lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CACDmwr-0J1C=8Eba9bX9sCRdxVmF_u370xWoNo5vnTr4giUPCw@mail.gmail.com>
Date:   Tue, 11 Jan 2022 21:29:22 +0800
From:   Kaia Yadira <hypericumperforatum4444@...il.com>
To:     viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Cc:     sunhao.th@...il.com
Subject: KCSAN: data-race in step_into / vfs_unlink

Hello,

When using Syzkaller to fuzz the latest Linux kernel, the following
crash was triggered.

HEAD commit: a7904a538933 Linux 5.16-rc6
git tree: upstream
console output: KCSAN: data-race in step_into / vfs_unlink
kernel config: https://paste.ubuntu.com/p/QB39MJKWKb/plain/
Syzlang reproducer: https://paste.ubuntu.com/p/qQPrVRrYfb/plain/

If you fix this issue, please add the following tag to the commit:

Reported-by: Hypericum <hypericumperforatum4444@...il.com>

I think the program data race at the both reading and read/write at
the dentry->d_flags

reproducer log: https://paste.ubuntu.com/p/2xsqF6W3sB/plain/
reproducer report:

==================================================================
BUG: KCSAN: data-race in step_into / vfs_unlink

read-write to 0xffff88810a3899c0 of 4 bytes by task 5771 on cpu 1:
 dont_mount include/linux/dcache.h:358 [inline]
 vfs_unlink+0x28e/0x440 fs/namei.c:4102
 do_unlinkat+0x278/0x540 fs/namei.c:4167
 __do_sys_unlink fs/namei.c:4215 [inline]
 __se_sys_unlink fs/namei.c:4213 [inline]
 __x64_sys_unlink+0x2c/0x30 fs/namei.c:4213
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff88810a3899c0 of 4 bytes by task 1537 on cpu 5:
 __follow_mount_rcu fs/namei.c:1429 [inline]
 handle_mounts fs/namei.c:1486 [inline]
 step_into+0xf4/0xea0 fs/namei.c:1800
 walk_component+0x1a1/0x360 fs/namei.c:1976
 lookup_last fs/namei.c:2425 [inline]
 path_lookupat+0x12d/0x3c0 fs/namei.c:2449
 filename_lookup+0x130/0x310 fs/namei.c:2478
 user_path_at_empty+0x3e/0x110 fs/namei.c:2801
 do_readlinkat+0x97/0x210 fs/stat.c:443
 __do_sys_readlink fs/stat.c:476 [inline]
 __se_sys_readlink fs/stat.c:473 [inline]
 __x64_sys_readlink+0x43/0x50 fs/stat.c:473
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00600008 -> 0x00008008

Reported by Kernel Concurrency Sanitizer on:
CPU: 5 PID: 1537 Comm: systemd-udevd Not tainted 5.16.0-rc8+ #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
==================================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ