syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KCSAN: data-race in key_garbage_collector / key_set_expiry

Status: upstream: reported on 2025/05/12 06:34
Subsystems: lsm keyrings
[Documentation on labels]
Reported-by: syzbot+9defcbc1dc2f34e5b867@syzkaller.appspotmail.com
First crash: 5d06h, last: 5d06h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [lsm?] [keyrings?] KCSAN: data-race in key_garbage_collector / key_set_expiry 0 (1) 2025/05/12 06:34

Sample crash report:
==================================================================
BUG: KCSAN: data-race in key_garbage_collector / key_set_expiry

write to 0xffffffff869eb168 of 8 bytes by task 3395 on cpu 1:
 key_schedule_gc security/keys/gc.c:63 [inline]
 key_garbage_collector+0x6d6/0x8f0 security/keys/gc.c:286
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0x4cb/0x9d0 kernel/workqueue.c:3319
 worker_thread+0x582/0x770 kernel/workqueue.c:3400
 kthread+0x486/0x510 kernel/kthread.c:464
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffffffff869eb168 of 8 bytes by task 4277 on cpu 0:
 key_schedule_gc security/keys/gc.c:61 [inline]
 key_set_expiry+0xea/0x190 security/keys/gc.c:78
 key_reject_and_link+0x18b/0x310 security/keys/key.c:609
 key_negate_and_link include/linux/key-type.h:188 [inline]
 complete_request_key security/keys/request_key.c:67 [inline]
 call_sbin_request_key+0x656/0x6b0 security/keys/request_key.c:216
 construct_key security/keys/request_key.c:247 [inline]
 construct_key_and_link security/keys/request_key.c:519 [inline]
 request_key_and_link+0x8bc/0xd70 security/keys/request_key.c:653
 __do_sys_request_key security/keys/keyctl.c:222 [inline]
 __se_sys_request_key+0x1df/0x290 security/keys/keyctl.c:167
 __x64_sys_request_key+0x55/0x70 security/keys/keyctl.c:167
 x64_sys_call+0x2f19/0x2fb0 arch/x86/include/generated/asm/syscalls_64.h:250
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd0/0x1a0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x7fffffffffffffff -> 0x000000006821354a

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 UID: 0 PID: 4277 Comm: syz.0.242 Not tainted 6.15.0-rc5-syzkaller-00353-gcd802e7e5f1e #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
==================================================================
iwpm_register_pid: Unable to send a nlmsg (client = 2)
infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/11 23:39 upstream cd802e7e5f1e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-kcsan-gce KCSAN: data-race in key_garbage_collector / key_set_expiry
* Struck through repros no longer work on HEAD.