KCSAN: data-race in add_input_randomness / add_input

KCSAN: data-race in add_input_randomness / add_input_randomness (3)
Status: moderation: reported on 2020/12/07 11:45
Reported-by: syzbot+2ccfc09f966037843ba8@syzkaller.appspotmail.com
First crash: 167d, last: 10d

similar bugs (2):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in add_input_randomness / add_input_randomness				2	292d	298d	0/22	auto-closed as invalid on 2020/07/31 12:53
upstream	KCSAN: data-race in add_input_randomness / add_input_randomness (2)				3	228d	256d	0/22	auto-closed as invalid on 2020/10/04 07:48

Sample crash report:

==================================================================
BUG: KCSAN: data-race in add_input_randomness / add_input_randomness

write to 0xffffffff89018924 of 1 bytes by interrupt on cpu 0:
 add_input_randomness+0x66/0x2a0 drivers/char/random.c:1210
 input_handle_event+0x6b7/0xd50 drivers/input/input.c:378
 input_event+0x7d/0xa0 drivers/input/input.c:446
 hidinput_hid_event+0xb4b/0xcd0 drivers/hid/hid-input.c:1405
 hid_process_event+0x2f3/0x3c0 drivers/hid/hid-core.c:1522
 hid_input_field drivers/hid/hid-core.c:1566 [inline]
 hid_report_raw_event+0x8d4/0xbf0 drivers/hid/hid-core.c:1786
 hid_input_report+0x2c9/0x330 drivers/hid/hid-core.c:1853
 hid_irq_in+0x2cb/0x3d0 drivers/hid/usbhid/hid-core.c:284
 __usb_hcd_giveback_urb+0x244/0x2e0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0xae/0x200 drivers/usb/core/hcd.c:1726
 dummy_timer+0x513/0x24a0 drivers/usb/gadget/udc/dummy_hcd.c:1971
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1431
 expire_timers+0x116/0x260 kernel/time/timer.c:1476
 __run_timers+0x358/0x3f0 kernel/time/timer.c:1745
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:422
 sysvec_apic_timer_interrupt+0x37/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632

read to 0xffffffff89018924 of 1 bytes by interrupt on cpu 1:
 add_input_randomness+0x35/0x2a0 drivers/char/random.c:1207
 input_handle_event+0x6b7/0xd50 drivers/input/input.c:378
 input_event+0x7d/0xa0 drivers/input/input.c:446
 hidinput_hid_event+0xb4b/0xcd0 drivers/hid/hid-input.c:1405
 hid_process_event+0x2f3/0x3c0 drivers/hid/hid-core.c:1522
 hid_input_field drivers/hid/hid-core.c:1566 [inline]
 hid_report_raw_event+0x8d4/0xbf0 drivers/hid/hid-core.c:1786
 hid_input_report+0x2c9/0x330 drivers/hid/hid-core.c:1853
 hid_irq_in+0x2cb/0x3d0 drivers/hid/usbhid/hid-core.c:284
 __usb_hcd_giveback_urb+0x244/0x2e0 drivers/usb/core/hcd.c:1656
 usb_hcd_giveback_urb+0xae/0x200 drivers/usb/core/hcd.c:1726
 dummy_timer+0x513/0x24a0 drivers/usb/gadget/udc/dummy_hcd.c:1971
 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1431
 expire_timers+0x116/0x260 kernel/time/timer.c:1476
 __run_timers+0x358/0x3f0 kernel/time/timer.c:1745
 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1758
 __do_softirq+0x13c/0x2c3 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu+0xb4/0xc0 kernel/softirq.c:422
 sysvec_apic_timer_interrupt+0x6e/0x80 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
 tomoyo_domain_quota_is_ok+0x1c7/0x2f0 security/tomoyo/util.c:1093
 tomoyo_supervisor+0x1f4/0xb40 security/tomoyo/common.c:2089
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_path_perm+0x261/0x330 security/tomoyo/file.c:838
 tomoyo_inode_getattr+0x18/0x20 security/tomoyo/tomoyo.c:123
 security_inode_getattr+0x7f/0xd0 security/security.c:1288
 vfs_getattr fs/stat.c:131 [inline]
 vfs_statx+0xf8/0x290 fs/stat.c:199
 vfs_fstatat fs/stat.c:217 [inline]
 vfs_lstat include/linux/fs.h:3240 [inline]
 __do_sys_newlstat fs/stat.c:372 [inline]
 __se_sys_newlstat+0x46/0x250 fs/stat.c:366
 __x64_sys_newlstat+0x2d/0x40 fs/stat.c:366
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 29788 Comm: systemd-udevd Tainted: G        W         5.12.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
kbd_keycode: 414 callbacks suppressed
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240
keyboard: can't emulate rawmode for keycode 240

Crashes (13):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci2-upstream-kcsan-gce	2021/04/04 19:04	upstream	2023a53b	6a81331a	.config	log	report	info	KCSAN: data-race in add_input_randomness / add_input_randomness
ci2-upstream-kcsan-gce	2021/03/22 03:22	upstream	5ee96fa9	bea32f74	.config	log	report	info	KCSAN: data-race in add_input_randomness / add_input_randomness
ci2-upstream-kcsan-gce	2021/02/22 05:10	upstream	55f62bc8	a659b3f1	.config	log	report	info	KCSAN: data-race in add_input_randomness / add_input_randomness
ci2-upstream-kcsan-gce	2021/02/12 07:24	upstream	dcc0b490	a5f86b15	.config	log	report	info	KCSAN: data-race in add_input_randomness / add_input_randomness
ci2-upstream-kcsan-gce	2021/02/04 11:34	upstream	61556703	42b90a7c	.config	log	report	info	KCSAN: data-race in add_input_randomness / add_input_randomness
ci2-upstream-kcsan-gce	2021/01/08 17:44	upstream	f5e6c330	c104d4a3	.config	log	report	info
ci2-upstream-kcsan-gce	2021/01/04 21:36	upstream	36bbbd0e	2a28ff1f	.config	log	report	info
ci2-upstream-kcsan-gce	2021/01/01 10:56	upstream	f6e1ea19	79264ae3	.config	log	report	info
ci2-upstream-kcsan-gce	2020/12/09 05:43	upstream	7d8761ba	40cc414d	.config	log	report	info
ci2-upstream-kcsan-gce	2020/11/25 23:53	upstream	fa02fcd9	3f581b43	.config	log	report	info
ci2-upstream-kcsan-gce	2020/11/08 21:24	upstream	9dbc1c03	cba33199	.config	log	report	info
ci2-upstream-kcsan-gce	2020/10/30 23:27	upstream	f5d80856	18e33098	.config	log	report	info
ci2-upstream-kcsan-gce	2020/10/29 18:51	upstream	23859ae4	a0c7169a	.config	log	report	info