[moderation] [kernel?] KCSAN: data-race in data_push_tail / symbol_string (11)
2 views
Skip to first unread message
syzbot
Aug 23, 2025, 6:18:39 AM8/23/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6debb6904172 Merge tag 'drm-fixes-2025-08-23-1' of https:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11b6bfa2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=86a2212b48ce4ce2
dashboard link: https://syzkaller.appspot.com/bug?extid=352845049bd2cf9f444f
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e7ea365684d1/disk-6debb690.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/326da5718fbf/vmlinux-6debb690.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb9f2fb0a492/bzImage-6debb690.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+352845...@syzkaller.appspotmail.com
BUG: KCSAN: data-race in data_push_tail / symbol_string
write to 0xffffffff88e29840 of 1 bytes by task 5569 on cpu 0:
string_nocheck lib/vsprintf.c:657 [inline]
symbol_string+0x1ce/0x250 lib/vsprintf.c:1013
pointer+0x60c/0xcf0 lib/vsprintf.c:2515
vsnprintf+0x491/0x890 lib/vsprintf.c:2930
vscnprintf+0x41/0x90 lib/vsprintf.c:2991
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
vprintk_store+0x599/0x860 kernel/printk/printk.c:2336
vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2475
printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
show_trace_log_lvl+0x4e3/0x560 arch/x86/kernel/dumpstack.c:282
__dump_stack+0x1d/0x30 lib/dump_stack.c:94
dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
dump_stack+0x15/0x1b lib/dump_stack.c:129
fail_dump lib/fault-inject.c:73 [inline]
should_fail_ex+0x265/0x280 lib/fault-inject.c:174
should_failslab+0x8c/0xb0 mm/failslab.c:46
slab_pre_alloc_hook mm/slub.c:4133 [inline]
slab_alloc_node mm/slub.c:4209 [inline]
kmem_cache_alloc_noprof+0x50/0x310 mm/slub.c:4236
alloc_empty_file+0x76/0x200 fs/file_table.c:237
path_openat+0x68/0x2170 fs/namei.c:4032
do_filp_open+0x109/0x230 fs/namei.c:4073
do_sys_openat2+0xa6/0x110 fs/open.c:1435
do_sys_open fs/open.c:1450 [inline]
__do_sys_creat fs/open.c:1528 [inline]
__se_sys_creat fs/open.c:1522 [inline]
__x64_sys_creat+0x65/0x90 fs/open.c:1522
x64_sys_call+0x2d94/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:86
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e29840 of 8 bytes by task 5456 on cpu 1:
data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:679
data_alloc+0xbf/0x2b0 kernel/printk/printk_ringbuffer.c:1054
prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
dev_vprintk_emit+0x242/0x2a0 drivers/base/core.c:4914
dev_printk_emit+0x84/0xb0 drivers/base/core.c:4925
__netdev_printk+0x35c/0x3e0 net/core/dev.c:12598
netdev_info+0x9b/0xd0 net/core/dev.c:12653
nsim_udp_tunnel_unset_port+0x18a/0x1b0 drivers/net/netdevsim/udp_tunnels.c:59
udp_tunnel_nic_device_sync_one net/ipv4/udp_tunnel_nic.c:-1 [inline]
udp_tunnel_nic_device_sync_by_port net/ipv4/udp_tunnel_nic.c:249 [inline]
__udp_tunnel_nic_device_sync+0x564/0x9c0 net/ipv4/udp_tunnel_nic.c:292
udp_tunnel_nic_device_sync_work+0x5d/0x5f0 net/ipv4/udp_tunnel_nic.c:740
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
worker_thread+0x582/0x770 kernel/workqueue.c:3400
kthread+0x486/0x510 kernel/kthread.c:463
ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0x00000000ffffe371 -> 0x363778302b656c69
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5456 Comm: kworker/u8:27 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
==================================================================
netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 6debb6904172 Merge tag 'drm-fixes-2025-08-23-1' of https:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11b6bfa2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=86a2212b48ce4ce2
dashboard link: https://syzkaller.appspot.com/bug?extid=352845049bd2cf9f444f
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e7ea365684d1/disk-6debb690.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/326da5718fbf/vmlinux-6debb690.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb9f2fb0a492/bzImage-6debb690.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+352845...@syzkaller.appspotmail.com
BUG: KCSAN: data-race in data_push_tail / symbol_string
write to 0xffffffff88e29840 of 1 bytes by task 5569 on cpu 0:
string_nocheck lib/vsprintf.c:657 [inline]
symbol_string+0x1ce/0x250 lib/vsprintf.c:1013
pointer+0x60c/0xcf0 lib/vsprintf.c:2515
vsnprintf+0x491/0x890 lib/vsprintf.c:2930
vscnprintf+0x41/0x90 lib/vsprintf.c:2991
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
vprintk_store+0x599/0x860 kernel/printk/printk.c:2336
vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x79/0xa0 kernel/printk/printk.c:2475
printk_stack_address arch/x86/kernel/dumpstack.c:70 [inline]
show_trace_log_lvl+0x4e3/0x560 arch/x86/kernel/dumpstack.c:282
__dump_stack+0x1d/0x30 lib/dump_stack.c:94
dump_stack_lvl+0xe8/0x140 lib/dump_stack.c:120
dump_stack+0x15/0x1b lib/dump_stack.c:129
fail_dump lib/fault-inject.c:73 [inline]
should_fail_ex+0x265/0x280 lib/fault-inject.c:174
should_failslab+0x8c/0xb0 mm/failslab.c:46
slab_pre_alloc_hook mm/slub.c:4133 [inline]
slab_alloc_node mm/slub.c:4209 [inline]
kmem_cache_alloc_noprof+0x50/0x310 mm/slub.c:4236
alloc_empty_file+0x76/0x200 fs/file_table.c:237
path_openat+0x68/0x2170 fs/namei.c:4032
do_filp_open+0x109/0x230 fs/namei.c:4073
do_sys_openat2+0xa6/0x110 fs/open.c:1435
do_sys_open fs/open.c:1450 [inline]
__do_sys_creat fs/open.c:1528 [inline]
__se_sys_creat fs/open.c:1522 [inline]
__x64_sys_creat+0x65/0x90 fs/open.c:1522
x64_sys_call+0x2d94/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:86
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e29840 of 8 bytes by task 5456 on cpu 1:
data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
data_push_tail+0xfd/0x420 kernel/printk/printk_ringbuffer.c:679
data_alloc+0xbf/0x2b0 kernel/printk/printk_ringbuffer.c:1054
prb_reserve+0x808/0xaf0 kernel/printk/printk_ringbuffer.c:1669
vprintk_store+0x56d/0x860 kernel/printk/printk.c:2326
vprintk_emit+0x178/0x650 kernel/printk/printk.c:2426
dev_vprintk_emit+0x242/0x2a0 drivers/base/core.c:4914
dev_printk_emit+0x84/0xb0 drivers/base/core.c:4925
__netdev_printk+0x35c/0x3e0 net/core/dev.c:12598
netdev_info+0x9b/0xd0 net/core/dev.c:12653
nsim_udp_tunnel_unset_port+0x18a/0x1b0 drivers/net/netdevsim/udp_tunnels.c:59
udp_tunnel_nic_device_sync_one net/ipv4/udp_tunnel_nic.c:-1 [inline]
udp_tunnel_nic_device_sync_by_port net/ipv4/udp_tunnel_nic.c:249 [inline]
__udp_tunnel_nic_device_sync+0x564/0x9c0 net/ipv4/udp_tunnel_nic.c:292
udp_tunnel_nic_device_sync_work+0x5d/0x5f0 net/ipv4/udp_tunnel_nic.c:740
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3319
worker_thread+0x582/0x770 kernel/workqueue.c:3400
kthread+0x486/0x510 kernel/kthread.c:463
ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0x00000000ffffe371 -> 0x363778302b656c69
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 5456 Comm: kworker/u8:27 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
==================================================================
netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 18, 2025, 6:19:21 AM10/18/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages