KCSAN: data-race in step_into / vfs_unlink

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

When using Syzkaller to fuzz the latest Linux kernel, the following
crash was triggered.

HEAD commit: a7904a538933 Linux 5.16-rc6
git tree: upstream
console output: KCSAN: data-race in step_into / vfs_unlink
kernel config: https://paste.ubuntu.com/p/QB39MJKWKb/plain/
Syzlang reproducer: https://paste.ubuntu.com/p/qQPrVRrYfb/plain/

If you fix this issue, please add the following tag to the commit:

Reported-by: Hypericum <hypericumperforatum4444@xxxxxxxxx>

I think the program data race at the both reading and read/write at
the dentry->d_flags

reproducer log: https://paste.ubuntu.com/p/2xsqF6W3sB/plain/
reproducer report:

==================================================================
BUG: KCSAN: data-race in step_into / vfs_unlink

read-write to 0xffff88810a3899c0 of 4 bytes by task 5771 on cpu 1:
 dont_mount include/linux/dcache.h:358 [inline]
 vfs_unlink+0x28e/0x440 fs/namei.c:4102
 do_unlinkat+0x278/0x540 fs/namei.c:4167
 __do_sys_unlink fs/namei.c:4215 [inline]
 __se_sys_unlink fs/namei.c:4213 [inline]
 __x64_sys_unlink+0x2c/0x30 fs/namei.c:4213
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff88810a3899c0 of 4 bytes by task 1537 on cpu 5:
 __follow_mount_rcu fs/namei.c:1429 [inline]
 handle_mounts fs/namei.c:1486 [inline]
 step_into+0xf4/0xea0 fs/namei.c:1800
 walk_component+0x1a1/0x360 fs/namei.c:1976
 lookup_last fs/namei.c:2425 [inline]
 path_lookupat+0x12d/0x3c0 fs/namei.c:2449
 filename_lookup+0x130/0x310 fs/namei.c:2478
 user_path_at_empty+0x3e/0x110 fs/namei.c:2801
 do_readlinkat+0x97/0x210 fs/stat.c:443
 __do_sys_readlink fs/stat.c:476 [inline]
 __se_sys_readlink fs/stat.c:473 [inline]
 __x64_sys_readlink+0x43/0x50 fs/stat.c:473
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00600008 -> 0x00008008

Reported by Kernel Concurrency Sanitizer on:
CPU: 5 PID: 1537 Comm: systemd-udevd Not tainted 5.16.0-rc8+ #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
==================================================================
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux