syzbot


general protection fault in security_inode_getattr

Status: auto-obsoleted due to no activity on 2023/08/23 09:02
Subsystems: overlayfs
[Documentation on labels]
Reported-by: syzbot+f07cc9be8d1d226947ed@syzkaller.appspotmail.com
First crash: 1608d, last: 580d
Cause bisection: introduced by (bisect log) :
commit 35697c12d7ffd31a56d3c9604066a166b75d0169
Author: Yonghong Song <yhs@fb.com>
Date: Thu Jan 16 17:40:04 2020 +0000

  selftests/bpf: Fix test_progs send_signal flakiness with nmi mode

Crash: general protection fault in security_inode_getattr (log)
Repro: syz .config
  
Fix bisection the fix commit could be any of (bisect log):
  729e3d091984 Merge tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client
  45af60e7ced0 Merge tag 'for-5.13-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
  
Discussions (1)
Title Replies (including bot) Last reply
general protection fault in security_inode_getattr 12 (16) 2024/04/19 20:01
Similar bugs (10)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-6-1 general protection fault in security_inode_getattr origin:downstream C 4 36d 261d 0/2 upstream: reported C repro on 2024/03/26 18:25
linux-5.15 general protection fault in security_inode_getattr 1 392d 392d 0/3 auto-obsoleted due to no activity on 2024/02/25 11:36
android-54 general protection fault in security_inode_getattr C 3 33d 1557d 0/2 upstream: reported C repro on 2020/09/08 02:23
linux-5.15 general protection fault in security_inode_getattr (3) 5 1d10h 105d 0/3 upstream: reported on 2024/08/30 08:49
android-5-15 general protection fault in security_inode_getattr origin:downstream C error 1 102d 261d 0/2 upstream: reported C repro on 2024/03/27 12:21
linux-5.15 general protection fault in security_inode_getattr (2) 4 230d 270d 0/3 auto-obsoleted due to no activity on 2024/08/05 16:40
linux-4.19 general protection fault in security_inode_getattr C error 29 798d 1580d 0/1 upstream: reported C repro on 2020/08/16 14:26
linux-6.1 general protection fault in security_inode_getattr 4 187d 235d 0/3 auto-obsoleted due to no activity on 2024/09/17 16:33
android-5-10 general protection fault in security_inode_getattr C 11 5d12h 261d 0/2 upstream: reported C repro on 2024/03/26 17:56
linux-6.1 BUG: unable to handle kernel paging request in security_inode_getattr 1 79d 79d 0/3 upstream: reported on 2024/09/25 12:35
Last patch testing requests (10)
Created Duration User Patch Repo Result
2023/07/22 17:20 21m retest repro upstream OK log
2023/07/22 17:20 18m retest repro upstream OK log
2023/07/22 13:57 20m retest repro upstream OK log
2023/07/22 13:57 19m retest repro upstream OK log
2023/07/22 13:57 21m retest repro linux-next OK log
2023/07/22 13:57 24m retest repro linux-next OK log
2023/05/13 11:22 15m retest repro upstream report log
2023/05/13 11:22 16m retest repro upstream report log
2023/05/13 11:22 13m retest repro linux-next report log
2023/05/13 11:22 13m retest repro upstream report log
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2021/05/22 14:03 26m bisect fix upstream OK (2) job log
2021/01/08 12:03 21m bisect fix upstream OK (0) job log log
2020/10/26 21:00 18m bisect fix upstream OK (0) job log log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 0 PID: 3761 Comm: syz-executor352 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
RIP: 0010:d_backing_inode include/linux/dcache.h:542 [inline]
RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:1345
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000400f578 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000000d RSI: ffffffff83bd72fe RDI: 0000000000000068
RBP: ffffc9000400f750 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000008c07d R12: ffff8880763dca48
R13: ffffc9000400f750 R14: 00000000000007ff R15: 0000000000000000
FS:  00007f246f27e700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f246f27e718 CR3: 00000000717a9000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 vfs_getattr+0x22/0x60 fs/stat.c:158
 ovl_copy_up_one+0x12c/0x2870 fs/overlayfs/copy_up.c:965
 ovl_copy_up_flags+0x150/0x1d0 fs/overlayfs/copy_up.c:1047
 ovl_maybe_copy_up+0x140/0x190 fs/overlayfs/copy_up.c:1079
 ovl_open+0xf1/0x2d0 fs/overlayfs/file.c:152
 do_dentry_open+0x6cc/0x13f0 fs/open.c:882
 do_open fs/namei.c:3557 [inline]
 path_openat+0x1c92/0x28f0 fs/namei.c:3691
 do_filp_open+0x1b6/0x400 fs/namei.c:3718
 do_sys_openat2+0x16d/0x4c0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_open fs/open.c:1334 [inline]
 __se_sys_open fs/open.c:1330 [inline]
 __x64_sys_open+0x119/0x1c0 fs/open.c:1330
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f246f2f2b49
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f246f27e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f246f3774b0 RCX: 00007f246f2f2b49
RDX: 0000000000000000 RSI: 0000000000000300 RDI: 0000000020000140
RBP: 00007f246f3442ac R08: 00007f246f27e700 R09: 0000000000000000
R10: 00007f246f27e700 R11: 0000000000000246 R12: 0031656c69662f2e
R13: 79706f636174656d R14: 0079616c7265766f R15: 00007f246f3774b8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:542 [inline]
RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:1345
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000400f578 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000000d RSI: ffffffff83bd72fe RDI: 0000000000000068
RBP: ffffc9000400f750 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000008c07d R12: ffff8880763dca48
R13: ffffc9000400f750 R14: 00000000000007ff R15: 0000000000000000
FS:  00007f246f27e700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005643c9471000 CR3: 00000000717a9000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess):
   0:	48 89 fa             	mov    %rdi,%rdx
   3:	48 c1 ea 03          	shr    $0x3,%rdx
   7:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   b:	0f 85 04 01 00 00    	jne    0x115
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	49 8b 5d 08          	mov    0x8(%r13),%rbx
  1f:	48 8d 7b 68          	lea    0x68(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 d7 00 00 00    	jne    0x10b
  34:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3b:	fc ff df
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Crashes (55):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/15 17:24 upstream 55be6084c8e0 67cb024c .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2022/11/13 01:10 linux-next f8f60f322f06 3ead01ad .config strace log report syz C [mounted in repro] ci-upstream-linux-next-kasan-gce-root general protection fault in security_inode_getattr
2020/09/13 04:59 upstream 729e3d091984 ce441f06 .config console log report syz ci-upstream-kasan-gce-root
2020/09/09 07:11 upstream 6f6a73c8b715 abf9ba4f .config console log report syz ci-upstream-kasan-gce-smack-root
2020/08/24 19:36 upstream d012a7190fc1 67b599d1 .config console log report syz ci-upstream-kasan-gce-smack-root
2020/09/26 21:00 linux-next d1d2220c7f39 2d5ea0cb .config console log report syz ci-upstream-linux-next-kasan-gce-root
2023/02/18 20:12 upstream 38f8ccde04a3 d02e9a70 .config console log report info ci2-upstream-fs general protection fault in security_inode_getattr
2023/01/05 10:24 upstream 512dee0c00ad 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in security_inode_getattr
2022/12/28 09:24 upstream 1b929c02afd3 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in security_inode_getattr
2021/09/10 12:59 upstream bf9f243f23e6 5ae8508a .config console log report info ci-upstream-kasan-gce-smack-root general protection fault in security_inode_getattr
2021/09/09 20:46 upstream a3fa7a101dcf e2776ee4 .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/08/27 22:16 upstream 1a6436f37512 d5a29e53 .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/08/16 13:00 upstream 7c60610d4767 33c26cb7 .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/08/14 02:55 upstream dfa377c35d70 2489ab88 .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/08/05 22:28 upstream 902e7f373fff d2d6e680 .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/07/25 06:20 upstream 6498f6151825 4d1b57d4 .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/07/19 04:22 upstream 2734d6c1b1a0 f115ae98 .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/07/18 16:41 upstream 1d67c8d993ba f115ae98 .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/07/17 05:41 upstream d980cc0620ae f115ae98 .config console log report info ci-qemu-upstream general protection fault in security_inode_getattr
2021/07/16 02:24 upstream dd9c7df94c1b f115ae98 .config console log report info ci-upstream-kasan-gce-smack-root general protection fault in security_inode_getattr
2021/06/09 01:33 upstream 4c8684fe555e 5c2fe346 .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/06/07 11:58 upstream 614124bea77e e59537be .config console log report info ci-upstream-kasan-gce-smack-root general protection fault in security_inode_getattr
2021/06/04 22:01 upstream 16f0596fc1d7 966a236b .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/04/22 11:02 upstream 16fc44d6387e 33c28d03 .config console log report info ci-qemu-upstream general protection fault in security_inode_getattr
2021/04/16 18:06 upstream 2f7b98d1e55c 7e2b734b .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/04/15 00:20 upstream 7f75285ca572 fcdb12ba .config console log report info ci-qemu-upstream general protection fault in security_inode_getattr
2021/03/16 18:55 upstream 1df27313f50a fdb2bb2c .config console log report info ci-upstream-kasan-gce-smack-root general protection fault in security_inode_getattr
2021/03/10 00:28 upstream 144c79ef3353 26967e35 .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/03/04 09:53 upstream f69d02e37a85 d7e4e604 .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/02/23 16:09 upstream 3b9cdafb5358 fcc6d71b .config console log report info ci-upstream-kasan-gce-smack-root general protection fault in security_inode_getattr
2021/02/19 16:09 upstream f40ddce88593 f689d40a .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/02/17 10:56 upstream f40ddce88593 052f8d9f .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/02/14 14:24 upstream 358feceebbf6 98682e5e .config console log report info ci-upstream-kasan-gce-smack-root general protection fault in security_inode_getattr
2021/02/10 21:36 upstream e0756cfc7d7c a52ee10a .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in security_inode_getattr
2021/01/23 23:33 upstream e1ae4b0be158 52e37319 .config console log report info ci-upstream-kasan-gce-root general protection fault in security_inode_getattr
2021/07/24 11:37 linux-next 90d856e71443 4d1b57d4 .config console log report info ci-upstream-linux-next-kasan-gce-root general protection fault in security_inode_getattr
2021/06/09 03:28 linux-next a1f92694393a 5c2fe346 .config console log report info ci-upstream-linux-next-kasan-gce-root general protection fault in security_inode_getattr
2021/04/08 14:20 linux-next 6145d80cfc62 6a81331a .config console log report info ci-upstream-linux-next-kasan-gce-root general protection fault in security_inode_getattr
2021/04/05 03:09 linux-next 454c576c3f5e 6a81331a .config console log report info ci-upstream-linux-next-kasan-gce-root general protection fault in security_inode_getattr
2021/01/17 03:20 upstream 0da0a8a0a0e1 65a7a854 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/09 00:34 upstream 7d8761ba27fc a7f7f4a4 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/11/17 21:14 upstream 111e91a6df50 bd2a760b .config console log report info ci-upstream-kasan-gce-root
2020/11/17 20:54 upstream 111e91a6df50 bd2a760b .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/13 22:05 upstream e4c26faa426c 2d3cdd63 .config console log report ci-upstream-kasan-gce-smack-root
2020/08/24 12:50 upstream d012a7190fc1 67b599d1 .config console log report ci-upstream-kasan-gce-smack-root
2020/08/20 23:28 upstream da2968ff879b 1d75fe45 .config console log report ci-upstream-kasan-gce-selinux-root
2020/08/20 06:57 upstream 7eac66d0456f ed282a3a .config console log report ci-upstream-kasan-gce-selinux-root
2020/08/17 05:40 upstream 4b6c093e21d3 424dd8e7 .config console log report ci-upstream-kasan-gce-selinux-root
2020/08/12 02:27 upstream c636eef2ee36 bb3e5fe6 .config console log report ci-upstream-kasan-gce-smack-root
2020/07/28 12:29 upstream 92ed30191993 cb93dc6a .config console log report ci-upstream-kasan-gce-root
2020/07/23 12:27 upstream d15be546031c 340ea530 .config console log report ci-upstream-kasan-gce-smack-root
2020/07/19 02:07 upstream 6a70f89cc58f 9c812472 .config console log report ci-upstream-kasan-gce-root
2020/07/29 20:22 linux-next 04b457178630 19a8de55 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/07/26 22:19 linux-next 26027945c94a 51265195 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.