syzbot


KCSAN: data-race in search_nested_keyrings / search_nested_keyrings (2)

Status: moderation: reported on 2024/04/20 15:41
Subsystems: keyrings lsm
[Documentation on labels]
Reported-by: syzbot+fa18fbb9fd5f5972bd99@syzkaller.appspotmail.com
First crash: 31d, last: 31d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in search_nested_keyrings / search_nested_keyrings keyrings lsm 3 1650d 1661d 0/26 auto-closed as invalid on 2020/01/23 16:46

Sample crash report:
==================================================================
BUG: KCSAN: data-race in search_nested_keyrings / search_nested_keyrings

write to 0xffff8881146e9d60 of 8 bytes by task 30432 on cpu 0:
 search_nested_keyrings+0x7f7/0x9d0 security/keys/keyring.c:856
 keyring_search_rcu+0xf8/0x190 security/keys/keyring.c:922
 get_user_session_keyring_rcu security/keys/process_keys.c:208 [inline]
 search_cred_keyrings_rcu+0x290/0x3b0 security/keys/process_keys.c:500
 search_process_keyrings_rcu+0x1e/0x190 security/keys/process_keys.c:544
 request_key_and_link+0x158/0xcf0 security/keys/request_key.c:618
 __do_sys_request_key security/keys/keyctl.c:222 [inline]
 __se_sys_request_key+0x1d7/0x290 security/keys/keyctl.c:167
 __x64_sys_request_key+0x55/0x70 security/keys/keyctl.c:167
 x64_sys_call+0x975/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:250
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

write to 0xffff8881146e9d60 of 8 bytes by task 30431 on cpu 1:
 search_nested_keyrings+0x7f7/0x9d0 security/keys/keyring.c:856
 keyring_search_rcu+0xf8/0x190 security/keys/keyring.c:922
 keyring_search+0x12e/0x1a0 security/keys/keyring.c:964
 look_up_user_keyrings+0x281/0x400 security/keys/process_keys.c:124
 lookup_user_key+0x5da/0xdf0 security/keys/process_keys.c:704
 keyctl_revoke_key security/keys/keyctl.c:385 [inline]
 __do_sys_keyctl security/keys/keyctl.c:1890 [inline]
 __se_sys_keyctl+0x48e/0xbb0 security/keys/keyctl.c:1873
 __x64_sys_keyctl+0x67/0x80 security/keys/keyctl.c:1873
 x64_sys_call+0x2bc7/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:251
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000077359564 -> 0x0000000077359568

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 30431 Comm: syz-executor.0 Tainted: G        W          6.9.0-rc4-syzkaller-00214-g13a2e429f644 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/20 15:40 upstream 13a2e429f644 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in search_nested_keyrings / search_nested_keyrings
* Struck through repros no longer work on HEAD.