syzbot


KCSAN: data-race in add_input_randomness / add_input_randomness (3)

Status: auto-closed as invalid on 2021/05/09 19:05
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+2ccfc09f966037843ba8@syzkaller.appspotmail.com
First crash: 1236d, last: 1079d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in add_input_randomness / add_input_randomness kernel 2 1361d 1367d 0/26 auto-closed as invalid on 2020/07/31 12:53
upstream KCSAN: data-race in add_input_randomness / add_input_randomness (2) kernel 3 1296d 1324d 0/26 auto-closed as invalid on 2020/10/04 07:48

Sample crash report:
==================================================================
BUG: KCSAN: data-race in add_input_randomness / add_input_randomness

write to 0xffffffff89018924 of 1 bytes by interrupt on cpu 0:
 add_input_randomness+0x66/0x2a0 drivers/char/random.c:1210
 input_handle_event+0x6b7/0xd50 drivers/input/input.c:378
 input_event+0x7d/0xa0 drivers/input/input.c:446
 hidinput_hid_event+0xb4b/0xcd0 drivers/hid/hid-input.c:1405
 hid_process_event+0x2f3/0x3c0 drivers/hid/hid-core.c:1522
 hid_input_field drivers/hid/hid-core.c:1566 [inline]
 hid_report_raw_event+0x8d4/0xbf0 drivers/hid/hid-core.c:1786
 hid_input_report+0x2c9/0x330 drivers/hid/hid-core.c:1853
 hid_irq_in+0x2cb/0x3d0 drivers/hid/usbhid/hid-core.c:284
 __usb_hcd_giveback_urb+0x244/0x2e0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0xae/0x200 drivers/usb/core/hcd.c:1726
 dummy_timer+0x513/0x24a0 drivers/usb/gadget/udc/dummy_hcd.c:1971
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1431
 expire_timers+0x116/0x260 kernel/time/timer.c:1476
 __run_timers+0x358/0x3f0 kernel/time/timer.c:1745
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:422
 sysvec_apic_timer_interrupt+0x37/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632

read to 0xffffffff89018924 of 1 bytes by interrupt on cpu 1:
 add_input_randomness+0x35/0x2a0 drivers/char/random.c:1207
 input_handle_event+0x6b7/0xd50 drivers/input/input.c:378
 input_event+0x7d/0xa0 drivers/input/input.c:446
 hidinput_hid_event+0xb4b/0xcd0 drivers/hid/hid-input.c:1405
 hid_process_event+0x2f3/0x3c0 drivers/hid/hid-core.c:1522
 hid_input_field drivers/hid/hid-core.c:1566 [inline]
 hid_report_raw_event+0x8d4/0xbf0 drivers/hid/hid-core.c:1786
 hid_input_report+0x2c9/0x330 drivers/hid/hid-core.c:1853
 hid_irq_in+0x2cb/0x3d0 drivers/hid/usbhid/hid-core.c:284
 __usb_hcd_giveback_urb+0x244/0x2e0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0xae/0x200 drivers/usb/core/hcd.c:1726
 dummy_timer+0x513/0x24a0 drivers/usb/gadget/udc/dummy_hcd.c:1971
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1431
 expire_timers+0x116/0x260 kernel/time/timer.c:1476
 __run_timers+0x358/0x3f0 kernel/time/timer.c:1745
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:422
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
 tomoyo_domain_quota_is_ok+0x1c7/0x2f0 security/tomoyo/util.c:1093
 tomoyo_supervisor+0x1f4/0xb40 security/tomoyo/common.c:2089
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_path_perm+0x261/0x330 security/tomoyo/file.c:838
 tomoyo_inode_getattr+0x18/0x20 security/tomoyo/tomoyo.c:123
 security_inode_getattr+0x7f/0xd0 security/security.c:1288
 vfs_getattr fs/stat.c:131 [inline]
 vfs_statx+0xf8/0x290 fs/stat.c:199
 vfs_fstatat fs/stat.c:217 [inline]
 vfs_lstat include/linux/fs.h:3240 [inline]
 __do_sys_newlstat fs/stat.c:372 [inline]
 __se_sys_newlstat+0x46/0x250 fs/stat.c:366
 __x64_sys_newlstat+0x2d/0x40 fs/stat.c:366
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 29788 Comm: systemd-udevd Tainted: G        W         5.12.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
kbd_keycode: 414 callbacks suppressed
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/04 19:04 upstream 2023a53bdf41 6a81331a .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in add_input_randomness / add_input_randomness
2021/03/22 03:22 upstream 5ee96fa9dd78 bea32f74 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in add_input_randomness / add_input_randomness
2021/02/22 05:10 upstream 55f62bc87347 a659b3f1 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in add_input_randomness / add_input_randomness
2021/02/12 07:24 upstream dcc0b49040c7 a5f86b15 .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in add_input_randomness / add_input_randomness
2021/02/04 11:34 upstream 61556703b610 42b90a7c .config console log report info ci2-upstream-kcsan-gce KCSAN: data-race in add_input_randomness / add_input_randomness
2021/01/08 17:44 upstream f5e6c330254a c104d4a3 .config console log report info ci2-upstream-kcsan-gce
2021/01/04 21:36 upstream 36bbbd0e234d 2a28ff1f .config console log report info ci2-upstream-kcsan-gce
2021/01/01 10:56 upstream f6e1ea196492 79264ae3 .config console log report info ci2-upstream-kcsan-gce
2020/12/09 05:43 upstream 7d8761ba27fc 40cc414d .config console log report info ci2-upstream-kcsan-gce
2020/11/25 23:53 upstream fa02fcd94b0c 3f581b43 .config console log report info ci2-upstream-kcsan-gce
2020/11/08 21:24 upstream 9dbc1c03eeb5 cba33199 .config console log report info ci2-upstream-kcsan-gce
2020/10/30 23:27 upstream f5d808567a51 18e33098 .config console log report info ci2-upstream-kcsan-gce
2020/10/29 18:51 upstream 23859ae44402 a0c7169a .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.