KCSAN: data-race in step_into / vfs_unlink

From: Kaia Yadira
Date: Tue Jan 11 2022 - 08:29:37 EST

Next message: Wayne Chang: "Re: [PATCH 1/1] ucsi_ccg: Check DEV_INT bit only when starting CCG4"
Previous message: Andrzej Hajda: "Re: [PATCH v2] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX"
Next in thread: Christian Brauner: "Re: KCSAN: data-race in task_mem / unmap_region"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

When using Syzkaller to fuzz the latest Linux kernel, the following
crash was triggered.

HEAD commit: a7904a538933 Linux 5.16-rc6
git tree: upstream
console output: KCSAN: data-race in step_into / vfs_unlink
kernel config: https://paste.ubuntu.com/p/QB39MJKWKb/plain/
Syzlang reproducer: https://paste.ubuntu.com/p/qQPrVRrYfb/plain/

If you fix this issue, please add the following tag to the commit:

Reported-by: Hypericum <hypericumperforatum4444@xxxxxxxxx>

I think the program data race at the both reading and read/write at
the dentry->d_flags

reproducer log: https://paste.ubuntu.com/p/2xsqF6W3sB/plain/
reproducer report:

==================================================================
BUG: KCSAN: data-race in step_into / vfs_unlink

read-write to 0xffff88810a3899c0 of 4 bytes by task 5771 on cpu 1:
dont_mount include/linux/dcache.h:358 [inline]
vfs_unlink+0x28e/0x440 fs/namei.c:4102
do_unlinkat+0x278/0x540 fs/namei.c:4167
__do_sys_unlink fs/namei.c:4215 [inline]
__se_sys_unlink fs/namei.c:4213 [inline]
__x64_sys_unlink+0x2c/0x30 fs/namei.c:4213
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff88810a3899c0 of 4 bytes by task 1537 on cpu 5:
__follow_mount_rcu fs/namei.c:1429 [inline]
handle_mounts fs/namei.c:1486 [inline]
step_into+0xf4/0xea0 fs/namei.c:1800
walk_component+0x1a1/0x360 fs/namei.c:1976
lookup_last fs/namei.c:2425 [inline]
path_lookupat+0x12d/0x3c0 fs/namei.c:2449
filename_lookup+0x130/0x310 fs/namei.c:2478
user_path_at_empty+0x3e/0x110 fs/namei.c:2801
do_readlinkat+0x97/0x210 fs/stat.c:443
__do_sys_readlink fs/stat.c:476 [inline]
__se_sys_readlink fs/stat.c:473 [inline]
__x64_sys_readlink+0x43/0x50 fs/stat.c:473
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00600008 -> 0x00008008

Reported by Kernel Concurrency Sanitizer on:
CPU: 5 PID: 1537 Comm: systemd-udevd Not tainted 5.16.0-rc8+ #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
==================================================================

Next message: Wayne Chang: "Re: [PATCH 1/1] ucsi_ccg: Check DEV_INT bit only when starting CCG4"
Previous message: Andrzej Hajda: "Re: [PATCH v2] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX"
Next in thread: Christian Brauner: "Re: KCSAN: data-race in task_mem / unmap_region"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]