[moderation] [selinux?] KCSAN: data-race in selinux_inode_permission / selinux_inode_permission
0 views
Skip to first unread message
syzbot
May 28, 2025, 10:36:31 PMMay 28
Hello,
syzbot found the following issue on:
HEAD commit: 3d413f0cfd7e Merge tag 'audit-pr-20250527' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=172a1df4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=3af56729e26be7d
dashboard link: https://syzkaller.appspot.com/bug?extid=48266d06935c7f0ac766
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
CC: [[email protected] [email protected] [email protected] [email protected] [email protected]]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/97acdca9a9a2/disk-3d413f0c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7c50fd817f1c/vmlinux-3d413f0c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a4e67928f8ac/bzImage-3d413f0c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
==================================================================
BUG: KCSAN: data-race in selinux_inode_permission / selinux_inode_permission
read to 0xffff888117929ca0 of 4 bytes by task 18447 on cpu 0:
task_avdcache_search security/selinux/hooks.c:3145 [inline]
selinux_inode_permission+0x2a7/0x620 security/selinux/hooks.c:3219
security_inode_permission+0x6d/0xb0 security/security.c:2324
inode_permission+0x106/0x310 fs/namei.c:601
may_lookup fs/namei.c:1845 [inline]
link_path_walk+0x162/0x900 fs/namei.c:2454
path_openat+0x1de/0x2170 fs/namei.c:4042
do_filp_open+0x109/0x230 fs/namei.c:4073
io_openat2+0x272/0x390 io_uring/openclose.c:142
io_openat+0x1b/0x30 io_uring/openclose.c:179
__io_issue_sqe+0xfe/0x2e0 io_uring/io_uring.c:1730
io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1753
io_queue_sqe io_uring/io_uring.c:1960 [inline]
io_submit_sqe io_uring/io_uring.c:2216 [inline]
io_submit_sqes+0x667/0xfd0 io_uring/io_uring.c:2329
__do_sys_io_uring_enter io_uring/io_uring.c:3396 [inline]
__se_sys_io_uring_enter+0x1c1/0x1b70 io_uring/io_uring.c:3330
__x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3330
x64_sys_call+0x28c8/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:427
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
write to 0xffff888117929ca0 of 4 bytes by task 18448 on cpu 1:
task_avdcache_search security/selinux/hooks.c:3149 [inline]
selinux_inode_permission+0x31b/0x620 security/selinux/hooks.c:3219
security_inode_permission+0x6d/0xb0 security/security.c:2324
inode_permission+0x106/0x310 fs/namei.c:601
may_lookup fs/namei.c:1845 [inline]
link_path_walk+0x162/0x900 fs/namei.c:2454
path_openat+0x1de/0x2170 fs/namei.c:4042
do_filp_open+0x109/0x230 fs/namei.c:4073
io_openat2+0x272/0x390 io_uring/openclose.c:142
io_openat+0x1b/0x30 io_uring/openclose.c:179
__io_issue_sqe+0xfe/0x2e0 io_uring/io_uring.c:1730
io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1753
io_wq_submit_work+0x3f7/0x5f0 io_uring/io_uring.c:1865
io_worker_handle_work+0x44e/0x9b0 io_uring/io-wq.c:642
io_wq_worker+0x22e/0x870 io_uring/io-wq.c:696
ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0x00000002 -> 0x00000001
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 18448 Comm: iou-wrk-18447 Not tainted 6.15.0-syzkaller-03645-g3d413f0cfd7e #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3d413f0cfd7e Merge tag 'audit-pr-20250527' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=172a1df4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=3af56729e26be7d
dashboard link: https://syzkaller.appspot.com/bug?extid=48266d06935c7f0ac766
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
CC: [[email protected] [email protected] [email protected] [email protected] [email protected]]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/97acdca9a9a2/disk-3d413f0c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7c50fd817f1c/vmlinux-3d413f0c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a4e67928f8ac/bzImage-3d413f0c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
==================================================================
BUG: KCSAN: data-race in selinux_inode_permission / selinux_inode_permission
read to 0xffff888117929ca0 of 4 bytes by task 18447 on cpu 0:
task_avdcache_search security/selinux/hooks.c:3145 [inline]
selinux_inode_permission+0x2a7/0x620 security/selinux/hooks.c:3219
security_inode_permission+0x6d/0xb0 security/security.c:2324
inode_permission+0x106/0x310 fs/namei.c:601
may_lookup fs/namei.c:1845 [inline]
link_path_walk+0x162/0x900 fs/namei.c:2454
path_openat+0x1de/0x2170 fs/namei.c:4042
do_filp_open+0x109/0x230 fs/namei.c:4073
io_openat2+0x272/0x390 io_uring/openclose.c:142
io_openat+0x1b/0x30 io_uring/openclose.c:179
__io_issue_sqe+0xfe/0x2e0 io_uring/io_uring.c:1730
io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1753
io_queue_sqe io_uring/io_uring.c:1960 [inline]
io_submit_sqe io_uring/io_uring.c:2216 [inline]
io_submit_sqes+0x667/0xfd0 io_uring/io_uring.c:2329
__do_sys_io_uring_enter io_uring/io_uring.c:3396 [inline]
__se_sys_io_uring_enter+0x1c1/0x1b70 io_uring/io_uring.c:3330
__x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3330
x64_sys_call+0x28c8/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:427
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
write to 0xffff888117929ca0 of 4 bytes by task 18448 on cpu 1:
task_avdcache_search security/selinux/hooks.c:3149 [inline]
selinux_inode_permission+0x31b/0x620 security/selinux/hooks.c:3219
security_inode_permission+0x6d/0xb0 security/security.c:2324
inode_permission+0x106/0x310 fs/namei.c:601
may_lookup fs/namei.c:1845 [inline]
link_path_walk+0x162/0x900 fs/namei.c:2454
path_openat+0x1de/0x2170 fs/namei.c:4042
do_filp_open+0x109/0x230 fs/namei.c:4073
io_openat2+0x272/0x390 io_uring/openclose.c:142
io_openat+0x1b/0x30 io_uring/openclose.c:179
__io_issue_sqe+0xfe/0x2e0 io_uring/io_uring.c:1730
io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1753
io_wq_submit_work+0x3f7/0x5f0 io_uring/io_uring.c:1865
io_worker_handle_work+0x44e/0x9b0 io_uring/io-wq.c:642
io_wq_worker+0x22e/0x870 io_uring/io-wq.c:696
ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
value changed: 0x00000002 -> 0x00000001
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 18448 Comm: iou-wrk-18447 Not tainted 6.15.0-syzkaller-03645-g3d413f0cfd7e #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages