Hi: When using Healer(https://github.com/SunHao-0/healer/tree/dev) to fuzz the Linux kernel, I found a data-race vulnerability in __fput / ep_remove. Sorry, data-race is usually difficult to reproduce. I cannot provide you with a reproducing program. I hope that the call stack information in the crash log can help you locate the problem. Kernel config can be found in the attachment. Here is the detailed information: commit: 3b9cdafb5358eb9f3790de2f728f765fef100731 version: linux 5.11 git tree: upstream report: ================================================================== BUG: KCSAN: data-race in __fput / ep_remove write to 0xffff888041f062d0 of 8 bytes by task 14940 on cpu 0: ep_remove+0x2f0/0x340 linux/fs/eventpoll.c:691 ep_free+0x18b/0x210 linux/fs/eventpoll.c:765 ep_eventpoll_release+0x2e/0x40 linux/fs/eventpoll.c:782 __fput+0x260/0x4e0 linux/fs/file_table.c:280 ____fput+0x11/0x20 linux/fs/file_table.c:313 task_work_run+0x8e/0x110 linux/kernel/task_work.c:140 get_signal+0x1430/0x1470 linux/kernel/signal.c:2554 arch_do_signal_or_restart+0x2a/0x260 linux/arch/x86/kernel/signal.c:811 handle_signal_work linux/kernel/entry/common.c:147 [inline] exit_to_user_mode_loop linux/kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x109/0x1a0 linux/kernel/entry/common.c:208 __syscall_exit_to_user_mode_work linux/kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x20/0x40 linux/kernel/entry/common.c:301 do_syscall_64+0x45/0x80 linux/arch/x86/entry/common.c:56 entry_SYSCALL_64_after_hwframe+0x44/0xae
Attachment:
config
Description: Binary data
Attachment:
log0
Description: Binary data
Attachment:
repro.prog
Description: Binary data