syzbot


KCSAN: data-race in __se_sys_keyctl / key_task_permission (3)

Status: upstream: reported on 2024/07/04 14:18
Subsystems: lsm keyrings
[Documentation on labels]
Reported-by: syzbot+8c446f45cf5815e9110a@syzkaller.appspotmail.com
First crash: 15d, last: 15d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [lsm?] [keyrings?] KCSAN: data-race in __se_sys_keyctl / key_task_permission (3) 1 (2) 2024/07/04 14:38
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in __se_sys_keyctl / key_task_permission (2) keyrings lsm 1 152d 152d 0/27 auto-obsoleted due to no activity on 2024/03/24 05:39
upstream KCSAN: data-race in __se_sys_keyctl / key_task_permission keyrings lsm 1 837d 837d 0/27 auto-closed as invalid on 2022/05/08 17:58

Sample crash report:
==================================================================
BUG: KCSAN: data-race in __se_sys_keyctl / key_task_permission

write to 0xffff88812277dd70 of 4 bytes by task 19442 on cpu 0:
 keyctl_setperm_key security/keys/keyctl.c:1098 [inline]
 __do_sys_keyctl security/keys/keyctl.c:1926 [inline]
 __se_sys_keyctl+0xab5/0xbb0 security/keys/keyctl.c:1874
 __x64_sys_keyctl+0x67/0x80 security/keys/keyctl.c:1874
 x64_sys_call+0x2bf5/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:251
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

read to 0xffff88812277dd70 of 4 bytes by task 19441 on cpu 1:
 key_task_permission+0x14a/0x2c0 security/keys/permission.c:55
 lookup_user_key+0x9ea/0xdf0 security/keys/process_keys.c:803
 keyctl_setperm_key security/keys/keyctl.c:1083 [inline]
 __do_sys_keyctl security/keys/keyctl.c:1926 [inline]
 __se_sys_keyctl+0x829/0xbb0 security/keys/keyctl.c:1874
 __x64_sys_keyctl+0x67/0x80 security/keys/keyctl.c:1874
 x64_sys_call+0x2bf5/0x2d70 arch/x86/include/generated/asm/syscalls_64.h:251
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x3d010000 -> 0x00000000

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19441 Comm: syz.1.4799 Tainted: G        W          6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/03 23:13 upstream 8a9c6c40432e f76a75f3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in __se_sys_keyctl / key_task_permission
* Struck through repros no longer work on HEAD.