syzbot


general protection fault in security_inode_getattr

Status: upstream: reported C repro on 2020/07/29 20:23
Reported-by: syzbot+f07cc9be8d1d226947ed@syzkaller.appspotmail.com
First crash: 924d, last: 24d

Cause bisection: introduced by (bisect log) :
commit 35697c12d7ffd31a56d3c9604066a166b75d0169
Author: Yonghong Song <yhs@fb.com>
Date: Thu Jan 16 17:40:04 2020 +0000

  selftests/bpf: Fix test_progs send_signal flakiness with nmi mode

Crash: general protection fault in security_inode_getattr (log)
Repro: syz .config

Fix bisection: the fix commit could be any of (bisect log):
  729e3d091984 Merge tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client
  45af60e7ced0 Merge tag 'for-5.13-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 general protection fault in security_inode_getattr syz 2 873d 873d 0/2 upstream: reported syz repro on 2020/09/08 02:23
linux-4.19 general protection fault in security_inode_getattr C error 29 115d 896d 0/1 upstream: reported C repro on 2020/08/16 14:26
Last patch testing requests:
Created Duration User Patch Repo Result
2022/10/01 17:30 10m retest repro upstream report log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 0 PID: 3761 Comm: syz-executor352 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
RIP: 0010:d_backing_inode include/linux/dcache.h:542 [inline]
RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:1345
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000400f578 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000000d RSI: ffffffff83bd72fe RDI: 0000000000000068
RBP: ffffc9000400f750 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000008c07d R12: ffff8880763dca48
R13: ffffc9000400f750 R14: 00000000000007ff R15: 0000000000000000
FS:  00007f246f27e700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f246f27e718 CR3: 00000000717a9000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 vfs_getattr+0x22/0x60 fs/stat.c:158
 ovl_copy_up_one+0x12c/0x2870 fs/overlayfs/copy_up.c:965
 ovl_copy_up_flags+0x150/0x1d0 fs/overlayfs/copy_up.c:1047
 ovl_maybe_copy_up+0x140/0x190 fs/overlayfs/copy_up.c:1079
 ovl_open+0xf1/0x2d0 fs/overlayfs/file.c:152
 do_dentry_open+0x6cc/0x13f0 fs/open.c:882
 do_open fs/namei.c:3557 [inline]
 path_openat+0x1c92/0x28f0 fs/namei.c:3691
 do_filp_open+0x1b6/0x400 fs/namei.c:3718
 do_sys_openat2+0x16d/0x4c0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_open fs/open.c:1334 [inline]
 __se_sys_open fs/open.c:1330 [inline]
 __x64_sys_open+0x119/0x1c0 fs/open.c:1330
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f246f2f2b49
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f246f27e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f246f3774b0 RCX: 00007f246f2f2b49
RDX: 0000000000000000 RSI: 0000000000000300 RDI: 0000000020000140
RBP: 00007f246f3442ac R08: 00007f246f27e700 R09: 0000000000000000
R10: 00007f246f27e700 R11: 0000000000000246 R12: 0031656c69662f2e
R13: 79706f636174656d R14: 0079616c7265766f R15: 00007f246f3774b8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:542 [inline]
RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:1345
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000400f578 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000000d RSI: ffffffff83bd72fe RDI: 0000000000000068
RBP: ffffc9000400f750 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000008c07d R12: ffff8880763dca48
R13: ffffc9000400f750 R14: 00000000000007ff R15: 0000000000000000
FS:  00007f246f27e700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005643c9471000 CR3: 00000000717a9000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess):
   0:	48 89 fa             	mov    %rdi,%rdx
   3:	48 c1 ea 03          	shr    $0x3,%rdx
   7:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   b:	0f 85 04 01 00 00    	jne    0x115
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	49 8b 5d 08          	mov    0x8(%r13),%rbx
  1f:	48 8d 7b 68          	lea    0x68(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 d7 00 00 00    	jne    0x10b
  34:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3b:	fc ff df
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Crashes (54):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-root 2022/10/15 17:24 upstream 55be6084c8e0 67cb024c .config strace log report syz C [disk image] [vmlinux] [mounted in repro] general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2022/11/13 01:10 linux-next f8f60f322f06 3ead01ad .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2020/09/13 04:59 upstream 729e3d091984 ce441f06 .config console log report syz
ci-upstream-kasan-gce-smack-root 2020/09/09 07:11 upstream 6f6a73c8b715 abf9ba4f .config console log report syz
ci-upstream-kasan-gce-smack-root 2020/08/24 19:36 upstream d012a7190fc1 67b599d1 .config console log report syz
ci-upstream-linux-next-kasan-gce-root 2020/09/26 21:00 linux-next d1d2220c7f39 2d5ea0cb .config console log report syz
ci2-upstream-fs 2023/01/05 10:24 upstream 512dee0c00ad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in security_inode_getattr
ci2-upstream-fs 2022/12/28 09:24 upstream 1b929c02afd3 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/09/10 12:59 upstream bf9f243f23e6 5ae8508a .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/09/09 20:46 upstream a3fa7a101dcf e2776ee4 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/08/27 22:16 upstream 1a6436f37512 d5a29e53 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/08/16 13:00 upstream 7c60610d4767 33c26cb7 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/08/14 02:55 upstream dfa377c35d70 2489ab88 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/08/05 22:28 upstream 902e7f373fff d2d6e680 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/07/25 06:20 upstream 6498f6151825 4d1b57d4 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/07/19 04:22 upstream 2734d6c1b1a0 f115ae98 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/07/18 16:41 upstream 1d67c8d993ba f115ae98 .config console log report info general protection fault in security_inode_getattr
ci-qemu-upstream 2021/07/17 05:41 upstream d980cc0620ae f115ae98 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/07/16 02:24 upstream dd9c7df94c1b f115ae98 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/06/09 01:33 upstream 4c8684fe555e 5c2fe346 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/06/07 11:58 upstream 614124bea77e e59537be .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/06/04 22:01 upstream 16f0596fc1d7 966a236b .config console log report info general protection fault in security_inode_getattr
ci-qemu-upstream 2021/04/22 11:02 upstream 16fc44d6387e 33c28d03 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/04/16 18:06 upstream 2f7b98d1e55c 7e2b734b .config console log report info general protection fault in security_inode_getattr
ci-qemu-upstream 2021/04/15 00:20 upstream 7f75285ca572 fcdb12ba .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/03/16 18:55 upstream 1df27313f50a fdb2bb2c .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/03/10 00:28 upstream 144c79ef3353 26967e35 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/03/04 09:53 upstream f69d02e37a85 d7e4e604 .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/02/23 16:09 upstream 3b9cdafb5358 fcc6d71b .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/02/19 16:09 upstream f40ddce88593 f689d40a .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/02/17 10:56 upstream f40ddce88593 052f8d9f .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/02/14 14:24 upstream 358feceebbf6 98682e5e .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/02/10 21:36 upstream e0756cfc7d7c a52ee10a .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/01/23 23:33 upstream e1ae4b0be158 52e37319 .config console log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/07/24 11:37 linux-next 90d856e71443 4d1b57d4 .config console log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/06/09 03:28 linux-next a1f92694393a 5c2fe346 .config console log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/04/08 14:20 linux-next 6145d80cfc62 6a81331a .config console log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/04/05 03:09 linux-next 454c576c3f5e 6a81331a .config console log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/01/17 03:20 upstream 0da0a8a0a0e1 65a7a854 .config console log report info
ci-upstream-kasan-gce-selinux-root 2020/12/09 00:34 upstream 7d8761ba27fc a7f7f4a4 .config console log report info
ci-upstream-kasan-gce-root 2020/11/17 21:14 upstream 111e91a6df50 bd2a760b .config console log report info
ci-upstream-kasan-gce-selinux-root 2020/11/17 20:54 upstream 111e91a6df50 bd2a760b .config console log report info
ci-upstream-kasan-gce-smack-root 2020/09/13 22:05 upstream e4c26faa426c 2d3cdd63 .config console log report
ci-upstream-kasan-gce-smack-root 2020/08/24 12:50 upstream d012a7190fc1 67b599d1 .config console log report
ci-upstream-kasan-gce-selinux-root 2020/08/20 23:28 upstream da2968ff879b 1d75fe45 .config console log report
ci-upstream-kasan-gce-selinux-root 2020/08/20 06:57 upstream 7eac66d0456f ed282a3a .config console log report
ci-upstream-kasan-gce-selinux-root 2020/08/17 05:40 upstream 4b6c093e21d3 424dd8e7 .config console log report
ci-upstream-kasan-gce-smack-root 2020/08/12 02:27 upstream c636eef2ee36 bb3e5fe6 .config console log report
ci-upstream-kasan-gce-root 2020/07/28 12:29 upstream 92ed30191993 cb93dc6a .config console log report
ci-upstream-kasan-gce-smack-root 2020/07/23 12:27 upstream d15be546031c 340ea530 .config console log report
ci-upstream-kasan-gce-root 2020/07/19 02:07 upstream 6a70f89cc58f 9c812472 .config console log report
ci-upstream-linux-next-kasan-gce-root 2020/07/29 20:22 linux-next 04b457178630 19a8de55 .config console log report
ci-upstream-linux-next-kasan-gce-root 2020/07/26 22:19 linux-next 26027945c94a 51265195 .config console log report
* Struck through repros no longer work on HEAD.