syzbot

 sign-in | mailing list | source | docs
🐞 Open [1492]
Subsystems
🐞 Fixed [6693]
🐞 Invalid [17163]
Missing Backports [216]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in search_nested_keyrings / search_nested_keyrings (3)

Status: moderation: reported on 2025/09/10 05:48
Subsystems: keyrings lsm
[Documentation on labels]
Reported-by: syzbot+234a604530f174fff108@syzkaller.appspotmail.com
First crash: 51d, last: 51d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in search_nested_keyrings / search_nested_keyrings (2) keyrings lsm 6 1 558d 558d 0/29 auto-obsoleted due to no activity on 2024/05/25 15:41
upstream KCSAN: data-race in search_nested_keyrings / search_nested_keyrings keyrings lsm 6 3 2177d 2189d 0/29 auto-closed as invalid on 2020/01/23 16:46

Sample crash report:
==================================================================
BUG: KCSAN: data-race in search_nested_keyrings / search_nested_keyrings

write to 0xffff888103569860 of 8 bytes by task 8552 on cpu 1:
 search_nested_keyrings+0x79a/0x9b0 security/keys/keyring.c:859
 keyring_search_rcu+0xf7/0x190 security/keys/keyring.c:925
 get_user_session_keyring_rcu security/keys/process_keys.c:208 [inline]
 search_cred_keyrings_rcu+0x2a3/0x3c0 security/keys/process_keys.c:500
 search_process_keyrings_rcu security/keys/process_keys.c:544 [inline]
 lookup_user_key+0x8eb/0xd10 security/keys/process_keys.c:762
 __do_sys_add_key security/keys/keyctl.c:126 [inline]
 __se_sys_add_key+0x263/0x350 security/keys/keyctl.c:74
 __x64_sys_add_key+0x67/0x80 security/keys/keyctl.c:74
 x64_sys_call+0x28c4/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:249
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff888103569860 of 8 bytes by task 8550 on cpu 0:
 search_nested_keyrings+0x79a/0x9b0 security/keys/keyring.c:859
 keyring_search_rcu+0xf7/0x190 security/keys/keyring.c:925
 keyring_search+0x135/0x1a0 security/keys/keyring.c:967
 look_up_user_keyrings+0x287/0x400 security/keys/process_keys.c:124
 lookup_user_key+0x563/0xd10 security/keys/process_keys.c:704
 keyctl_keyring_move+0x75/0x110 security/keys/keyctl.c:608
 __do_sys_keyctl security/keys/keyctl.c:2012 [inline]
 __se_sys_keyctl+0x5f7/0xb80 security/keys/keyctl.c:1874
 __x64_sys_keyctl+0x67/0x80 security/keys/keyctl.c:1874
 x64_sys_call+0x2f6d/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:251
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000068c1110d -> 0x0000000068c1110e

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 8550 Comm: syz.2.1718 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
==================================================================
loop2: detected capacity change from 0 to 512
EXT4-fs (loop2): 1 orphan inode deleted
ext4 filesystem being mounted at /358/file1 supports timestamps until 2038-01-19 (0x7fffffff)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/10 05:48 upstream 9dd1835ecda5 fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in search_nested_keyrings / search_nested_keyrings
* Struck through repros no longer work on HEAD.