[syzbot] KCSAN: data-race in assoc_array_apply_edit / search_nested_keyrings
29 views
Skip to first unread message
syzbot
May 4, 2021, 7:33:18 AM5/4/21
to dhow...@redhat.com, jar...@kernel.org, jmo...@namei.org, keyr...@vger.kernel.org, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, se...@hallyn.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5e321ded Merge tag 'for-5.13/parisc' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=111cafb9d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4da2ebcb6e8f526
dashboard link: https://syzkaller.appspot.com/bug?extid=e4eb6db47eb0f80308c6
compiler: Debian clang version 11.0.1-2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e4eb6d...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in assoc_array_apply_edit / search_nested_keyrings
write to 0xffff8881065ffc10 of 8 bytes by task 30966 on cpu 1:
assoc_array_apply_edit+0x3e/0x660 lib/assoc_array.c:1357
__key_link+0x8a/0xc0 security/keys/keyring.c:1372
__key_instantiate_and_link+0x15b/0x290 security/keys/key.c:459
key_create_or_update+0x750/0x990 security/keys/key.c:941
__do_sys_add_key security/keys/keyctl.c:134 [inline]
__se_sys_add_key+0x26f/0x300 security/keys/keyctl.c:74
__x64_sys_add_key+0x63/0x70 security/keys/keyctl.c:74
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff8881065ffc10 of 8 bytes by task 30971 on cpu 0:
search_nested_keyrings+0x34f/0x920 security/keys/keyring.c:751
keyring_search_rcu+0xf4/0x180 security/keys/keyring.c:922
search_cred_keyrings_rcu+0x135/0x240 security/keys/process_keys.c:480
search_process_keyrings_rcu security/keys/process_keys.c:544 [inline]
lookup_user_key+0xab6/0xd40 security/keys/process_keys.c:762
__do_sys_add_key security/keys/keyctl.c:126 [inline]
__se_sys_add_key+0x23a/0x300 security/keys/keyctl.c:74
__x64_sys_add_key+0x63/0x70 security/keys/keyctl.c:74
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 30971 Comm: syz-executor.1 Not tainted 5.12.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 5e321ded Merge tag 'for-5.13/parisc' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=111cafb9d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4da2ebcb6e8f526
dashboard link: https://syzkaller.appspot.com/bug?extid=e4eb6db47eb0f80308c6
compiler: Debian clang version 11.0.1-2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e4eb6d...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in assoc_array_apply_edit / search_nested_keyrings
write to 0xffff8881065ffc10 of 8 bytes by task 30966 on cpu 1:
assoc_array_apply_edit+0x3e/0x660 lib/assoc_array.c:1357
__key_link+0x8a/0xc0 security/keys/keyring.c:1372
__key_instantiate_and_link+0x15b/0x290 security/keys/key.c:459
key_create_or_update+0x750/0x990 security/keys/key.c:941
__do_sys_add_key security/keys/keyctl.c:134 [inline]
__se_sys_add_key+0x26f/0x300 security/keys/keyctl.c:74
__x64_sys_add_key+0x63/0x70 security/keys/keyctl.c:74
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff8881065ffc10 of 8 bytes by task 30971 on cpu 0:
search_nested_keyrings+0x34f/0x920 security/keys/keyring.c:751
keyring_search_rcu+0xf4/0x180 security/keys/keyring.c:922
search_cred_keyrings_rcu+0x135/0x240 security/keys/process_keys.c:480
search_process_keyrings_rcu security/keys/process_keys.c:544 [inline]
lookup_user_key+0xab6/0xd40 security/keys/process_keys.c:762
__do_sys_add_key security/keys/keyctl.c:126 [inline]
__se_sys_add_key+0x23a/0x300 security/keys/keyctl.c:74
__x64_sys_add_key+0x63/0x70 security/keys/keyctl.c:74
do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 30971 Comm: syz-executor.1 Not tainted 5.12.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Marco Elver
May 4, 2021, 7:38:33 AM5/4/21
to syzbot, David Howells, jar...@kernel.org, jmo...@namei.org, keyr...@vger.kernel.org, LKML, linux-secu...@vger.kernel.org, se...@hallyn.com, syzkaller-bugs
Hello,
I found this interesting because the code around
security/keys/keyring.c:751 is diligent in marking concurrency
accesses with READ_ONCE(). So on the off-chance there is unexpected
concurrency here, I thought it'd be worth double-checking as I wasn't
able to conclude if this is just missing a READ_ONCE().
Thank you!
security/keys/keyring.c:751 is diligent in marking concurrency
accesses with READ_ONCE(). So on the off-chance there is unexpected
concurrency here, I thought it'd be worth double-checking as I wasn't
able to conclude if this is just missing a READ_ONCE().
Thank you!
Eric Biggers
May 4, 2021, 1:01:57 PM5/4/21
to Marco Elver, syzbot, David Howells, jar...@kernel.org, jmo...@namei.org, keyr...@vger.kernel.org, LKML, linux-secu...@vger.kernel.org, se...@hallyn.com, syzkaller-bugs
smp_store_release() would also handle this properly, without the need for the
explicit smp_wmb().
- Eric
kathyde...@gmail.com
May 7, 2021, 1:58:18 AM5/7/21
to syzkaller-bugs
hey gays give me an email to see more kathyde...@gmail.com
ketamine liquid and powder,
oxycodone 30mg & 40mg,
xanax bars 2mg,
ENQUIRIES:
-Email:( kathyde...@gmail.com )
Diaz 5mgs 1000pills
Diaz 5mgs 2000pills
Diaz 5mgs 5000pills
Diaz 10mgs 1000pills
Diaz 10mgs 2000pills
Diaz 10mgs 5000pills
$
Percocet 5mg 1000pills
Percocet 5mg 2000pills
Percocet 5mg 5000pills
Adderall 300mg 1000pills
Adderall 300mg 2000pills
Adderall 300mg 5000pills
Ket 5vials
Ket 10vials
Ket 15vials
Tram 225/250mgs 1000pills
Tram 225/250mgs 2000pills
Tram 225/250mgs 5000pills
xanax bars 2mg,
ENQUIRIES:
-Email:( kathyde...@gmail.com )
Diaz 5mgs 1000pills
Diaz 5mgs 2000pills
Diaz 5mgs 5000pills
Diaz 10mgs 1000pills
Diaz 10mgs 2000pills
Diaz 10mgs 5000pills
$
Percocet 5mg 1000pills
Percocet 5mg 2000pills
Percocet 5mg 5000pills
Adderall 300mg 1000pills
Adderall 300mg 2000pills
Adderall 300mg 5000pills
Ket 5vials
Ket 10vials
Ket 15vials
Tram 225/250mgs 1000pills
Tram 225/250mgs 2000pills
Tram 225/250mgs 5000pills
hey guys here is my is my website
https://benzoshouse.com/syzbot
Jun 7, 2021, 11:51:20 PM6/7/21
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages