| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jan 2022 21:29:22 +0800
From: Kaia Yadira <hypericumperforatum4444@...il.com>
To: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Cc: sunhao.th@...il.com
Subject: KCSAN: data-race in step_into / vfs_unlink
Hello,
When using Syzkaller to fuzz the latest Linux kernel, the following
crash was triggered.
HEAD commit: a7904a538933 Linux 5.16-rc6
git tree: upstream
console output: KCSAN: data-race in step_into / vfs_unlink
kernel config: https://paste.ubuntu.com/p/QB39MJKWKb/plain/
Syzlang reproducer: https://paste.ubuntu.com/p/qQPrVRrYfb/plain/
If you fix this issue, please add the following tag to the commit:
Reported-by: Hypericum <hypericumperforatum4444@...il.com>
I think the program data race at the both reading and read/write at
the dentry->d_flags
reproducer log: https://paste.ubuntu.com/p/2xsqF6W3sB/plain/
reproducer report:
==================================================================
BUG: KCSAN: data-race in step_into / vfs_unlink
read-write to 0xffff88810a3899c0 of 4 bytes by task 5771 on cpu 1:
dont_mount include/linux/dcache.h:358 [inline]
vfs_unlink+0x28e/0x440 fs/namei.c:4102
do_unlinkat+0x278/0x540 fs/namei.c:4167
__do_sys_unlink fs/namei.c:4215 [inline]
__se_sys_unlink fs/namei.c:4213 [inline]
__x64_sys_unlink+0x2c/0x30 fs/namei.c:4213
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff88810a3899c0 of 4 bytes by task 1537 on cpu 5:
__follow_mount_rcu fs/namei.c:1429 [inline]
handle_mounts fs/namei.c:1486 [inline]
step_into+0xf4/0xea0 fs/namei.c:1800
walk_component+0x1a1/0x360 fs/namei.c:1976
lookup_last fs/namei.c:2425 [inline]
path_lookupat+0x12d/0x3c0 fs/namei.c:2449
filename_lookup+0x130/0x310 fs/namei.c:2478
user_path_at_empty+0x3e/0x110 fs/namei.c:2801
do_readlinkat+0x97/0x210 fs/stat.c:443
__do_sys_readlink fs/stat.c:476 [inline]
__se_sys_readlink fs/stat.c:473 [inline]
__x64_sys_readlink+0x43/0x50 fs/stat.c:473
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00600008 -> 0x00008008
Reported by Kernel Concurrency Sanitizer on:
CPU: 5 PID: 1537 Comm: systemd-udevd Not tainted 5.16.0-rc8+ #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
==================================================================
Powered by blists - more mailing lists