[moderation] [selinux?] KCSAN: data-race in inode_doinit_with_dentry / inode_doinit_with_dentry (4)
5 views
Skip to first unread message
syzbot
May 7, 2025, 4:53:31 AM5/7/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0d8d44db295c Merge tag 'for-6.15-rc5-tag' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16ad282f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=6154604431d9aaf9
dashboard link: https://syzkaller.appspot.com/bug?extid=e8cb5beeaded7c977b62
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
CC: [linux-...@vger.kernel.org omos...@redhat.com pa...@paul-moore.com sel...@vger.kernel.org stephen.sm...@gmail.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d91fa429308f/disk-0d8d44db.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/24f0298ad2f8/vmlinux-0d8d44db.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d805d3a8719f/bzImage-0d8d44db.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e8cb5b...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in inode_doinit_with_dentry / inode_doinit_with_dentry
write to 0xffff88813f0103ea of 1 bytes by task 22297 on cpu 0:
inode_doinit_with_dentry+0x286/0x7a0 security/selinux/hooks.c:1448
__inode_security_revalidate security/selinux/hooks.c:300 [inline]
inode_security security/selinux/hooks.c:325 [inline]
selinux_file_open+0xef/0x370 security/selinux/hooks.c:3985
security_file_open+0x36/0x70 security/security.c:3114
do_dentry_open+0x204/0xa20 fs/open.c:933
vfs_open+0x37/0x1e0 fs/open.c:1086
dentry_open+0x4a/0x90 fs/open.c:1109
pidfs_alloc_file+0x12f/0x200 fs/pidfs.c:891
__pidfd_prepare kernel/fork.c:2074 [inline]
pidfd_prepare+0x66/0xd0 kernel/fork.c:2116
pidfd_create kernel/pid.c:627 [inline]
__do_sys_pidfd_open kernel/pid.c:663 [inline]
__se_sys_pidfd_open+0x133/0x260 kernel/pid.c:648
__x64_sys_pidfd_open+0x31/0x40 kernel/pid.c:648
x64_sys_call+0x2a5f/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:435
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88813f0103ea of 1 bytes by task 22296 on cpu 1:
inode_doinit_with_dentry+0x75/0x7a0 security/selinux/hooks.c:1423
__inode_security_revalidate security/selinux/hooks.c:300 [inline]
inode_security security/selinux/hooks.c:325 [inline]
selinux_file_open+0xef/0x370 security/selinux/hooks.c:3985
security_file_open+0x36/0x70 security/security.c:3114
do_dentry_open+0x204/0xa20 fs/open.c:933
vfs_open+0x37/0x1e0 fs/open.c:1086
dentry_open+0x4a/0x90 fs/open.c:1109
pidfs_alloc_file+0x12f/0x200 fs/pidfs.c:891
__pidfd_prepare kernel/fork.c:2074 [inline]
pidfd_prepare+0x66/0xd0 kernel/fork.c:2116
pidfd_create kernel/pid.c:627 [inline]
__do_sys_pidfd_open kernel/pid.c:663 [inline]
__se_sys_pidfd_open+0x133/0x260 kernel/pid.c:648
__x64_sys_pidfd_open+0x31/0x40 kernel/pid.c:648
x64_sys_call+0x2a5f/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:435
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22296 Comm: syz.5.6002 Tainted: G W 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 0d8d44db295c Merge tag 'for-6.15-rc5-tag' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16ad282f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=6154604431d9aaf9
dashboard link: https://syzkaller.appspot.com/bug?extid=e8cb5beeaded7c977b62
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
CC: [linux-...@vger.kernel.org omos...@redhat.com pa...@paul-moore.com sel...@vger.kernel.org stephen.sm...@gmail.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d91fa429308f/disk-0d8d44db.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/24f0298ad2f8/vmlinux-0d8d44db.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d805d3a8719f/bzImage-0d8d44db.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e8cb5b...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in inode_doinit_with_dentry / inode_doinit_with_dentry
write to 0xffff88813f0103ea of 1 bytes by task 22297 on cpu 0:
inode_doinit_with_dentry+0x286/0x7a0 security/selinux/hooks.c:1448
__inode_security_revalidate security/selinux/hooks.c:300 [inline]
inode_security security/selinux/hooks.c:325 [inline]
selinux_file_open+0xef/0x370 security/selinux/hooks.c:3985
security_file_open+0x36/0x70 security/security.c:3114
do_dentry_open+0x204/0xa20 fs/open.c:933
vfs_open+0x37/0x1e0 fs/open.c:1086
dentry_open+0x4a/0x90 fs/open.c:1109
pidfs_alloc_file+0x12f/0x200 fs/pidfs.c:891
__pidfd_prepare kernel/fork.c:2074 [inline]
pidfd_prepare+0x66/0xd0 kernel/fork.c:2116
pidfd_create kernel/pid.c:627 [inline]
__do_sys_pidfd_open kernel/pid.c:663 [inline]
__se_sys_pidfd_open+0x133/0x260 kernel/pid.c:648
__x64_sys_pidfd_open+0x31/0x40 kernel/pid.c:648
x64_sys_call+0x2a5f/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:435
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff88813f0103ea of 1 bytes by task 22296 on cpu 1:
inode_doinit_with_dentry+0x75/0x7a0 security/selinux/hooks.c:1423
__inode_security_revalidate security/selinux/hooks.c:300 [inline]
inode_security security/selinux/hooks.c:325 [inline]
selinux_file_open+0xef/0x370 security/selinux/hooks.c:3985
security_file_open+0x36/0x70 security/security.c:3114
do_dentry_open+0x204/0xa20 fs/open.c:933
vfs_open+0x37/0x1e0 fs/open.c:1086
dentry_open+0x4a/0x90 fs/open.c:1109
pidfs_alloc_file+0x12f/0x200 fs/pidfs.c:891
__pidfd_prepare kernel/fork.c:2074 [inline]
pidfd_prepare+0x66/0xd0 kernel/fork.c:2116
pidfd_create kernel/pid.c:627 [inline]
__do_sys_pidfd_open kernel/pid.c:663 [inline]
__se_sys_pidfd_open+0x133/0x260 kernel/pid.c:648
__x64_sys_pidfd_open+0x31/0x40 kernel/pid.c:648
x64_sys_call+0x2a5f/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:435
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 22296 Comm: syz.5.6002 Tainted: G W 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(voluntary)
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 23, 2025, 6:33:27 PM8/23/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages