syzbot


KCSAN: data-race in data_alloc / data_push_tail (3)

Status: moderation: reported on 2024/09/08 06:11
Subsystems: audit
[Documentation on labels]
Reported-by: syzbot+faa791a3223590f7f155@syzkaller.appspotmail.com
First crash: 26d, last: 4d17h
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_alloc / data_push_tail (2) batman 44 72d 216d 0/28 auto-obsoleted due to no activity on 2024/08/28 06:32
upstream KCSAN: data-race in data_alloc / data_push_tail ext4 94 527d 990d 0/28 auto-obsoleted due to no activity on 2023/05/31 17:30

Sample crash report:
netlink: 12 bytes leftover after parsing attributes in process `syz.2.2058'.
==================================================================
BUG: KCSAN: data-race in data_alloc / data_push_tail

write to 0xffffffff88b8f640 of 8 bytes by task 8275 on cpu 0:
 data_alloc+0x216/0x2c0 kernel/printk/printk_ringbuffer.c:1082
 prb_reserve+0x85e/0xb60 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x53f/0x810 kernel/printk/printk.c:2301
 vprintk_emit+0x15e/0x680 kernel/printk/printk.c:2383
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2422
 vprintk+0x75/0x80 kernel/printk/printk_safe.c:68
 _printk+0x7a/0xa0 kernel/printk/printk.c:2432
 p9_fd_create+0x1ff/0x260 net/9p/trans_fd.c:1098
 p9_client_create+0x59a/0xab0 net/9p/client.c:1015
 v9fs_session_init+0xf9/0xda0 fs/9p/v9fs.c:410
 v9fs_mount+0x69/0x560 fs/9p/vfs_super.c:122
 legacy_get_tree+0x77/0xd0 fs/fs_context.c:662
 vfs_get_tree+0x56/0x1e0 fs/super.c:1800
 do_new_mount+0x227/0x690 fs/namespace.c:3507
 path_mount+0x49b/0xb30 fs/namespace.c:3834
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x27c/0x2d0 fs/namespace.c:4032
 __x64_sys_mount+0x67/0x80 fs/namespace.c:4032
 x64_sys_call+0x203e/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:166
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffffffff88b8f640 of 8 bytes by task 8278 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
 data_push_tail+0x102/0x430 kernel/printk/printk_ringbuffer.c:679
 data_alloc+0xbe/0x2c0 kernel/printk/printk_ringbuffer.c:1054
 prb_reserve+0x85e/0xb60 kernel/printk/printk_ringbuffer.c:1669
 vprintk_store+0x53f/0x810 kernel/printk/printk.c:2301
 vprintk_emit+0x15e/0x680 kernel/printk/printk.c:2383
 vprintk_default+0x26/0x30 kernel/printk/printk.c:2422
 vprintk+0x75/0x80 kernel/printk/printk_safe.c:68
 _printk+0x7a/0xa0 kernel/printk/printk.c:2432
 __nla_validate_parse+0x1881/0x1e30 lib/nlattr.c:647
 __nla_parse+0x40/0x60 lib/nlattr.c:732
 nla_parse_nested_deprecated include/net/netlink.h:1339 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3608 [inline]
 rtnl_newlink+0x3fd/0x1690 net/core/rtnetlink.c:3743
 rtnetlink_rcv_msg+0x6aa/0x710 net/core/rtnetlink.c:6646
 netlink_rcv_skb+0x12c/0x230 net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6664
 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
 netlink_unicast+0x599/0x670 net/netlink/af_netlink.c:1357
 netlink_sendmsg+0x5cc/0x6e0 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg+0x140/0x180 net/socket.c:744
 ____sys_sendmsg+0x312/0x410 net/socket.c:2602
 ___sys_sendmsg net/socket.c:2656 [inline]
 __sys_sendmsg+0x1d9/0x270 net/socket.c:2685
 __do_sys_sendmsg net/socket.c:2694 [inline]
 __se_sys_sendmsg net/socket.c:2692 [inline]
 __x64_sys_sendmsg+0x46/0x50 net/socket.c:2692
 x64_sys_call+0x2689/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:47
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000ffffe1cb -> 0x00000000ffffedcd

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 8278 Comm: syz.2.2058 Not tainted 6.12.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
==================================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/30 07:01 upstream 9852d85ec9d4 ba29ff75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/19 04:05 upstream 4a39ac5b7d62 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/17 10:28 upstream a430d95c5efa c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
2024/09/08 06:10 upstream d1f2d51b711a 9750182a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in data_alloc / data_push_tail
* Struck through repros no longer work on HEAD.