syzbot

 sign-in | mailing list | source | docs
🐞 Open [1594]
Subsystems
🐞 Fixed [6264]
🐞 Invalid [15872]
Missing Backports [186]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in selinux_inode_permission / selinux_inode_permission

Status: moderation: reported on 2025/05/28 19:36
Subsystems: selinux
[Documentation on labels]
Reported-by: syzbot+48266d06935c7f0ac766@syzkaller.appspotmail.com
First crash: 1d14h, last: 13h45m

Sample crash report:
==================================================================
BUG: KCSAN: data-race in selinux_inode_permission / selinux_inode_permission

write to 0xffff88810426df20 of 4 bytes by task 5135 on cpu 1:
 task_avdcache_search security/selinux/hooks.c:3146 [inline]
 selinux_inode_permission+0x31b/0x620 security/selinux/hooks.c:3216
 security_inode_permission+0x6d/0xb0 security/security.c:2324
 inode_permission+0x106/0x310 fs/namei.c:601
 may_lookup fs/namei.c:1845 [inline]
 link_path_walk+0x162/0x900 fs/namei.c:2454
 path_openat+0x1de/0x2170 fs/namei.c:4042
 do_filp_open+0x109/0x230 fs/namei.c:4073
 io_openat2+0x272/0x390 io_uring/openclose.c:142
 io_openat+0x1b/0x30 io_uring/openclose.c:179
 __io_issue_sqe+0xfe/0x2e0 io_uring/io_uring.c:1730
 io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1753
 io_wq_submit_work+0x3f7/0x5f0 io_uring/io_uring.c:1865
 io_worker_handle_work+0x44e/0x9b0 io_uring/io-wq.c:642
 io_wq_worker+0x22e/0x870 io_uring/io-wq.c:696
 ret_from_fork+0xda/0x150 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88810426df20 of 4 bytes by task 5134 on cpu 0:
 task_avdcache_search security/selinux/hooks.c:3142 [inline]
 selinux_inode_permission+0x2a7/0x620 security/selinux/hooks.c:3216
 security_inode_permission+0x6d/0xb0 security/security.c:2324
 inode_permission+0x106/0x310 fs/namei.c:601
 may_lookup fs/namei.c:1845 [inline]
 link_path_walk+0x162/0x900 fs/namei.c:2454
 path_openat+0x1de/0x2170 fs/namei.c:4042
 do_filp_open+0x109/0x230 fs/namei.c:4073
 io_openat2+0x272/0x390 io_uring/openclose.c:142
 io_openat+0x1b/0x30 io_uring/openclose.c:179
 __io_issue_sqe+0xfe/0x2e0 io_uring/io_uring.c:1730
 io_issue_sqe+0x53/0x970 io_uring/io_uring.c:1753
 io_queue_sqe io_uring/io_uring.c:1960 [inline]
 io_submit_sqe io_uring/io_uring.c:2216 [inline]
 io_submit_sqes+0x667/0xfd0 io_uring/io_uring.c:2329
 __do_sys_io_uring_enter io_uring/io_uring.c:3396 [inline]
 __se_sys_io_uring_enter+0x1c1/0x1b70 io_uring/io_uring.c:3330
 __x64_sys_io_uring_enter+0x78/0x90 io_uring/io_uring.c:3330
 x64_sys_call+0x28c8/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x00000000 -> 0x00000003

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 5134 Comm: syz.0.543 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/29 20:20 upstream e0797d3b91de 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in selinux_inode_permission / selinux_inode_permission
2025/05/28 19:35 upstream 3d413f0cfd7e 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in selinux_inode_permission / selinux_inode_permission
2025/05/28 19:35 upstream 3d413f0cfd7e 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in selinux_inode_permission / selinux_inode_permission
* Struck through repros no longer work on HEAD.