syzbot


KCSAN: data-race in data_push_tail / symbol_string (3)

Status: auto-closed as invalid on 2022/04/05 16:28
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 279d, last: 279d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / symbol_string 1 538d 538d 0/24 auto-closed as invalid on 2021/07/21 00:16
upstream KCSAN: data-race in data_push_tail / symbol_string (2) 1 359d 359d 0/24 auto-closed as invalid on 2022/01/16 12:11

Sample crash report:
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1690 comm=syz-executor.4
==================================================================
BUG: KCSAN: data-race in data_push_tail / symbol_string

write to 0xffffffff86db1480 of 1 bytes by task 1694 on cpu 1:
 string_nocheck lib/vsprintf.c:642 [inline]
 symbol_string+0x1bf/0x250 lib/vsprintf.c:1007
 pointer+0x5c9/0x830 lib/vsprintf.c:2392
 vsnprintf+0x8a1/0xed0 lib/vsprintf.c:2799
 vscnprintf+0x29/0x80 lib/vsprintf.c:2898
 printk_sprint kernel/printk/printk.c:2076 [inline]
 vprintk_store+0x638/0xbb0 kernel/printk/printk.c:2186
 vprintk_emit+0xac/0x3c0 kernel/printk/printk.c:2229
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2256
 vprintk+0x7f/0x90 kernel/printk/printk_safe.c:50
 _printk+0x76/0x97 kernel/printk/printk.c:2266
 printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
 show_trace_log_lvl+0x5f7/0x670 arch/x86/kernel/dumpstack.c:282
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd6/0x122 lib/dump_stack.c:106
 dump_stack+0x11/0x1b lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:52 [inline]
 should_fail+0x23c/0x250 lib/fault-inject.c:146
 __should_failslab+0x81/0x90 mm/failslab.c:33
 should_failslab+0x5/0x20 mm/slab_common.c:1304
 slab_pre_alloc_hook mm/slab.h:707 [inline]
 slab_alloc mm/slab.c:3298 [inline]
 __do_kmalloc mm/slab.c:3692 [inline]
 __kmalloc+0x6f/0x370 mm/slab.c:3703
 kmalloc include/linux/slab.h:586 [inline]
 kzalloc+0x16/0x20 include/linux/slab.h:714
 __register_sysctl_table+0x8c/0xcd0 fs/proc/proc_sysctl.c:1335
 register_net_sysctl+0x1f9/0x210 net/sysctl_net.c:169
 sysctl_core_net_init+0xa6/0x100 net/core/sysctl_net_core.c:630
 ops_init+0x1e7/0x230 net/core/net_namespace.c:140
 setup_net+0x29b/0x7e0 net/core/net_namespace.c:330
 copy_net_ns+0x2a9/0x450 net/core/net_namespace.c:474
 create_new_namespaces+0x231/0x560 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xe2/0x120 kernel/nsproxy.c:226
 ksys_unshare+0x376/0x6f0 kernel/fork.c:3058
 __do_sys_unshare kernel/fork.c:3129 [inline]
 __se_sys_unshare kernel/fork.c:3127 [inline]
 __x64_sys_unshare+0x1b/0x20 kernel/fork.c:3127
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffffff86db1480 of 8 bytes by task 1690 on cpu 0:
 data_make_reusable kernel/printk/printk_ringbuffer.c:587 [inline]
 data_push_tail+0x138/0x470 kernel/printk/printk_ringbuffer.c:672
 data_alloc+0xbc/0x2b0 kernel/printk/printk_ringbuffer.c:1043
 prb_reserve+0x920/0xbf0 kernel/printk/printk_ringbuffer.c:1549
 vprintk_store+0x560/0xbb0 kernel/printk/printk.c:2176
 vprintk_emit+0xac/0x3c0 kernel/printk/printk.c:2229
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2256
 vprintk+0x7f/0x90 kernel/printk/printk_safe.c:50
 _printk+0x76/0x97 kernel/printk/printk.c:2266
 selinux_netlink_send+0x3b9/0x420 security/selinux/hooks.c:5946
 security_netlink_send+0x42/0x90 security/security.c:2075
 netlink_sendmsg+0x5dd/0x850 net/netlink/af_netlink.c:1909
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg net/socket.c:725 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2413
 ___sys_sendmsg net/socket.c:2467 [inline]
 __sys_sendmsg+0x195/0x230 net/socket.c:2496
 __do_sys_sendmsg net/socket.c:2505 [inline]
 __se_sys_sendmsg net/socket.c:2503 [inline]
 __x64_sys_sendmsg+0x42/0x50 net/socket.c:2503
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x0000000100000217 -> 0x2f313878302b6261

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 1690 Comm: syz-executor.4 Not tainted 5.17.0-rc6-syzkaller-00046-g719fce7539cd-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1690 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1690 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1690 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1690 comm=syz-executor.4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1690 comm=syz-executor.4

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2022/03/01 16:25 upstream 719fce7539cd 45a13a73 .config log report info KCSAN: data-race in data_push_tail / symbol_string
* Struck through repros no longer work on HEAD.