| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Feb 2022 02:39:18 -0800
From: syzbot <syzbot+9f00f7796f970f61ce79@...kaller.appspotmail.com>
To: herbert@...dor.apana.org.au, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org, lvivier@...hat.com, mpm@...enic.com,
mst@...hat.com, syzkaller-bugs@...glegroups.com
Subject: [syzbot] KCSAN: data-race in random_recv_done / virtio_read
Hello,
syzbot found the following issue on:
HEAD commit: f4bc5bbb5fef Merge tag 'nfsd-5.17-2' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=149676d8700000
kernel config: https://syzkaller.appspot.com/x/.config?x=1dcc3374da7c1f7c
dashboard link: https://syzkaller.appspot.com/bug?extid=9f00f7796f970f61ce79
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9f00f7796f970f61ce79@...kaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in random_recv_done / virtio_read
write to 0xffff88810254d8cc of 4 bytes by interrupt on cpu 1:
random_recv_done+0x58/0x80 drivers/char/hw_random/virtio-rng.c:45
vring_interrupt+0x15d/0x180 drivers/virtio/virtio_ring.c:2165
__handle_irq_event_percpu+0x92/0x450 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x7b/0x110 kernel/irq/handle.c:210
handle_edge_irq+0x18e/0x5f0 kernel/irq/chip.c:820
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0x60/0x100 arch/x86/kernel/irq.c:250
common_interrupt+0x9a/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40
preempt_count arch/x86/include/asm/preempt.h:27 [inline]
check_kcov_mode kernel/kcov.c:166 [inline]
__sanitizer_cov_trace_pc+0x14/0x60 kernel/kcov.c:200
zap_pte_range+0x87d/0x10e0 mm/memory.c:1423
zap_pmd_range mm/memory.c:1490 [inline]
zap_pud_range mm/memory.c:1519 [inline]
zap_p4d_range mm/memory.c:1540 [inline]
unmap_page_range+0x2dc/0x3d0 mm/memory.c:1561
unmap_single_vma+0x157/0x210 mm/memory.c:1606
unmap_vmas+0xd0/0x180 mm/memory.c:1638
exit_mmap+0x261/0x4b0 mm/mmap.c:3178
__mmput+0x27/0x1b0 kernel/fork.c:1114
mmput+0x3d/0x50 kernel/fork.c:1135
exit_mm+0xdb/0x170 kernel/exit.c:507
do_exit+0x569/0x16a0 kernel/exit.c:793
do_group_exit+0x8b/0x160 kernel/exit.c:935
__do_sys_exit_group+0xb/0x10 kernel/exit.c:946
__se_sys_exit_group+0x5/0x10 kernel/exit.c:944
__x64_sys_exit_group+0x16/0x20 kernel/exit.c:944
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
write to 0xffff88810254d8cc of 4 bytes by task 30156 on cpu 0:
request_entropy drivers/char/hw_random/virtio-rng.c:56 [inline]
copy_data drivers/char/hw_random/virtio-rng.c:74 [inline]
virtio_read+0x1a0/0x450 drivers/char/hw_random/virtio-rng.c:92
rng_get_data drivers/char/hw_random/core.c:192 [inline]
rng_dev_read+0x1b4/0x630 drivers/char/hw_random/core.c:229
vfs_read+0x1e6/0x750 fs/read_write.c:479
ksys_read+0xd9/0x190 fs/read_write.c:619
__do_sys_read fs/read_write.c:629 [inline]
__se_sys_read fs/read_write.c:627 [inline]
__x64_sys_read+0x3e/0x50 fs/read_write.c:627
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00000040 -> 0x00000000
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 30156 Comm: syz-executor.0 Not tainted 5.17.0-rc3-syzkaller-00043-gf4bc5bbb5fef-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists