| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000000000000102ba005a2622624@google.com>
Date: Fri, 03 Apr 2020 05:35:12 -0700
From: syzbot <syzbot+71f39766a98dddab97b5@...kaller.appspotmail.com>
To: arve@...roid.com, christian@...uner.io, devel@...verdev.osuosl.org,
elver@...gle.com, gregkh@...uxfoundation.org,
joel@...lfernandes.org, linux-kernel@...r.kernel.org,
maco@...roid.com, syzkaller-bugs@...glegroups.com,
tkjos@...roid.com
Subject: KCSAN: data-race in binder_dec_node_nilocked / binder_state_show
Hello,
syzbot found the following crash on:
HEAD commit: 245a4300 Merge branch 'rcu/kcsan' into tip/locking/kcsan
git tree: https://github.com/google/ktsan.git kcsan
console output: https://syzkaller.appspot.com/x/log.txt?x=106b67f1e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b9db179318d21f
dashboard link: https://syzkaller.appspot.com/bug?extid=71f39766a98dddab97b5
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+71f39766a98dddab97b5@...kaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in binder_dec_node_nilocked / binder_state_show
write to 0xffff88809f276954 of 4 bytes by task 1408 on cpu 0:
binder_state_show+0xd8/0x260 drivers/android/binder.c:5938
seq_read+0x350/0x9d0 fs/seq_file.c:229
full_proxy_read+0xbd/0x100 fs/debugfs/file.c:220
do_loop_readv_writev fs/read_write.c:714 [inline]
do_loop_readv_writev fs/read_write.c:701 [inline]
do_iter_read+0x357/0x3d0 fs/read_write.c:935
vfs_readv+0x9c/0xf0 fs/read_write.c:997
do_preadv+0x131/0x1d0 fs/read_write.c:1089
__do_sys_preadv fs/read_write.c:1139 [inline]
__se_sys_preadv fs/read_write.c:1134 [inline]
__x64_sys_preadv+0x61/0x80 fs/read_write.c:1134
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff88809f276954 of 4 bytes by task 1416 on cpu 1:
binder_dec_node_nilocked+0x382/0x610 drivers/android/binder.c:1261
binder_dec_node_tmpref+0xa3/0x120 drivers/android/binder.c:1379
binder_put_node drivers/android/binder.c:1387 [inline]
binder_state_show+0x1aa/0x260 drivers/android/binder.c:5950
seq_read+0x350/0x9d0 fs/seq_file.c:229
full_proxy_read+0xbd/0x100 fs/debugfs/file.c:220
do_loop_readv_writev fs/read_write.c:714 [inline]
do_loop_readv_writev fs/read_write.c:701 [inline]
do_iter_read+0x357/0x3d0 fs/read_write.c:935
vfs_readv+0x9c/0xf0 fs/read_write.c:997
do_preadv+0x131/0x1d0 fs/read_write.c:1089
__do_sys_preadv fs/read_write.c:1139 [inline]
__se_sys_preadv fs/read_write.c:1134 [inline]
__x64_sys_preadv+0x61/0x80 fs/read_write.c:1134
do_syscall_64+0xcc/0x3a0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 1416 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists