syzbot


KCSAN: data-race in data_push_tail / symbol_string (2)

Status: auto-closed as invalid on 2022/01/16 12:11
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 356d, last: 356d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in data_push_tail / symbol_string (3) 1 276d 276d 0/24 auto-closed as invalid on 2022/04/05 16:28
upstream KCSAN: data-race in data_push_tail / symbol_string 1 535d 535d 0/24 auto-closed as invalid on 2021/07/21 00:16

Sample crash report:
==================================================================
BUG: KCSAN: data-race in data_push_tail / symbol_string

write to 0xffffffff86d8e890 of 1 bytes by task 10985 on cpu 0:
 string_nocheck lib/vsprintf.c:642 [inline]
 symbol_string+0x1bf/0x250 lib/vsprintf.c:1007
 pointer+0x5c9/0x830 lib/vsprintf.c:2402
 vsnprintf+0x8a1/0xed0 lib/vsprintf.c:2809
 vscnprintf+0x29/0x80 lib/vsprintf.c:2908
 printk_sprint kernel/printk/printk.c:2076 [inline]
 vprintk_store+0x638/0xbb0 kernel/printk/printk.c:2186
 vprintk_emit+0xac/0x3c0 kernel/printk/printk.c:2229
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2256
 vprintk+0x7f/0x90 kernel/printk/printk_safe.c:50
 _printk+0x76/0x97 kernel/printk/printk.c:2266
 printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
 show_trace_log_lvl+0x5f7/0x670 arch/x86/kernel/dumpstack.c:282
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd6/0x122 lib/dump_stack.c:106
 dump_stack+0x11/0x1b lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:52 [inline]
 should_fail+0x23c/0x250 lib/fault-inject.c:146
 __should_failslab+0x81/0x90 mm/failslab.c:33
 should_failslab+0x5/0x20 mm/slab_common.c:1320
 slab_pre_alloc_hook mm/slab.h:494 [inline]
 slab_alloc_node mm/slab.c:3222 [inline]
 kmem_cache_alloc_node+0x61/0x2d0 mm/slab.c:3599
 __alloc_skb+0xf0/0x450 net/core/skbuff.c:414
 alloc_skb include/linux/skbuff.h:1126 [inline]
 netlink_dump+0x118/0x6b0 net/netlink/af_netlink.c:2244
 netlink_recvmsg+0x486/0x810 net/netlink/af_netlink.c:2004
 ____sys_recvmsg+0x16c/0x320
 ___sys_recvmsg net/socket.c:2670 [inline]
 do_recvmmsg+0x3f5/0xae0 net/socket.c:2764
 __sys_recvmmsg net/socket.c:2843 [inline]
 __do_sys_recvmmsg net/socket.c:2866 [inline]
 __se_sys_recvmmsg net/socket.c:2859 [inline]
 __x64_sys_recvmmsg+0xde/0x160 net/socket.c:2859
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffffffff86d8e890 of 8 bytes by task 11095 on cpu 1:
 data_make_reusable kernel/printk/printk_ringbuffer.c:587 [inline]
 data_push_tail+0x138/0x470 kernel/printk/printk_ringbuffer.c:672
 data_alloc+0xbc/0x2b0 kernel/printk/printk_ringbuffer.c:1043
 prb_reserve+0x920/0xbf0 kernel/printk/printk_ringbuffer.c:1549
 vprintk_store+0x560/0xbb0 kernel/printk/printk.c:2176
 vprintk_emit+0xac/0x3c0 kernel/printk/printk.c:2229
 vprintk_default+0x22/0x30 kernel/printk/printk.c:2256
 vprintk+0x7f/0x90 kernel/printk/printk_safe.c:50
 _printk+0x76/0x97 kernel/printk/printk.c:2266
 validate_nla lib/nlattr.c:377 [inline]
 __nla_validate_parse+0xf9c/0x1760 lib/nlattr.c:588
 __nla_validate+0x3a/0x50 lib/nlattr.c:630
 __nla_validate_nested include/net/netlink.h:1836 [inline]
 nla_validate_nested_deprecated include/net/netlink.h:1854 [inline]
 ctnetlink_parse_tuple_ip net/netfilter/nf_conntrack_netlink.c:1310 [inline]
 ctnetlink_parse_tuple_filter+0x1d8/0x740 net/netfilter/nf_conntrack_netlink.c:1446
 ctnetlink_parse_tuple net/netfilter/nf_conntrack_netlink.c:1487 [inline]
 ctnetlink_new_conntrack+0x161/0x1aa0 net/netfilter/nf_conntrack_netlink.c:2429
 nfnetlink_rcv_msg+0x4d0/0x590 net/netfilter/nfnetlink.c:296
 netlink_rcv_skb+0x14e/0x250 net/netlink/af_netlink.c:2496
 nfnetlink_rcv+0x17c/0x13c0 net/netfilter/nfnetlink.c:654
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x5fc/0x6c0 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x726/0x840 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg net/socket.c:724 [inline]
 ____sys_sendmsg+0x39a/0x510 net/socket.c:2409
 ___sys_sendmsg net/socket.c:2463 [inline]
 __sys_sendmsg+0x195/0x230 net/socket.c:2492
 __do_sys_sendmsg net/socket.c:2501 [inline]
 __se_sys_sendmsg net/socket.c:2499 [inline]
 __x64_sys_sendmsg+0x42/0x50 net/socket.c:2499
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x000000010000968b -> 0x302f36383478302b

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 11095 Comm: syz-executor.4 Not tainted 5.16.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2021/12/12 12:10 upstream a763d5a5abd6 49ca1f59 .config log report info KCSAN: data-race in data_push_tail / symbol_string
* Struck through repros no longer work on HEAD.