[syzbot] Monthly lsm report (Apr 2026)
1 view
Skip to first unread message
syzbot
Apr 14, 2026, 2:40:24 AMApr 14
to linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com
Hello lsm maintainers/developers,
This is a 31-day syzbot report for the lsm subsystem.
All related reports/information can be found at:
https://syzkaller.appspot.com/upstream/s/lsm
During the period, 0 new issues were detected and 0 were fixed.
In total, 3 issues are still open and 45 have already been fixed.
Some of the still happening issues:
Ref Crashes Repro Title
<1> 95 Yes INFO: task hung in process_measurement (3)
https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
<2> 68 Yes possible deadlock in keyring_clear (3)
https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
<3> 31 Yes INFO: task hung in ima_file_free (4)
https://syzkaller.appspot.com/bug?extid=8036326eebe7d0140944
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
To disable reminders for individual bugs, reply with the following command:
#syz set <Ref> no-reminders
To change bug's subsystems, reply with:
#syz set <Ref> subsystems: new-subsystem
You may send multiple commands in a single email message.
This is a 31-day syzbot report for the lsm subsystem.
All related reports/information can be found at:
https://syzkaller.appspot.com/upstream/s/lsm
During the period, 0 new issues were detected and 0 were fixed.
In total, 3 issues are still open and 45 have already been fixed.
Some of the still happening issues:
Ref Crashes Repro Title
<1> 95 Yes INFO: task hung in process_measurement (3)
https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
<2> 68 Yes possible deadlock in keyring_clear (3)
https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
<3> 31 Yes INFO: task hung in ima_file_free (4)
https://syzkaller.appspot.com/bug?extid=8036326eebe7d0140944
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
To disable reminders for individual bugs, reply with the following command:
#syz set <Ref> no-reminders
To change bug's subsystems, reply with:
#syz set <Ref> subsystems: new-subsystem
You may send multiple commands in a single email message.
Paul Moore
Apr 14, 2026, 9:59:35 AMApr 14
to Mimi Zohar, Roberto Sassu, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com, syzbot
On Tue, Apr 14, 2026 at 2:48 AM syzbot
<syzbot+liste500...@syzkaller.appspotmail.com> wrote:
>
> Hello lsm maintainers/developers,
>
> This is a 31-day syzbot report for the lsm subsystem.
> All related reports/information can be found at:
> https://syzkaller.appspot.com/upstream/s/lsm
>
> During the period, 0 new issues were detected and 0 were fixed.
> In total, 3 issues are still open and 45 have already been fixed.
>
> Some of the still happening issues:
>
> Ref Crashes Repro Title
> <1> 95 Yes INFO: task hung in process_measurement (3)
> https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> <2> 68 Yes possible deadlock in keyring_clear (3)
> https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
> <3> 31 Yes INFO: task hung in ima_file_free (4)
> https://syzkaller.appspot.com/bug?extid=8036326eebe7d0140944
Mimi, Roberto,
<syzbot+liste500...@syzkaller.appspotmail.com> wrote:
>
> Hello lsm maintainers/developers,
>
> This is a 31-day syzbot report for the lsm subsystem.
> All related reports/information can be found at:
> https://syzkaller.appspot.com/upstream/s/lsm
>
> During the period, 0 new issues were detected and 0 were fixed.
> In total, 3 issues are still open and 45 have already been fixed.
>
> Some of the still happening issues:
>
> Ref Crashes Repro Title
> <1> 95 Yes INFO: task hung in process_measurement (3)
> https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> <2> 68 Yes possible deadlock in keyring_clear (3)
> https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
> <3> 31 Yes INFO: task hung in ima_file_free (4)
> https://syzkaller.appspot.com/bug?extid=8036326eebe7d0140944
If I recall correctly, we've discussed the process measurement issue
before, and I thought it was being resolved. What is the current
status on a fix?
I don't recall discussing the ima_file_free() issue, but it looks like
the syzbot reports go back to 2024; is there a fix under development
for that?
Thanks.
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzk...@googlegroups.com.
>
> To disable reminders for individual bugs, reply with the following command:
> #syz set <Ref> no-reminders
>
> To change bug's subsystems, reply with:
> #syz set <Ref> subsystems: new-subsystem
>
> You may send multiple commands in a single email message.
paul-moore.com
Paul Moore
Apr 14, 2026, 10:02:31 AMApr 14
to Jarkko Sakkinen, David Howells, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com, syzbot
> Hello lsm maintainers/developers,
>
> This is a 31-day syzbot report for the lsm subsystem.
> All related reports/information can be found at:
> https://syzkaller.appspot.com/upstream/s/lsm
>
> During the period, 0 new issues were detected and 0 were fixed.
> In total, 3 issues are still open and 45 have already been fixed.
>
> Some of the still happening issues:
>
> Ref Crashes Repro Title
> <1> 95 Yes INFO: task hung in process_measurement (3)
> https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> <2> 68 Yes possible deadlock in keyring_clear (3)
> https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
Jarkko, David,
>
> This is a 31-day syzbot report for the lsm subsystem.
> All related reports/information can be found at:
> https://syzkaller.appspot.com/upstream/s/lsm
>
> During the period, 0 new issues were detected and 0 were fixed.
> In total, 3 issues are still open and 45 have already been fixed.
>
> Some of the still happening issues:
>
> Ref Crashes Repro Title
> <1> 95 Yes INFO: task hung in process_measurement (3)
> https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> <2> 68 Yes possible deadlock in keyring_clear (3)
> https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
Do we have a fix for the keyring_clear() issue, or is it not a real problem?
> <3> 31 Yes INFO: task hung in ima_file_free (4)
> https://syzkaller.appspot.com/bug?extid=8036326eebe7d0140944
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzk...@googlegroups.com.
>
> To disable reminders for individual bugs, reply with the following command:
> #syz set <Ref> no-reminders
>
> To change bug's subsystems, reply with:
> #syz set <Ref> subsystems: new-subsystem
>
> You may send multiple commands in a single email message.
paul-moore.com
Roberto Sassu
Apr 14, 2026, 12:15:39 PMApr 14
to Paul Moore, Mimi Zohar, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com, syzbot
> From: Paul Moore <pa...@paul-moore.com>
> Sent: Tuesday, April 14, 2026 3:59 PM
syzbot report involves us also when a filesystem gets stuck.
For example, if you see:
https://syzkaller.appspot.com/text?tag=CrashReport&x=160ddb02580000
PID 6887 cannot progress because iint->mutex is likely held by PID 6895.
The last function I see in PID 6895 is io_schedule() which suggests me
that there is an I/O wait that could not be satisfied. PID 6888 cannot progress
as well because is waiting for jfs_get_block(), but PID 6895 is past that
(possibly holding the needed lock).
Sure, it is possible that there is a lock inversion that I missed, but I didn't
find it yet.
Roberto
> Sent: Tuesday, April 14, 2026 3:59 PM
> On Tue, Apr 14, 2026 at 2:48 AM syzbot
> <syzbot+liste500...@syzkaller.appspotmail.com> wrote:
> >
> > Hello lsm maintainers/developers,
> >
> > This is a 31-day syzbot report for the lsm subsystem.
> > All related reports/information can be found at:
> > https://syzkaller.appspot.com/upstream/s/lsm
> >
> > During the period, 0 new issues were detected and 0 were fixed.
> > In total, 3 issues are still open and 45 have already been fixed.
> >
> > Some of the still happening issues:
> >
> > Ref Crashes Repro Title
> > <1> 95 Yes INFO: task hung in process_measurement (3)
> >
> https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> > <2> 68 Yes possible deadlock in keyring_clear (3)
> >
> https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
> > <3> 31 Yes INFO: task hung in ima_file_free (4)
> >
> > https://syzkaller.appspot.com/bug?extid=8036326eebe7d0140944
>
> Mimi, Roberto,
>
> If I recall correctly, we've discussed the process measurement issue before,
> and I thought it was being resolved. What is the current status on a fix?
>
> I don't recall discussing the ima_file_free() issue, but it looks like the syzbot
> reports go back to 2024; is there a fix under development for that?
I looked at some of the reports. My impression (can be wrong) is that the
> <syzbot+liste500...@syzkaller.appspotmail.com> wrote:
> >
> > Hello lsm maintainers/developers,
> >
> > This is a 31-day syzbot report for the lsm subsystem.
> > All related reports/information can be found at:
> > https://syzkaller.appspot.com/upstream/s/lsm
> >
> > During the period, 0 new issues were detected and 0 were fixed.
> > In total, 3 issues are still open and 45 have already been fixed.
> >
> > Some of the still happening issues:
> >
> > Ref Crashes Repro Title
> > <1> 95 Yes INFO: task hung in process_measurement (3)
> >
> https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> > <2> 68 Yes possible deadlock in keyring_clear (3)
> >
> https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
> > <3> 31 Yes INFO: task hung in ima_file_free (4)
> >
> > https://syzkaller.appspot.com/bug?extid=8036326eebe7d0140944
>
> Mimi, Roberto,
>
> If I recall correctly, we've discussed the process measurement issue before,
> and I thought it was being resolved. What is the current status on a fix?
>
> I don't recall discussing the ima_file_free() issue, but it looks like the syzbot
> reports go back to 2024; is there a fix under development for that?
syzbot report involves us also when a filesystem gets stuck.
For example, if you see:
https://syzkaller.appspot.com/text?tag=CrashReport&x=160ddb02580000
PID 6887 cannot progress because iint->mutex is likely held by PID 6895.
The last function I see in PID 6895 is io_schedule() which suggests me
that there is an I/O wait that could not be satisfied. PID 6888 cannot progress
as well because is waiting for jfs_get_block(), but PID 6895 is past that
(possibly holding the needed lock).
Sure, it is possible that there is a lock inversion that I missed, but I didn't
find it yet.
Roberto
Jarkko Sakkinen
Apr 14, 2026, 10:52:00 PMApr 14
to Paul Moore, David Howells, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com, syzbot
On Tue, Apr 14, 2026 at 10:02:13AM -0400, Paul Moore wrote:
> On Tue, Apr 14, 2026 at 2:48 AM syzbot
> <syzbot+liste500...@syzkaller.appspotmail.com> wrote:
> >
> > Hello lsm maintainers/developers,
> >
> > This is a 31-day syzbot report for the lsm subsystem.
> > All related reports/information can be found at:
> > https://syzkaller.appspot.com/upstream/s/lsm
> >
> > During the period, 0 new issues were detected and 0 were fixed.
> > In total, 3 issues are still open and 45 have already been fixed.
> >
> > Some of the still happening issues:
> >
> > Ref Crashes Repro Title
> > <1> 95 Yes INFO: task hung in process_measurement (3)
> > https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> > <2> 68 Yes possible deadlock in keyring_clear (3)
> > https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
>
> Jarkko, David,
>
> Do we have a fix for the keyring_clear() issue, or is it not a real problem?
I'll take analyzing this to my todo list for next week (post first PR).
> On Tue, Apr 14, 2026 at 2:48 AM syzbot
> <syzbot+liste500...@syzkaller.appspotmail.com> wrote:
> >
> > Hello lsm maintainers/developers,
> >
> > This is a 31-day syzbot report for the lsm subsystem.
> > All related reports/information can be found at:
> > https://syzkaller.appspot.com/upstream/s/lsm
> >
> > During the period, 0 new issues were detected and 0 were fixed.
> > In total, 3 issues are still open and 45 have already been fixed.
> >
> > Some of the still happening issues:
> >
> > Ref Crashes Repro Title
> > <1> 95 Yes INFO: task hung in process_measurement (3)
> > https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> > <2> 68 Yes possible deadlock in keyring_clear (3)
> > https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
>
> Jarkko, David,
>
> Do we have a fix for the keyring_clear() issue, or is it not a real problem?
BR, Jarkko
Jarkko Sakkinen
Apr 15, 2026, 12:35:25 PMApr 15
to Paul Moore, David Howells, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com, syzbot
On Tue, Apr 14, 2026 at 10:02:13AM -0400, Paul Moore wrote:
> On Tue, Apr 14, 2026 at 2:48 AM syzbot
> <syzbot+liste500...@syzkaller.appspotmail.com> wrote:
> >
> > Hello lsm maintainers/developers,
> >
> > This is a 31-day syzbot report for the lsm subsystem.
> > All related reports/information can be found at:
> > https://syzkaller.appspot.com/upstream/s/lsm
> >
> > During the period, 0 new issues were detected and 0 were fixed.
> > In total, 3 issues are still open and 45 have already been fixed.
> >
> > Some of the still happening issues:
> >
> > Ref Crashes Repro Title
> > <1> 95 Yes INFO: task hung in process_measurement (3)
> > https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> > <2> 68 Yes possible deadlock in keyring_clear (3)
> > https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
>
> Jarkko, David,
>
> Do we have a fix for the keyring_clear() issue, or is it not a real problem?
I'm actually doing something to this already: trying to write a
> <syzbot+liste500...@syzkaller.appspotmail.com> wrote:
> >
> > Hello lsm maintainers/developers,
> >
> > This is a 31-day syzbot report for the lsm subsystem.
> > All related reports/information can be found at:
> > https://syzkaller.appspot.com/upstream/s/lsm
> >
> > During the period, 0 new issues were detected and 0 were fixed.
> > In total, 3 issues are still open and 45 have already been fixed.
> >
> > Some of the still happening issues:
> >
> > Ref Crashes Repro Title
> > <1> 95 Yes INFO: task hung in process_measurement (3)
> > https://syzkaller.appspot.com/bug?extid=cb9e66807bcb882cd0c5
> > <2> 68 Yes possible deadlock in keyring_clear (3)
> > https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
>
> Jarkko, David,
>
> Do we have a fix for the keyring_clear() issue, or is it not a real problem?
simplified reproducer. But yeah most likely still will take up until
some point next week.
BR, Jarkko
Jarkko Sakkinen
May 10, 2026, 12:02:43 AM (yesterday) May 10
to Paul Moore, Eric Biggers, David Howells, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com, syzbot
On Tue, Apr 14, 2026 at 10:02:13AM -0400, Paul Moore wrote:
> > <2> 68 Yes possible deadlock in keyring_clear (3)
> > https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
>
> Jarkko, David,
>
> Do we have a fix for the keyring_clear() issue, or is it not a real problem?
Sorry for not meeting the timeline I promised.
> > https://syzkaller.appspot.com/bug?extid=f55b043dacf43776b50c
>
> Jarkko, David,
>
> Do we have a fix for the keyring_clear() issue, or is it not a real problem?
Anyhow, let's on the issue.
There's really just two alternatives to resolve [1]:
A. balance_pgdat() acquires keyring semaphore before __fs_reclaim_acquire(),
and a non-locking-acquiring aking __keyring_clear() would be called
inside fscrypt_put_master_key().
B. keyring_clear() is deferred and we accept that quota is not
immediately released.
Fixing this from the user process side doing kzalloc() is of course unrealistic,
and unstable fix.
So.. I don't think this is keyring issue per se. This is fscrypt issue
mainly, aand depending on whether A or B are used to sort this out,
possibly also kswapd issue.
Or this is my analysis (which could be wrong of course) after couple
hours looking into it.
[1] https://lore.kernel.org/all/68e54915.a00a022...@google.com/T/
BR, Jarkko
Reply all
Reply to author
Forward
0 new messages