netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. ================================================================== BUG: KCSAN: data-race in data_push_tail / number write to 0xffffffff87092c45 of 1 bytes by task 22275 on cpu 0: number+0x66d/0xbe0 lib/vsprintf.c:548 vsnprintf+0xa5e/0xe80 lib/vsprintf.c:2866 vscnprintf+0x3e/0x80 lib/vsprintf.c:2906 printk_sprint kernel/printk/printk.c:2089 [inline] vprintk_store+0x5f2/0xb50 kernel/printk/printk.c:2203 vprintk_emit+0xcc/0x430 kernel/printk/printk.c:2249 vprintk_default+0x22/0x30 kernel/printk/printk.c:2279 vprintk+0x7f/0x90 kernel/printk/printk_safe.c:50 _printk+0x76/0x96 kernel/printk/printk.c:2289 vhci_hub_control+0xa76/0xdb0 drivers/usb/usbip/vhci_hcd.c:636 rh_call_control drivers/usb/core/hcd.c:683 [inline] rh_urb_enqueue drivers/usb/core/hcd.c:848 [inline] usb_hcd_submit_urb+0xc8e/0x1360 drivers/usb/core/hcd.c:1552 usb_submit_urb+0xbef/0xca0 drivers/usb/core/urb.c:596 proc_do_submiturb+0x1b26/0x1d50 drivers/usb/core/devio.c:1959 proc_submiturb drivers/usb/core/devio.c:1991 [inline] usbdev_do_ioctl drivers/usb/core/devio.c:2687 [inline] usbdev_ioctl+0x21e9/0x4150 drivers/usb/core/devio.c:2807 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xcb/0x140 fs/ioctl.c:856 __x64_sys_ioctl+0x3f/0x50 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd read to 0xffffffff87092c40 of 8 bytes by task 22278 on cpu 1: data_make_reusable kernel/printk/printk_ringbuffer.c:590 [inline] data_push_tail+0x10f/0x440 kernel/printk/printk_ringbuffer.c:675 data_alloc+0xbc/0x2b0 kernel/printk/printk_ringbuffer.c:1046 prb_reserve+0x897/0xbd0 kernel/printk/printk_ringbuffer.c:1555 vprintk_store+0x51c/0xb50 kernel/printk/printk.c:2193 vprintk_emit+0xcc/0x430 kernel/printk/printk.c:2249 vprintk_default+0x22/0x30 kernel/printk/printk.c:2279 vprintk+0x7f/0x90 kernel/printk/printk_safe.c:50 _printk+0x76/0x96 kernel/printk/printk.c:2289 __nla_validate_parse+0x1675/0x1a20 lib/nlattr.c:623 __nla_parse+0x3c/0x50 lib/nlattr.c:708 nla_parse_nested_deprecated include/net/netlink.h:1242 [inline] nf_tables_expr_parse+0x73/0x4b0 net/netfilter/nf_tables_api.c:2815 nft_expr_init net/netfilter/nf_tables_api.c:2898 [inline] nft_set_elem_expr_alloc+0x50/0x2f0 net/netfilter/nf_tables_api.c:5462 nf_tables_newset+0xcf9/0x1200 net/netfilter/nf_tables_api.c:4561 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:517 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline] nfnetlink_rcv+0xa84/0x13c0 net/netfilter/nfnetlink.c:656 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x58a/0x660 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x666/0x760 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0x38f/0x500 net/socket.c:2482 ___sys_sendmsg net/socket.c:2536 [inline] __sys_sendmsg+0x19a/0x230 net/socket.c:2565 __do_sys_sendmsg net/socket.c:2574 [inline] __se_sys_sendmsg net/socket.c:2572 [inline] __x64_sys_sendmsg+0x42/0x50 net/socket.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd value changed: 0x0000000100000973 -> 0x2030303030203a71 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 22278 Comm: syz-executor.0 Not tainted 6.1.0-rc1-syzkaller-00025-gaae703b02f92-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 ================================================================== syz-executor.0 (22278) used greatest stack depth: 9432 bytes left