bisecting fixing commit since 32ee7492f104d82b01a44fc4b4ae17d5d2bb237b
building syzkaller on 2274ad39c8bee8efda31dc31ec8933d5624e8fe4
testing commit 32ee7492f104d82b01a44fc4b4ae17d5d2bb237b with gcc (GCC) 8.1.0
kernel signature: 225c509b3baedbdc3223cdca3f65e4a76f4ea4fb496be8de250ab2885941017a
run #0: crashed: WARNING in bpf_prog_kallsyms_find
run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #8: crashed: WARNING in bpf_prog_kallsyms_find
run #9: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
testing current HEAD 6dd0e32665e591e9debe3edaf73c2f8135bf047e
testing commit 6dd0e32665e591e9debe3edaf73c2f8135bf047e with gcc (GCC) 8.1.0
kernel signature: dc015ddaaab83fab335acc8aa8db74d844d42911a53a66600e9cd3fc28dfc6e3
run #0: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #1: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find
run #2: crashed: WARNING in bpf_prog_kallsyms_find
run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #7: crashed: WARNING in bpf_prog_kallsyms_find
run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
revisions tested: 2, total time: 27m6.171881532s (build: 17m23.373071887s, test: 8m25.038133643s)
the crash still happens on HEAD
commit msg: Linux 4.19.115
crash: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
BUG: unable to handle kernel paging request at ffffc900019fc030
PGD aa49b067 P4D aa49b067 PUD 21bc31067 PMD 219b85067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3692 Comm: systemd-udevd Not tainted 4.19.115-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:bpf_jit_binary_hdr include/linux/filter.h:699 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:380 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:437 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0xc3/0x2e0 kernel/bpf/core.c:511
Code: 03 42 80 3c 30 00 0f 85 1c 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 50 01 00 00 49 8d 7d 02 <49> 8b 5d 30 48 89 f8 49 89 f9 48 c1 e8 03 41 83 e1 07 42 0f b6 04
RSP: 0018:ffff888090d97248 EFLAGS: 00010246
RAX: 1ffff9200033f806 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000000139ac RDI: ffffc900019fc002
RBP: ffff888090d97288 R08: ffffffff8840dbc0 R09: ffffed1015d44732
R10: ffffed1015d44732 R11: ffff8880aea23993 R12: ffff888091354070
R13: ffffc900019fc000 R14: dffffc0000000000 R15: ffff888091354070
FS:  00007f8245d338c0(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900019fc030 CR3: 0000000090f97000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 is_bpf_text_address+0x48/0xe0 kernel/bpf/core.c:546
 kernel_text_address+0x79/0xf0 kernel/extable.c:152
 __kernel_text_address+0xd/0x40 kernel/extable.c:107
 unwind_get_return_address+0x61/0xa0 arch/x86/kernel/unwind_frame.c:18
 __save_stack_trace+0x9c/0x100 arch/x86/kernel/stacktrace.c:45
 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60
 save_stack+0x43/0xd0 mm/kasan/kasan.c:448
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553
 __do_kmalloc mm/slab.c:3727 [inline]
 __kmalloc_track_caller+0x157/0x760 mm/slab.c:3742
 kmemdup_nul+0x25/0x90 mm/util.c:138
 security_context_to_sid_core.isra.15+0xa2/0x560 security/selinux/ss/services.c:1463
 security_context_to_sid+0x23/0x30 security/selinux/ss/services.c:1525
 selinux_inode_setsecurity+0x16d/0x430 security/selinux/hooks.c:3501
 selinux_inode_notifysecctx+0x18/0x30 security/selinux/hooks.c:6647
 security_inode_notifysecctx+0x4a/0x90 security/security.c:1343
 kernfs_refresh_inode+0x31e/0x4a0 fs/kernfs/inode.c:195
 kernfs_iop_permission+0x53/0x80 fs/kernfs/inode.c:302
 do_inode_permission fs/namei.c:386 [inline]
 inode_permission+0x271/0x3e0 fs/namei.c:451
 may_lookup fs/namei.c:1703 [inline]
 link_path_walk.part.40+0x6f9/0x1550 fs/namei.c:2085
 link_path_walk fs/namei.c:2073 [inline]
 path_lookupat.isra.43+0x1aa/0x850 fs/namei.c:2318
 filename_lookup.part.57+0x160/0x360 fs/namei.c:2349
 filename_lookup fs/namei.c:2342 [inline]
 user_path_at_empty+0x39/0x40 fs/namei.c:2609
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx+0xbe/0x150 fs/stat.c:185
 vfs_lstat include/linux/fs.h:3134 [inline]
 __do_sys_newlstat+0x85/0xe0 fs/stat.c:350
 __se_sys_newlstat fs/stat.c:344 [inline]
 __x64_sys_newlstat+0x4f/0x70 fs/stat.c:344
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f8244ba6335
Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
RSP: 002b:00007ffe9e76a5a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000560a05bf6210 RCX: 00007f8244ba6335
RDX: 00007ffe9e76a5e0 RSI: 00007ffe9e76a5e0 RDI: 0000560a05bf5210
RBP: 00007ffe9e76a6a0 R08: 00007f8244e65238 R09: 0000000000001010
R10: 00007f8244e64b58 R11: 0000000000000246 R12: 0000560a05bf5210
R13: 0000560a05bf522a R14: 0000560a05bdc255 R15: 0000560a05bdc25a
Modules linked in:
CR2: ffffc900019fc030
---[ end trace d56582503341b183 ]---
RIP: 0010:bpf_jit_binary_hdr include/linux/filter.h:699 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:380 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:437 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0xc3/0x2e0 kernel/bpf/core.c:511
Code: 03 42 80 3c 30 00 0f 85 1c 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 50 01 00 00 49 8d 7d 02 <49> 8b 5d 30 48 89 f8 49 89 f9 48 c1 e8 03 41 83 e1 07 42 0f b6 04
RSP: 0018:ffff888090d97248 EFLAGS: 00010246
RAX: 1ffff9200033f806 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000000139ac RDI: ffffc900019fc002
RBP: ffff888090d97288 R08: ffffffff8840dbc0 R09: ffffed1015d44732
R10: ffffed1015d44732 R11: ffff8880aea23993 R12: ffff888091354070
R13: ffffc900019fc000 R14: dffffc0000000000 R15: ffff888091354070
FS:  00007f8245d338c0(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900019fc030 CR3: 0000000090f97000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400