[moderation] [net?] KCSAN: data-race in memchr / vsnprintf (2)
1 view
Skip to first unread message
syzbot
May 4, 2026, 1:19:27 PM (2 days ago) May 4
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 26fd6bff2c05 Merge tag 'mtd/fixes-for-7.1-rc2' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f9f2d2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2e40c0f41e01837e
dashboard link: https://syzkaller.appspot.com/bug?extid=7683a71b29572d08ec02
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [adilger...@dilger.ca ja...@suse.cz liba...@linux.alibaba.com linux...@vger.kernel.org linux-...@vger.kernel.org net...@vger.kernel.org oja...@linux.ibm.com rites...@gmail.com ty...@mit.edu yi.z...@huawei.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c6cf04921539/disk-26fd6bff.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/516630c07cc0/vmlinux-26fd6bff.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c1934011cc02/bzImage-26fd6bff.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7683a7...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in memchr / vsnprintf
write to 0xffffffff8937edca of 24 bytes by task 11611 on cpu 0:
vsnprintf+0x2ce/0x860 lib/vsprintf.c:2899
va_format lib/vsprintf.c:1723 [inline]
pointer+0x821/0xcb0 lib/vsprintf.c:2569
vsnprintf+0x491/0x860 lib/vsprintf.c:2952
vscnprintf+0x41/0x90 lib/vsprintf.c:3013
printk_sprint+0x30/0x2b0 kernel/printk/printk.c:2222
vprintk_store+0x57b/0x910 kernel/printk/printk.c:2364
vprintk_emit+0x1a4/0x600 kernel/printk/printk.c:2455
vprintk_default+0x26/0x30 kernel/printk/printk.c:2494
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2504
__ext4_error_inode+0x2af/0x3c0 fs/ext4/super.c:861
ext4_xattr_delete_inode+0x760/0x7a0 fs/ext4/xattr.c:3003
ext4_evict_inode+0xb16/0xe30 fs/ext4/inode.c:284
evict+0x2af/0x510 fs/inode.c:841
iput_final fs/inode.c:1960 [inline]
iput+0x41a/0x580 fs/inode.c:2009
ext4_process_orphan+0x1a9/0x1c0 fs/ext4/orphan.c:358
ext4_orphan_cleanup+0x69c/0x9f0 fs/ext4/orphan.c:472
__ext4_fill_super fs/ext4/super.c:5701 [inline]
ext4_fill_super+0x3408/0x37c0 fs/ext4/super.c:5824
get_tree_bdev_flags+0x291/0x300 fs/super.c:1694
get_tree_bdev+0x1f/0x30 fs/super.c:1717
ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5856
vfs_get_tree+0x57/0x1d0 fs/super.c:1754
fc_mount fs/namespace.c:1193 [inline]
do_new_mount_fc fs/namespace.c:3758 [inline]
do_new_mount+0x288/0x8d0 fs/namespace.c:3834
path_mount+0x4d0/0xbc0 fs/namespace.c:4154
do_mount fs/namespace.c:4167 [inline]
__do_sys_mount fs/namespace.c:4383 [inline]
__se_sys_mount+0x28c/0x2e0 fs/namespace.c:4360
__x64_sys_mount+0x67/0x80 fs/namespace.c:4360
x64_sys_call+0x2d61/0x3020 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff8937edcd of 1 bytes by task 11616 on cpu 1:
memchr+0x28/0x50 lib/string.c:809
memchr include/linux/fortify-string.h:737 [inline]
count_lines kernel/printk/printk_ringbuffer.c:1857 [inline]
copy_data kernel/printk/printk_ringbuffer.c:1903 [inline]
prb_read kernel/printk/printk_ringbuffer.c:1996 [inline]
_prb_read_valid+0x7d6/0x950 kernel/printk/printk_ringbuffer.c:2173
prb_read_valid_info+0x7a/0xa0 kernel/printk/printk_ringbuffer.c:2280
find_first_fitting_seq+0x2a1/0x330 kernel/printk/printk.c:1567
syslog_print_all+0x11b/0x3c0 kernel/printk/printk.c:1699
do_syslog+0x2fd/0x7f0 kernel/printk/printk.c:1777
__do_sys_syslog kernel/printk/printk.c:1855 [inline]
__se_sys_syslog kernel/printk/printk.c:1853 [inline]
__x64_sys_syslog+0x41/0x50 kernel/printk/printk.c:1853
x64_sys_call+0x2b9e/0x3020 arch/x86/include/generated/asm/syscalls_64.h:104
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x78 -> 0x69
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 11616 Comm: syz.6.1166 Tainted: G W syzkaller #0 PREEMPT(full)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 26fd6bff2c05 Merge tag 'mtd/fixes-for-7.1-rc2' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f9f2d2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2e40c0f41e01837e
dashboard link: https://syzkaller.appspot.com/bug?extid=7683a71b29572d08ec02
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
CC: [adilger...@dilger.ca ja...@suse.cz liba...@linux.alibaba.com linux...@vger.kernel.org linux-...@vger.kernel.org net...@vger.kernel.org oja...@linux.ibm.com rites...@gmail.com ty...@mit.edu yi.z...@huawei.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c6cf04921539/disk-26fd6bff.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/516630c07cc0/vmlinux-26fd6bff.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c1934011cc02/bzImage-26fd6bff.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7683a7...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in memchr / vsnprintf
write to 0xffffffff8937edca of 24 bytes by task 11611 on cpu 0:
vsnprintf+0x2ce/0x860 lib/vsprintf.c:2899
va_format lib/vsprintf.c:1723 [inline]
pointer+0x821/0xcb0 lib/vsprintf.c:2569
vsnprintf+0x491/0x860 lib/vsprintf.c:2952
vscnprintf+0x41/0x90 lib/vsprintf.c:3013
printk_sprint+0x30/0x2b0 kernel/printk/printk.c:2222
vprintk_store+0x57b/0x910 kernel/printk/printk.c:2364
vprintk_emit+0x1a4/0x600 kernel/printk/printk.c:2455
vprintk_default+0x26/0x30 kernel/printk/printk.c:2494
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2504
__ext4_error_inode+0x2af/0x3c0 fs/ext4/super.c:861
ext4_xattr_delete_inode+0x760/0x7a0 fs/ext4/xattr.c:3003
ext4_evict_inode+0xb16/0xe30 fs/ext4/inode.c:284
evict+0x2af/0x510 fs/inode.c:841
iput_final fs/inode.c:1960 [inline]
iput+0x41a/0x580 fs/inode.c:2009
ext4_process_orphan+0x1a9/0x1c0 fs/ext4/orphan.c:358
ext4_orphan_cleanup+0x69c/0x9f0 fs/ext4/orphan.c:472
__ext4_fill_super fs/ext4/super.c:5701 [inline]
ext4_fill_super+0x3408/0x37c0 fs/ext4/super.c:5824
get_tree_bdev_flags+0x291/0x300 fs/super.c:1694
get_tree_bdev+0x1f/0x30 fs/super.c:1717
ext4_get_tree+0x1c/0x30 fs/ext4/super.c:5856
vfs_get_tree+0x57/0x1d0 fs/super.c:1754
fc_mount fs/namespace.c:1193 [inline]
do_new_mount_fc fs/namespace.c:3758 [inline]
do_new_mount+0x288/0x8d0 fs/namespace.c:3834
path_mount+0x4d0/0xbc0 fs/namespace.c:4154
do_mount fs/namespace.c:4167 [inline]
__do_sys_mount fs/namespace.c:4383 [inline]
__se_sys_mount+0x28c/0x2e0 fs/namespace.c:4360
__x64_sys_mount+0x67/0x80 fs/namespace.c:4360
x64_sys_call+0x2d61/0x3020 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff8937edcd of 1 bytes by task 11616 on cpu 1:
memchr+0x28/0x50 lib/string.c:809
memchr include/linux/fortify-string.h:737 [inline]
count_lines kernel/printk/printk_ringbuffer.c:1857 [inline]
copy_data kernel/printk/printk_ringbuffer.c:1903 [inline]
prb_read kernel/printk/printk_ringbuffer.c:1996 [inline]
_prb_read_valid+0x7d6/0x950 kernel/printk/printk_ringbuffer.c:2173
prb_read_valid_info+0x7a/0xa0 kernel/printk/printk_ringbuffer.c:2280
find_first_fitting_seq+0x2a1/0x330 kernel/printk/printk.c:1567
syslog_print_all+0x11b/0x3c0 kernel/printk/printk.c:1699
do_syslog+0x2fd/0x7f0 kernel/printk/printk.c:1777
__do_sys_syslog kernel/printk/printk.c:1855 [inline]
__se_sys_syslog kernel/printk/printk.c:1853 [inline]
__x64_sys_syslog+0x41/0x50 kernel/printk/printk.c:1853
x64_sys_call+0x2b9e/0x3020 arch/x86/include/generated/asm/syscalls_64.h:104
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x78 -> 0x69
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 11616 Comm: syz.6.1166 Tainted: G W syzkaller #0 PREEMPT(full)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages