KCSAN: data-race in netlink_getname / netlink

KCSAN: data-race in netlink_getname / netlink_insert (4)

Status: internal: reported on 2023/01/19 21:47
Labels: net (incorrect?)
Fix commit: c1bb9484e3b0 netlink: annotate data races around nlk->portid
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 138d, last: 127d

▶ ▼ Similar bugs (3)

Kernel	Title	Count	Last	Reported	Patched	Status
upstream	KCSAN: data-race in netlink_getname / netlink_insert (2)	58	778d	901d	0/24	auto-closed as invalid on 2021/05/18 14:30
upstream	KCSAN: data-race in netlink_getname / netlink_insert	32	1094d	1313d	0/24	closed as invalid on 2020/06/18 14:24
upstream	KCSAN: data-race in netlink_getname / netlink_insert (3)	66	200d	567d	0/24	auto-obsoleted due to no activity on 2022/12/17 03:31

Sample crash report:

==================================================================
BUG: KCSAN: data-race in netlink_getname / netlink_insert

write to 0xffff88813f176310 of 4 bytes by task 8357 on cpu 1:
 netlink_insert+0xf1/0x9a0 net/netlink/af_netlink.c:583
 netlink_autobind+0xae/0x180 net/netlink/af_netlink.c:856
 netlink_sendmsg+0x444/0x760 net/netlink/af_netlink.c:1895
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 ____sys_sendmsg+0x38f/0x500 net/socket.c:2476
 ___sys_sendmsg net/socket.c:2530 [inline]
 __sys_sendmsg+0x19a/0x230 net/socket.c:2559
 __do_sys_sendmsg net/socket.c:2568 [inline]
 __se_sys_sendmsg net/socket.c:2566 [inline]
 __x64_sys_sendmsg+0x42/0x50 net/socket.c:2566
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

read to 0xffff88813f176310 of 4 bytes by task 8364 on cpu 0:
 netlink_getname+0xcd/0x1a0 net/netlink/af_netlink.c:1144
 __sys_getsockname+0x11d/0x1b0 net/socket.c:2026
 __do_sys_getsockname net/socket.c:2041 [inline]
 __se_sys_getsockname net/socket.c:2038 [inline]
 __x64_sys_getsockname+0x3e/0x50 net/socket.c:2038
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x00000000 -> 0x000017fb

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8364 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller-00020-g7bf70dbb1882-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
==================================================================

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets	Manager	Title
2023/01/24 17:46	upstream	7bf70dbb1882	9dfcf09c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in netlink_getname / netlink_insert
2023/01/12 23:03	upstream	e8f60cd7db24	96166539	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-kcsan-gce	KCSAN: data-race in netlink_getname / netlink_insert

* ~~Struck through~~ repros no longer work on HEAD.