[moderation] [selinux?] KCSAN: data-race in selinux_socket_post_create / selinux_socket_sock_rcv_skb (2)
0 views
Skip to first unread message
syzbot
Sep 19, 2025, 1:53:27 AM (yesterday) Sep 19
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: cbf658dd0941 Merge tag 'net-6.17-rc7' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16e3e858580000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e0c213d0735f5dd
dashboard link: https://syzkaller.appspot.com/bug?extid=86c3cc9e24ca3a17f8a1
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [linux-...@vger.kernel.org omos...@redhat.com pa...@paul-moore.com sel...@vger.kernel.org stephen.sm...@gmail.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/284f9d4ddb82/disk-cbf658dd.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/68b9ec9d3e1b/vmlinux-cbf658dd.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bcd7456cafad/bzImage-cbf658dd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+86c3cc...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in selinux_socket_post_create / selinux_socket_sock_rcv_skb
write to 0xffff8881405e7f90 of 4 bytes by task 11561 on cpu 1:
selinux_socket_post_create+0x1bf/0x2a0 security/selinux/hooks.c:4835
security_socket_post_create+0x5d/0xb0 security/security.c:4607
__sock_create+0x362/0x5b0 net/socket.c:1612
sock_create net/socket.c:1647 [inline]
__sys_socket_create net/socket.c:1684 [inline]
__sys_socket+0xb0/0x180 net/socket.c:1731
__do_sys_socket net/socket.c:1745 [inline]
__se_sys_socket net/socket.c:1743 [inline]
__x64_sys_socket+0x3f/0x50 net/socket.c:1743
x64_sys_call+0x1147/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:42
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff8881405e7f90 of 4 bytes by task 11560 on cpu 0:
selinux_socket_sock_rcv_skb+0x71/0x620 security/selinux/hooks.c:5275
security_sock_rcv_skb+0x40/0x80 security/security.c:4811
sk_filter_trim_cap+0xe4/0x420 net/core/filter.c:156
sk_filter_reason include/linux/filter.h:1089 [inline]
sock_queue_rcv_skb_reason+0x53/0x120 net/core/sock.c:529
sock_queue_rcv_skb include/net/sock.h:2465 [inline]
packet_rcv_spkt+0x2f4/0x3b0 net/packet/af_packet.c:1967
deliver_skb net/core/dev.c:2472 [inline]
deliver_ptype_list_skb net/core/dev.c:2487 [inline]
__netif_receive_skb_core+0x1cd4/0x23b0 net/core/dev.c:5944
__netif_receive_skb_list_core+0x113/0x500 net/core/dev.c:6066
__netif_receive_skb_list net/core/dev.c:6133 [inline]
netif_receive_skb_list_internal+0x487/0x600 net/core/dev.c:6224
netif_receive_skb_list+0x31/0x200 net/core/dev.c:6276
xdp_recv_frames net/bpf/test_run.c:280 [inline]
xdp_test_run_batch net/bpf/test_run.c:361 [inline]
bpf_test_run_xdp_live+0xdcb/0xfe0 net/bpf/test_run.c:390
bpf_prog_test_run_xdp+0x4f5/0x910 net/bpf/test_run.c:1322
bpf_prog_test_run+0x22a/0x390 kernel/bpf/syscall.c:4590
__sys_bpf+0x4b9/0x7b0 kernel/bpf/syscall.c:6047
__do_sys_bpf kernel/bpf/syscall.c:6139 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6137 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6137
x64_sys_call+0x2aea/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000003 -> 0x00000089
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 11560 Comm: syz.1.2756 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: cbf658dd0941 Merge tag 'net-6.17-rc7' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16e3e858580000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e0c213d0735f5dd
dashboard link: https://syzkaller.appspot.com/bug?extid=86c3cc9e24ca3a17f8a1
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
CC: [linux-...@vger.kernel.org omos...@redhat.com pa...@paul-moore.com sel...@vger.kernel.org stephen.sm...@gmail.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/284f9d4ddb82/disk-cbf658dd.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/68b9ec9d3e1b/vmlinux-cbf658dd.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bcd7456cafad/bzImage-cbf658dd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+86c3cc...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in selinux_socket_post_create / selinux_socket_sock_rcv_skb
write to 0xffff8881405e7f90 of 4 bytes by task 11561 on cpu 1:
selinux_socket_post_create+0x1bf/0x2a0 security/selinux/hooks.c:4835
security_socket_post_create+0x5d/0xb0 security/security.c:4607
__sock_create+0x362/0x5b0 net/socket.c:1612
sock_create net/socket.c:1647 [inline]
__sys_socket_create net/socket.c:1684 [inline]
__sys_socket+0xb0/0x180 net/socket.c:1731
__do_sys_socket net/socket.c:1745 [inline]
__se_sys_socket net/socket.c:1743 [inline]
__x64_sys_socket+0x3f/0x50 net/socket.c:1743
x64_sys_call+0x1147/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:42
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff8881405e7f90 of 4 bytes by task 11560 on cpu 0:
selinux_socket_sock_rcv_skb+0x71/0x620 security/selinux/hooks.c:5275
security_sock_rcv_skb+0x40/0x80 security/security.c:4811
sk_filter_trim_cap+0xe4/0x420 net/core/filter.c:156
sk_filter_reason include/linux/filter.h:1089 [inline]
sock_queue_rcv_skb_reason+0x53/0x120 net/core/sock.c:529
sock_queue_rcv_skb include/net/sock.h:2465 [inline]
packet_rcv_spkt+0x2f4/0x3b0 net/packet/af_packet.c:1967
deliver_skb net/core/dev.c:2472 [inline]
deliver_ptype_list_skb net/core/dev.c:2487 [inline]
__netif_receive_skb_core+0x1cd4/0x23b0 net/core/dev.c:5944
__netif_receive_skb_list_core+0x113/0x500 net/core/dev.c:6066
__netif_receive_skb_list net/core/dev.c:6133 [inline]
netif_receive_skb_list_internal+0x487/0x600 net/core/dev.c:6224
netif_receive_skb_list+0x31/0x200 net/core/dev.c:6276
xdp_recv_frames net/bpf/test_run.c:280 [inline]
xdp_test_run_batch net/bpf/test_run.c:361 [inline]
bpf_test_run_xdp_live+0xdcb/0xfe0 net/bpf/test_run.c:390
bpf_prog_test_run_xdp+0x4f5/0x910 net/bpf/test_run.c:1322
bpf_prog_test_run+0x22a/0x390 kernel/bpf/syscall.c:4590
__sys_bpf+0x4b9/0x7b0 kernel/bpf/syscall.c:6047
__do_sys_bpf kernel/bpf/syscall.c:6139 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6137 [inline]
__x64_sys_bpf+0x41/0x50 kernel/bpf/syscall.c:6137
x64_sys_call+0x2aea/0x2ff0 arch/x86/include/generated/asm/syscalls_64.h:322
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xd2/0x200 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000003 -> 0x00000089
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 11560 Comm: syz.1.2756 Not tainted syzkaller #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages