lib/vsprintf.c:657 [inline]
symbol_string+0x1ce/0x250 lib/vsprintf.c:1013
pointer+0x60c/0xcf0 lib/vsprintf.c:2515
vsnprintf+0x491/0x890 lib/vsprintf.c:2930
vscnprintf+0x41/0x90 lib/vsprintf.c:2991
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2189
vprintk_store+0x599/0x860 kernel/printk/printk.c:2309
vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399
vprintk_default+0x26/0x30 kernel/printk/printk.c:2438
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2448
printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
show_trace_log_lvl+0x4e3/0x560 arch/x86/kernel/dumpstack.c:282
__dump_stack+0x1d/0x30 lib/dump_stack.c:94
dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
dump_stack+0x15/0x1b lib/dump_stack.c:129
fail_dump lib/fault-inject.c:73 [inline]
should_fail_ex+0x265/0x280 lib/fault-inject.c:174
should_failslab+0x8c/0xb0 mm/failslab.c:46
slab_pre_alloc_hook mm/slub.c:4931 [inline]
slab_alloc_node mm/slub.c:5264 [inline]
__do_kmalloc_node mm/slub.c:5649 [inline]
__kmalloc_noprof+0xa5/0x570 mm/slub.c:5662
kmalloc_noprof include/linux/slab.h:961 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
lsm_blob_alloc security/security.c:690 [inline]
lsm_cred_alloc security/security.c:707 [inline]
security_prepare_creds+0x52/0x120 security/security.c:3310
prepare_creds+0x34a/0x4c0 kernel/cred.c:242
copy_creds+0x8f/0x3f0 kernel/cred.c:312
copy_process+0x658/0x2000 kernel/fork.c:2046
kernel_clone+0x16c/0x5c0 kernel/fork.c:2609
__do_sys_clone kernel/fork.c:2750 [inline]
__se_sys_clone kernel/fork.c:2734 [inline]
__x64_sys_clone+0xe6/0x120 kernel/fork.c:2734
x64_sys_call+0x119c/0x3000 arch/x86/include/generated/asm/syscalls_64.h:57
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e79b18 of 8 bytes by task 10654 on cpu 1:
data_make_reusable kernel/printk/printk_ringbuffer.c:591 [inline]
data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:676
data_alloc+0xfb/0x2e0 kernel/printk/printk_ringbuffer.c:1061
prb_reserve+0x807/0xaf0 kernel/printk/printk_ringbuffer.c:1685
vprintk_store+0x56d/0x860 kernel/printk/printk.c:2299
vprintk_emit+0x10d/0x580 kernel/printk/printk.c:2399
vprintk_default+0x26/0x30 kernel/printk/printk.c:2438
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2448
validate_nla lib/nlattr.c:414 [inline]
__nla_validate_parse+0x1227/0x1d00 lib/nlattr.c:635
__nla_parse+0x40/0x60 lib/nlattr.c:732
__nlmsg_parse include/net/netlink.h:789 [inline]
nlmsg_parse_deprecated include/net/netlink.h:830 [inline]
rtnl_setlink+0xd2/0x420 net/core/rtnetlink.c:3436
rtnetlink_rcv_msg+0x5fe/0x6d0 net/core/rtnetlink.c:6951
netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2552
rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6978
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0x5c0/0x690 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x58b/0x6b0 net/netlink/af_netlink.c:1896
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg+0x145/0x180 net/socket.c:742
sock_write_iter+0x1a7/0x1f0 net/socket.c:1195
do_iter_readv_writev+0x4a1/0x540 fs/read_write.c:-1
vfs_writev+0x2df/0x8b0 fs/read_write.c:1057
do_writev+0xe7/0x210 fs/read_write.c:1103
__do_sys_writev fs/read_write.c:1171 [inline]
__se_sys_writev fs/read_write.c:1168 [inline]
__x64_sys_writev+0x45/0x50 fs/read_write.c:1168
x64_sys_call+0x1e9a/0x3000 arch/x86/include/generated/asm/syscalls_64.h:21
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000000ffffe985 -> 0x663878302b736465
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 10654 Comm: syz.1.2889 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
==================================================================
syz.1.2889 (10654) used greatest stack depth: 9432 bytes left
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages