[moderation] [selinux?] KCSAN: data-race in avc_policy_seqno / avc_ss_reset (3)
20 views
Skip to first unread message
syzbot
Apr 2, 2025, 9:45:23 PM4/2/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 92b71befc349 Merge tag 'objtool-urgent-2025-04-01' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16a55998580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8120cade23cf14e
dashboard link: https://syzkaller.appspot.com/bug?extid=a7f7cb0737bd91aa698c
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [linux-...@vger.kernel.org omos...@redhat.com pa...@paul-moore.com sel...@vger.kernel.org stephen.sm...@gmail.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2e7df7bc2f52/disk-92b71bef.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/be59123d5efb/vmlinux-92b71bef.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7c9eff86053e/bzImage-92b71bef.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a7f7cb...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in avc_policy_seqno / avc_ss_reset
write to 0xffffffff88e9dbe8 of 4 bytes by task 16776 on cpu 1:
avc_latest_notif_update security/selinux/avc.c:582 [inline]
avc_ss_reset+0x218/0x250 security/selinux/avc.c:971
selinux_notify_policy_change security/selinux/ss/services.c:2205 [inline]
security_set_bools+0x30b/0x350 security/selinux/ss/services.c:3130
sel_commit_bools_write+0x1ed/0x270 security/selinux/selinuxfs.c:1332
vfs_write+0x295/0x950 fs/read_write.c:682
ksys_pwrite64 fs/read_write.c:791 [inline]
__do_sys_pwrite64 fs/read_write.c:799 [inline]
__se_sys_pwrite64 fs/read_write.c:796 [inline]
__x64_sys_pwrite64+0xfb/0x150 fs/read_write.c:796
x64_sys_call+0xab9/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:19
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e9dbe8 of 4 bytes by task 16380 on cpu 0:
avc_policy_seqno+0x15/0x20 security/selinux/avc.c:1207
selinux_file_open+0x152/0x3c0 security/selinux/hooks.c:3994
security_file_open+0x33/0x70 security/security.c:3114
do_dentry_open+0x1fa/0xa20 fs/open.c:933
vfs_open+0x38/0x1e0 fs/open.c:1086
do_open fs/namei.c:3845 [inline]
path_openat+0x1b1c/0x2000 fs/namei.c:4004
do_filp_open+0x115/0x240 fs/namei.c:4031
do_sys_openat2+0xaa/0x110 fs/open.c:1429
do_sys_open fs/open.c:1444 [inline]
__do_sys_openat fs/open.c:1460 [inline]
__se_sys_openat fs/open.c:1455 [inline]
__x64_sys_openat+0xf8/0x120 fs/open.c:1455
x64_sys_call+0x1ac/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:258
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000025 -> 0x00000026
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 16380 Comm: syz-executor Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 92b71befc349 Merge tag 'objtool-urgent-2025-04-01' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16a55998580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8120cade23cf14e
dashboard link: https://syzkaller.appspot.com/bug?extid=a7f7cb0737bd91aa698c
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [linux-...@vger.kernel.org omos...@redhat.com pa...@paul-moore.com sel...@vger.kernel.org stephen.sm...@gmail.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2e7df7bc2f52/disk-92b71bef.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/be59123d5efb/vmlinux-92b71bef.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7c9eff86053e/bzImage-92b71bef.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a7f7cb...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in avc_policy_seqno / avc_ss_reset
write to 0xffffffff88e9dbe8 of 4 bytes by task 16776 on cpu 1:
avc_latest_notif_update security/selinux/avc.c:582 [inline]
avc_ss_reset+0x218/0x250 security/selinux/avc.c:971
selinux_notify_policy_change security/selinux/ss/services.c:2205 [inline]
security_set_bools+0x30b/0x350 security/selinux/ss/services.c:3130
sel_commit_bools_write+0x1ed/0x270 security/selinux/selinuxfs.c:1332
vfs_write+0x295/0x950 fs/read_write.c:682
ksys_pwrite64 fs/read_write.c:791 [inline]
__do_sys_pwrite64 fs/read_write.c:799 [inline]
__se_sys_pwrite64 fs/read_write.c:796 [inline]
__x64_sys_pwrite64+0xfb/0x150 fs/read_write.c:796
x64_sys_call+0xab9/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:19
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e9dbe8 of 4 bytes by task 16380 on cpu 0:
avc_policy_seqno+0x15/0x20 security/selinux/avc.c:1207
selinux_file_open+0x152/0x3c0 security/selinux/hooks.c:3994
security_file_open+0x33/0x70 security/security.c:3114
do_dentry_open+0x1fa/0xa20 fs/open.c:933
vfs_open+0x38/0x1e0 fs/open.c:1086
do_open fs/namei.c:3845 [inline]
path_openat+0x1b1c/0x2000 fs/namei.c:4004
do_filp_open+0x115/0x240 fs/namei.c:4031
do_sys_openat2+0xaa/0x110 fs/open.c:1429
do_sys_open fs/open.c:1444 [inline]
__do_sys_openat fs/open.c:1460 [inline]
__se_sys_openat fs/open.c:1455 [inline]
__x64_sys_openat+0xf8/0x120 fs/open.c:1455
x64_sys_call+0x1ac/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:258
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000025 -> 0x00000026
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 16380 Comm: syz-executor Not tainted 6.14.0-syzkaller-12508-g92b71befc349 #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages