syzbot

 sign-in | mailing list | source | docs
🐞 Open [1024] Subsystems 🐞 Fixed [5251] 🐞 Invalid [12575] Missing Backports [86] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KCSAN: data-race in tomoyo_check_path_acl / tomoyo_merge_path_acl (2)

Status: auto-closed as invalid on 2020/12/21 11:51
Subsystems: tomoyo
[Documentation on labels]
Reported-by: syzbot+bb609466f777542a0aba@syzkaller.appspotmail.com
First crash: 1301d, last: 1267d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in tomoyo_check_path_acl / tomoyo_merge_path_acl tomoyo 10 1549d 1652d 0/26 auto-closed as invalid on 2020/04/17 02:14
upstream KCSAN: data-race in tomoyo_check_path_acl / tomoyo_merge_path_acl (3) tomoyo 1 1193d 1193d 0/26 auto-closed as invalid on 2021/03/03 19:29

Sample crash report:
==================================================================
BUG: KCSAN: data-race in tomoyo_check_path_acl / tomoyo_merge_path_acl

write to 0xffff88810c95929a of 2 bytes by task 8435 on cpu 1:
 tomoyo_merge_path_acl+0x4c/0x70 security/tomoyo/file.c:372
 tomoyo_update_domain+0x337/0x3a0 security/tomoyo/domain.c:131
 tomoyo_update_path_acl security/tomoyo/file.c:398 [inline]
 tomoyo_write_file+0x210/0x910 security/tomoyo/file.c:1022
 tomoyo_write_domain2 security/tomoyo/common.c:1152 [inline]
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0xaad/0xb20 security/tomoyo/common.c:2103
 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
 tomoyo_path_permission security/tomoyo/file.c:587 [inline]
 tomoyo_path_perm+0x261/0x330 security/tomoyo/file.c:838
 tomoyo_path_truncate+0x18/0x20 security/tomoyo/tomoyo.c:135
 security_path_truncate+0x7f/0xd0 security/security.c:1145
 do_sys_ftruncate+0x38d/0x530 fs/open.c:193
 __do_sys_ftruncate fs/open.c:205 [inline]
 __se_sys_ftruncate fs/open.c:203 [inline]
 __x64_sys_ftruncate+0x2f/0x40 fs/open.c:203
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

read to 0xffff88810c95929a of 2 bytes by task 8459 on cpu 0:
 tomoyo_check_path_acl+0x1e/0xe0 security/tomoyo/file.c:258
 tomoyo_check_acl+0xcc/0x200 security/tomoyo/domain.c:175
 tomoyo_execute_permission+0xa1/0x190 security/tomoyo/file.c:615
 tomoyo_find_next_domain+0x213/0x10a0 security/tomoyo/domain.c:754
 tomoyo_bprm_check_security+0x96/0xd0 security/tomoyo/tomoyo.c:101
 security_bprm_check+0x3f/0x90 security/security.c:841
 search_binary_handler fs/exec.c:1691 [inline]
 exec_binprm+0x143/0x720 fs/exec.c:1744
 bprm_execve+0x435/0x610 fs/exec.c:1820
 do_execveat_common+0x60c/0x6c0 fs/exec.c:1915
 do_execve fs/exec.c:1983 [inline]
 __do_sys_execve fs/exec.c:2059 [inline]
 __se_sys_execve fs/exec.c:2054 [inline]
 __x64_sys_execve+0x56/0x70 fs/exec.c:2054
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 8459 Comm: syz-fuzzer Not tainted 5.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/11/15 03:17 upstream e28c0d7c92c8 1bf9a662 .config console log report info ci2-upstream-kcsan-gce
2020/10/12 08:36 upstream bbf5c979011a 4a77ae0b .config console log report info ci2-upstream-kcsan-gce
* Struck through repros no longer work on HEAD.