[moderation] [keyrings?] [lsm?] KCSAN: data-race in search_nested_keyrings / search_nested_keyrings (2)
0 views
Skip to first unread message
syzbot
Apr 20, 2024, 11:41:26 AM (13 days ago) Apr 20
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 13a2e429f644 Merge tag 'perf-tools-fixes-for-v6.9-2024-04-..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11dc3e07180000
kernel config: https://syzkaller.appspot.com/x/.config?x=eaea34ec4c9b6fb6
dashboard link: https://syzkaller.appspot.com/bug?extid=fa18fbb9fd5f5972bd99
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [dhow...@redhat.com jar...@kernel.org jmo...@namei.org keyr...@vger.kernel.org linux-...@vger.kernel.org linux-secu...@vger.kernel.org pa...@paul-moore.com se...@hallyn.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1a0b14e8fb6b/disk-13a2e429.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/882c217f392b/vmlinux-13a2e429.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ad0c8c3fdee6/bzImage-13a2e429.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fa18fb...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in search_nested_keyrings / search_nested_keyrings
write to 0xffff8881146e9d60 of 8 bytes by task 30432 on cpu 0:
search_nested_keyrings+0x7f7/0x9d0 security/keys/keyring.c:856
keyring_search_rcu+0xf8/0x190 security/keys/keyring.c:922
get_user_session_keyring_rcu security/keys/process_keys.c:208 [inline]
search_cred_keyrings_rcu+0x290/0x3b0 security/keys/process_keys.c:500
search_process_keyrings_rcu+0x1e/0x190 security/keys/process_keys.c:544
request_key_and_link+0x158/0xcf0 security/keys/request_key.c:618
__do_sys_request_key security/keys/keyctl.c:222 [inline]
__se_sys_request_key+0x1d7/0x290 security/keys/keyctl.c:167
__x64_sys_request_key+0x55/0x70 security/keys/keyctl.c:167
x64_sys_call+0x975/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:250
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
write to 0xffff8881146e9d60 of 8 bytes by task 30431 on cpu 1:
search_nested_keyrings+0x7f7/0x9d0 security/keys/keyring.c:856
keyring_search_rcu+0xf8/0x190 security/keys/keyring.c:922
keyring_search+0x12e/0x1a0 security/keys/keyring.c:964
look_up_user_keyrings+0x281/0x400 security/keys/process_keys.c:124
lookup_user_key+0x5da/0xdf0 security/keys/process_keys.c:704
keyctl_revoke_key security/keys/keyctl.c:385 [inline]
__do_sys_keyctl security/keys/keyctl.c:1890 [inline]
__se_sys_keyctl+0x48e/0xbb0 security/keys/keyctl.c:1873
__x64_sys_keyctl+0x67/0x80 security/keys/keyctl.c:1873
x64_sys_call+0x2bc7/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:251
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000077359564 -> 0x0000000077359568
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 30431 Comm: syz-executor.0 Tainted: G W 6.9.0-rc4-syzkaller-00214-g13a2e429f644 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 13a2e429f644 Merge tag 'perf-tools-fixes-for-v6.9-2024-04-..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11dc3e07180000
kernel config: https://syzkaller.appspot.com/x/.config?x=eaea34ec4c9b6fb6
dashboard link: https://syzkaller.appspot.com/bug?extid=fa18fbb9fd5f5972bd99
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [dhow...@redhat.com jar...@kernel.org jmo...@namei.org keyr...@vger.kernel.org linux-...@vger.kernel.org linux-secu...@vger.kernel.org pa...@paul-moore.com se...@hallyn.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1a0b14e8fb6b/disk-13a2e429.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/882c217f392b/vmlinux-13a2e429.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ad0c8c3fdee6/bzImage-13a2e429.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fa18fb...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in search_nested_keyrings / search_nested_keyrings
write to 0xffff8881146e9d60 of 8 bytes by task 30432 on cpu 0:
search_nested_keyrings+0x7f7/0x9d0 security/keys/keyring.c:856
keyring_search_rcu+0xf8/0x190 security/keys/keyring.c:922
get_user_session_keyring_rcu security/keys/process_keys.c:208 [inline]
search_cred_keyrings_rcu+0x290/0x3b0 security/keys/process_keys.c:500
search_process_keyrings_rcu+0x1e/0x190 security/keys/process_keys.c:544
request_key_and_link+0x158/0xcf0 security/keys/request_key.c:618
__do_sys_request_key security/keys/keyctl.c:222 [inline]
__se_sys_request_key+0x1d7/0x290 security/keys/keyctl.c:167
__x64_sys_request_key+0x55/0x70 security/keys/keyctl.c:167
x64_sys_call+0x975/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:250
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
write to 0xffff8881146e9d60 of 8 bytes by task 30431 on cpu 1:
search_nested_keyrings+0x7f7/0x9d0 security/keys/keyring.c:856
keyring_search_rcu+0xf8/0x190 security/keys/keyring.c:922
keyring_search+0x12e/0x1a0 security/keys/keyring.c:964
look_up_user_keyrings+0x281/0x400 security/keys/process_keys.c:124
lookup_user_key+0x5da/0xdf0 security/keys/process_keys.c:704
keyctl_revoke_key security/keys/keyctl.c:385 [inline]
__do_sys_keyctl security/keys/keyctl.c:1890 [inline]
__se_sys_keyctl+0x48e/0xbb0 security/keys/keyctl.c:1873
__x64_sys_keyctl+0x67/0x80 security/keys/keyctl.c:1873
x64_sys_call+0x2bc7/0x2d30 arch/x86/include/generated/asm/syscalls_64.h:251
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1d0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x0000000077359564 -> 0x0000000077359568
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 30431 Comm: syz-executor.0 Tainted: G W 6.9.0-rc4-syzkaller-00214-g13a2e429f644 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages