syzbot


general protection fault in security_inode_getattr
Status: upstream: reported syz repro on 2020/07/29 20:23
Reported-by: syzbot+f07cc9be8d1d226947ed@syzkaller.appspotmail.com
First crash: 676d, last: 258d

Cause bisection: introduced by (bisect log) :
commit 35697c12d7ffd31a56d3c9604066a166b75d0169
Author: Yonghong Song <yhs@fb.com>
Date: Thu Jan 16 17:40:04 2020 +0000

  selftests/bpf: Fix test_progs send_signal flakiness with nmi mode

Crash: general protection fault in security_inode_getattr (log)
Repro: syz .config

Fix bisection: the fix commit could be any of (bisect log):
  729e3d091984 Merge tag 'ceph-for-5.9-rc5' of git://github.com/ceph/ceph-client
  45af60e7ced0 Merge tag 'for-5.13-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 general protection fault in security_inode_getattr syz 2 625d 625d 0/2 upstream: reported syz repro on 2020/09/08 02:23
linux-4.19 general protection fault in security_inode_getattr C error 28 261d 648d 0/1 upstream: reported C repro on 2020/08/16 14:26

Sample crash report:
overlayfs: './file1' not a directory
general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 8787 Comm: syz-executor.5 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:d_backing_inode include/linux/dcache.h:549 [inline]
RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:1276
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000b7d7ae0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000000d RSI: ffffffff8358b71e RDI: 0000000000000068
RBP: ffffc9000b7d7ba8 R08: 0000000000000000 R09: ffff888079c6d557
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffffc9000b7d7ba8 R14: 0000000000000400 R15: 0000000000000000
FS:  00007efe38b94700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000008e5a8000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vfs_getattr+0x22/0x60 fs/stat.c:121
 ovl_getattr+0x80a/0xd20 fs/overlayfs/inode.c:245
 vfs_getattr_nosec+0x246/0x2e0 fs/stat.c:87
 vfs_getattr fs/stat.c:124 [inline]
 vfs_statx+0x199/0x390 fs/stat.c:206
 vfs_stat include/linux/fs.h:3173 [inline]
 __do_sys_newstat+0x91/0x110 fs/stat.c:361
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5f9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007efe38b93c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
RAX: ffffffffffffffda RBX: 0000000000033a40 RCX: 000000000045d5f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280
RBP: 000000000118d018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffef14ec4af R14: 00007efe38b949c0 R15: 000000000118cfec
Modules linked in:
---[ end trace dd9aa588b69aeb4f ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:549 [inline]
RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:1276
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 68 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0018:ffffc9000b7d7ae0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000000d RSI: ffffffff8358b71e RDI: 0000000000000068
RBP: ffffc9000b7d7ba8 R08: 0000000000000000 R09: ffff888079c6d557
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffffc9000b7d7ba8 R14: 0000000000000400 R15: 0000000000000000
FS:  00007efe38b94700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff20723090 CR3: 000000008e5a8000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (50):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2020/09/13 04:59 upstream 729e3d091984 ce441f06 .config log report syz
ci-upstream-kasan-gce-smack-root 2020/09/09 07:11 upstream 6f6a73c8b715 abf9ba4f .config log report syz
ci-upstream-kasan-gce-smack-root 2020/08/24 19:36 upstream d012a7190fc1 67b599d1 .config log report syz
ci-upstream-linux-next-kasan-gce-root 2020/09/26 21:00 linux-next d1d2220c7f39 2d5ea0cb .config log report syz
ci-upstream-kasan-gce-smack-root 2021/09/10 12:59 upstream bf9f243f23e6 5ae8508a .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/09/09 20:46 upstream a3fa7a101dcf e2776ee4 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/08/27 22:16 upstream 1a6436f37512 d5a29e53 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/08/16 13:00 upstream 7c60610d4767 33c26cb7 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/08/14 02:55 upstream dfa377c35d70 2489ab88 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/08/05 22:28 upstream 902e7f373fff d2d6e680 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/07/25 06:20 upstream 6498f6151825 4d1b57d4 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/07/19 04:22 upstream 2734d6c1b1a0 f115ae98 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/07/18 16:41 upstream 1d67c8d993ba f115ae98 .config log report info general protection fault in security_inode_getattr
ci-qemu-upstream 2021/07/17 05:41 upstream d980cc0620ae f115ae98 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/07/16 02:24 upstream dd9c7df94c1b f115ae98 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/06/09 01:33 upstream 4c8684fe555e 5c2fe346 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/06/07 11:58 upstream 614124bea77e e59537be .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/06/04 22:01 upstream 16f0596fc1d7 966a236b .config log report info general protection fault in security_inode_getattr
ci-qemu-upstream 2021/04/22 11:02 upstream 16fc44d6387e 33c28d03 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/04/16 18:06 upstream 2f7b98d1e55c 7e2b734b .config log report info general protection fault in security_inode_getattr
ci-qemu-upstream 2021/04/15 00:20 upstream 7f75285ca572 fcdb12ba .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/03/16 18:55 upstream 1df27313f50a fdb2bb2c .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/03/10 00:28 upstream 144c79ef3353 26967e35 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/03/04 09:53 upstream f69d02e37a85 d7e4e604 .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/02/23 16:09 upstream 3b9cdafb5358 fcc6d71b .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/02/19 16:09 upstream f40ddce88593 f689d40a .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/02/17 10:56 upstream f40ddce88593 052f8d9f .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-smack-root 2021/02/14 14:24 upstream 358feceebbf6 98682e5e .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/02/10 21:36 upstream e0756cfc7d7c a52ee10a .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-root 2021/01/23 23:33 upstream e1ae4b0be158 52e37319 .config log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/07/24 11:37 linux-next 90d856e71443 4d1b57d4 .config log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/06/09 03:28 linux-next a1f92694393a 5c2fe346 .config log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/04/08 14:20 linux-next 6145d80cfc62 6a81331a .config log report info general protection fault in security_inode_getattr
ci-upstream-linux-next-kasan-gce-root 2021/04/05 03:09 linux-next 454c576c3f5e 6a81331a .config log report info general protection fault in security_inode_getattr
ci-upstream-kasan-gce-selinux-root 2021/01/17 03:20 upstream 0da0a8a0a0e1 65a7a854 .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/09 00:34 upstream 7d8761ba27fc a7f7f4a4 .config log report info
ci-upstream-kasan-gce-root 2020/11/17 21:14 upstream 111e91a6df50 bd2a760b .config log report info
ci-upstream-kasan-gce-selinux-root 2020/11/17 20:54 upstream 111e91a6df50 bd2a760b .config log report info
ci-upstream-kasan-gce-smack-root 2020/09/13 22:05 upstream e4c26faa426c 2d3cdd63 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/24 12:50 upstream d012a7190fc1 67b599d1 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/20 23:28 upstream da2968ff879b 1d75fe45 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/20 06:57 upstream 7eac66d0456f ed282a3a .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/17 05:40 upstream 4b6c093e21d3 424dd8e7 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/12 02:27 upstream c636eef2ee36 bb3e5fe6 .config log report
ci-upstream-kasan-gce-root 2020/07/28 12:29 upstream 92ed30191993 cb93dc6a .config log report
ci-upstream-kasan-gce-smack-root 2020/07/23 12:27 upstream d15be546031c 340ea530 .config log report
ci-upstream-kasan-gce-root 2020/07/19 02:07 upstream 6a70f89cc58f 9c812472 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/29 20:22 linux-next 04b457178630 19a8de55 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/26 22:19 linux-next 26027945c94a 51265195 .config log report