bisecting cause commit starting from 77dd11439b86e3f7990e4c0c9e0b67dca82750ba building syzkaller on b318694d0fc0781d0bc1e3aebfb916aa36731024 testing commit 77dd11439b86e3f7990e4c0c9e0b67dca82750ba compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 81b6050ca84c1185989f012ad4389d66543a3e1bb21577f29d992c78ef1a1f0b all runs: crashed: general protection fault in legacy_parse_param testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: eaab50170f966c8b3eb39852b91e95d9bc7e454d96827a490e5a435720d1ffbe all runs: crashed: general protection fault in legacy_parse_param testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a2c67d0aa4cd9031fb2dccc0e9429d13c38be324308c26aa1ef6b084265ddb79 all runs: crashed: general protection fault in legacy_parse_param testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 760afc9eb3d03287b34ea942b7a411382f5645571be3e022de43df2d69784b74 all runs: crashed: general protection fault in legacy_parse_param testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ed87a01106570e960457a093defc61da2463f8df499a22d92a19e05b34bca040 all runs: crashed: general protection fault in legacy_parse_param testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a6ff38e82dd9e7b72f8594f21d4456e9f130fed2d0baffe8f9a1ac831a8846b8 all runs: crashed: general protection fault in legacy_parse_param testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 148af9454d2419d8c534f359dc0ada77e2a0b73e26499bd1d569517b33bb77e1 all runs: crashed: general protection fault in legacy_parse_param testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c39813ac1b4cf9ee17cd9581d29834c9312d7a9e2d37c5149682cd29e326d445 all runs: crashed: general protection fault in legacy_parse_param testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 65e9f41c1707ffe281e68adea77024db743fc3aec52e15a3092851b775aa1091 all runs: OK # git bisect start 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: f39106865550923d18cf911b46469ed498467a76c3b1bc1ccd999139fe56ecc0 all runs: OK # git bisect good 50a5de895dbe5df947b3a695777db5b2c313e065 Bisecting: 3742 revisions left to test after this (roughly 12 steps) [d38c07afc356ddebaa3ed8ecb3f553340e05c969] Merge tag 'powerpc-5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit d38c07afc356ddebaa3ed8ecb3f553340e05c969 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 878e0a522f564610b8cdd0b643191596574f2a94228d2fda3274f06673d49290 all runs: OK # git bisect good d38c07afc356ddebaa3ed8ecb3f553340e05c969 Bisecting: 1871 revisions left to test after this (roughly 11 steps) [cf01699ee220c38099eb3e43ce3d10690c8b7060] tools/vm: fix cross-compile build testing commit cf01699ee220c38099eb3e43ce3d10690c8b7060 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b1786add92b81170eef6422f96e638beb717bf17f0e82fac079151a21825c449 all runs: OK # git bisect good cf01699ee220c38099eb3e43ce3d10690c8b7060 Bisecting: 936 revisions left to test after this (roughly 10 steps) [4334f30ebf395b204c6cbeabf371a5a998d6ba7c] Merge tag 'char-misc-5.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 4334f30ebf395b204c6cbeabf371a5a998d6ba7c compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 8ec8bc77596eb2a610fdde18e3645623153216eab387711e4eca6d893f945d71 all runs: crashed: general protection fault in legacy_parse_param # git bisect bad 4334f30ebf395b204c6cbeabf371a5a998d6ba7c Bisecting: 466 revisions left to test after this (roughly 9 steps) [d4fb4bfb37172dbe107aa6f093508fe80c73a46d] Merge tag '5.7-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit d4fb4bfb37172dbe107aa6f093508fe80c73a46d compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: bbdc2262a46ab5f8eaa0521fe88b3915d46d7dcc443ef79092982b88ea5097af all runs: OK # git bisect good d4fb4bfb37172dbe107aa6f093508fe80c73a46d Bisecting: 248 revisions left to test after this (roughly 8 steps) [b9388959ba507c7a48ac18e4aa3b63b8a910ed99] Merge tag 'tag-chrome-platform-fixes-for-v5.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux testing commit b9388959ba507c7a48ac18e4aa3b63b8a910ed99 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6de2acc9a140ad0b6cfb00e0237d5eef2b382d1316dfaf5f8be915e4d43b3a66 all runs: OK # git bisect good b9388959ba507c7a48ac18e4aa3b63b8a910ed99 Bisecting: 124 revisions left to test after this (roughly 7 steps) [a811c1fa0a02c062555b54651065899437bacdbe] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit a811c1fa0a02c062555b54651065899437bacdbe compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 38a4fa94f1d746e66ef7ca5fc141d9997389aaedcb9391a80efe7545ab5bc558 all runs: OK # git bisect good a811c1fa0a02c062555b54651065899437bacdbe Bisecting: 58 revisions left to test after this (roughly 6 steps) [af38553c661207f96464e15f3506bf788daee474] Merge branch 'akpm' (patches from Andrew) testing commit af38553c661207f96464e15f3506bf788daee474 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b83db438788453211de129ad3dd269a094515a26c295795ecd28fb7842587862 all runs: crashed: general protection fault in legacy_parse_param # git bisect bad af38553c661207f96464e15f3506bf788daee474 Bisecting: 33 revisions left to test after this (roughly 5 steps) [6e7f2eacf09811d092c1b41263108ac7fe0d089d] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 6e7f2eacf09811d092c1b41263108ac7fe0d089d compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ff85754cfbf9845829ec5b278ee903ac5090fbac231c4376a363c1541b0eb587 all runs: OK # git bisect good 6e7f2eacf09811d092c1b41263108ac7fe0d089d Bisecting: 17 revisions left to test after this (roughly 4 steps) [192ffb7515839b1cc8457e0a8c1e09783de019d3] Merge tag 'trace-v5.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 192ffb7515839b1cc8457e0a8c1e09783de019d3 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1462d3d4d26532b6dea8e4e4836791ea318af38ca8537e98bba9cc4df258dbec all runs: OK # git bisect good 192ffb7515839b1cc8457e0a8c1e09783de019d3 Bisecting: 8 revisions left to test after this (roughly 3 steps) [cbfc35a48609ceac978791e3ab9dde0c01f8cb20] mm/slub: fix incorrect interpretation of s->offset testing commit cbfc35a48609ceac978791e3ab9dde0c01f8cb20 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: e13c9bf182f308d469ef673f9087c2c5221d8b1458a42c193268c0d5da879054 all runs: OK # git bisect good cbfc35a48609ceac978791e3ab9dde0c01f8cb20 Bisecting: 4 revisions left to test after this (roughly 2 steps) [17e34526f0a8f81a214d1ee6f7d8ad2a9c9bae33] mm/vmscan: remove unnecessary argument description of isolate_lru_pages() testing commit 17e34526f0a8f81a214d1ee6f7d8ad2a9c9bae33 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: eac9d3d746a14ccf30573d679b11c83b374c71d120b080c2e514db4c0e664509 all runs: OK # git bisect good 17e34526f0a8f81a214d1ee6f7d8ad2a9c9bae33 Bisecting: 2 revisions left to test after this (roughly 1 step) [14f69140ff9c92a0928547ceefb153a842e8492c] mm: limit boost_watermark on small zones testing commit 14f69140ff9c92a0928547ceefb153a842e8492c compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 4e81c8c989229705f15c2333cccaaea4e5f31e0fa7b09270efb4722f40f9091d all runs: OK # git bisect good 14f69140ff9c92a0928547ceefb153a842e8492c Bisecting: 0 revisions left to test after this (roughly 1 step) [79dede78c0573618e3137d3d8cbf78c84e25fabd] Merge branch 'for-v5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security testing commit 79dede78c0573618e3137d3d8cbf78c84e25fabd compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a4228c5cb8555f70e640f5c6df92af68ced0d9948121481424ccebe2bef96efd all runs: crashed: general protection fault in legacy_parse_param # git bisect bad 79dede78c0573618e3137d3d8cbf78c84e25fabd Bisecting: 0 revisions left to test after this (roughly 0 steps) [54261af473be4c5481f6196064445d2945f2bdab] security: Fix the default value of fs_context_parse_param hook testing commit 54261af473be4c5481f6196064445d2945f2bdab compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 4246a77a2628f192eccb098c822e8632d08b33b3c73cd1960b5b6f7fd76ed05c all runs: crashed: general protection fault in legacy_parse_param # git bisect bad 54261af473be4c5481f6196064445d2945f2bdab 54261af473be4c5481f6196064445d2945f2bdab is the first bad commit commit 54261af473be4c5481f6196064445d2945f2bdab Author: KP Singh Date: Thu Apr 30 17:52:40 2020 +0200 security: Fix the default value of fs_context_parse_param hook security_fs_context_parse_param is called by vfs_parse_fs_param and a succussful return value (i.e 0) implies that a parameter will be consumed by the LSM framework. This stops all further parsing of the parmeter by VFS. Furthermore, if an LSM hook returns a success, the remaining LSM hooks are not invoked for the parameter. The current default behavior of returning success means that all the parameters are expected to be parsed by the LSM hook and none of them end up being populated by vfs in fs_context This was noticed when lsm=bpf is supplied on the command line before any other LSM. As the bpf lsm uses this default value to implement a default hook, this resulted in a failure to parse any fs_context parameters and a failure to mount the root filesystem. Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") Reported-by: Mikko Ylinen Signed-off-by: KP Singh Signed-off-by: James Morris include/linux/lsm_hook_defs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) parent commit c45e8bccecaf633480d378daff11e122dfd5e96d wasn't tested testing commit c45e8bccecaf633480d378daff11e122dfd5e96d compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0af4662f0c6eaeb52a57e62d7baf220eabbfca82a836422d428b3962b96d3dac culprit signature: 4246a77a2628f192eccb098c822e8632d08b33b3c73cd1960b5b6f7fd76ed05c parent signature: 0af4662f0c6eaeb52a57e62d7baf220eabbfca82a836422d428b3962b96d3dac revisions tested: 24, total time: 5h23m29.502101077s (build: 2h53m42.567967058s, test: 2h26m32.015496085s) first bad commit: 54261af473be4c5481f6196064445d2945f2bdab security: Fix the default value of fs_context_parse_param hook recipients (to): ["jmorris@namei.org" "kpsingh@google.com" "linux-kernel@vger.kernel.org"] recipients (cc): ["andriin@fb.com" "ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "kafai@fb.com" "netdev@vger.kernel.org" "songliubraving@fb.com" "yhs@fb.com"] crash: general protection fault in legacy_parse_param general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 10793 Comm: syz-executor.0 Not tainted 5.7.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:memchr+0x29/0x80 lib/string.c:1034 Code: c3 55 48 89 f8 48 01 fa 48 bd 00 00 00 00 00 fc ff df 53 48 83 ec 18 eb 27 48 8d 58 01 48 89 c1 48 89 c7 48 c1 e9 03 83 e7 07 <0f> b6 0c 29 40 38 f9 7f 04 84 c9 75 17 40 3a 73 ff 74 0a 48 89 d8 RSP: 0018:ffffc9000a0a7d90 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 000000000000002c RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000001 R09: fffffbfff1c8730a R10: ffffffff8e43984f R11: fffffbfff1c87309 R12: 0000000000000002 R13: ffff8880a30464d0 R14: ffffc9000a0a7e98 R15: ffff8880a30464c0 FS: 00007f5e95263700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005680c0 CR3: 00000000a46e4000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: memchr include/linux/string.h:432 [inline] legacy_parse_param+0x443/0x840 fs/fs_context.c:567 vfs_parse_fs_param+0x240/0x5b0 fs/fs_context.c:147 __do_sys_fsconfig fs/fsopen.c:439 [inline] __se_sys_fsconfig fs/fsopen.c:314 [inline] __x64_sys_fsconfig+0x4cc/0x5d0 fs/fsopen.c:314 do_syscall_64+0x98/0x560 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5e95263188 EFLAGS: 00000246 ORIG_RAX: 00000000000001af RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 RDX: 0000000020000080 RSI: 0000000000000001 RDI: 0000000000000003 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000200000c0 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe300c5adf R14: 00007f5e95263300 R15: 0000000000022000 Modules linked in: ---[ end trace 911acd5879b8dc5e ]--- RIP: 0010:memchr+0x29/0x80 lib/string.c:1034 Code: c3 55 48 89 f8 48 01 fa 48 bd 00 00 00 00 00 fc ff df 53 48 83 ec 18 eb 27 48 8d 58 01 48 89 c1 48 89 c7 48 c1 e9 03 83 e7 07 <0f> b6 0c 29 40 38 f9 7f 04 84 c9 75 17 40 3a 73 ff 74 0a 48 89 d8 RSP: 0018:ffffc9000a0a7d90 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 000000000000002c RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000001 R09: fffffbfff1c8730a R10: ffffffff8e43984f R11: fffffbfff1c87309 R12: 0000000000000002 R13: ffff8880a30464d0 R14: ffffc9000a0a7e98 R15: ffff8880a30464c0 FS: 00007f5e95263700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005680c0 CR3: 00000000a46e4000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: c3 retq 1: 55 push %rbp 2: 48 89 f8 mov %rdi,%rax 5: 48 01 fa add %rdi,%rdx 8: 48 bd 00 00 00 00 00 movabs $0xdffffc0000000000,%rbp f: fc ff df 12: 53 push %rbx 13: 48 83 ec 18 sub $0x18,%rsp 17: eb 27 jmp 0x40 19: 48 8d 58 01 lea 0x1(%rax),%rbx 1d: 48 89 c1 mov %rax,%rcx 20: 48 89 c7 mov %rax,%rdi 23: 48 c1 e9 03 shr $0x3,%rcx 27: 83 e7 07 and $0x7,%edi * 2a: 0f b6 0c 29 movzbl (%rcx,%rbp,1),%ecx <-- trapping instruction 2e: 40 38 f9 cmp %dil,%cl 31: 7f 04 jg 0x37 33: 84 c9 test %cl,%cl 35: 75 17 jne 0x4e 37: 40 3a 73 ff cmp -0x1(%rbx),%sil 3b: 74 0a je 0x47 3d: 48 89 d8 mov %rbx,%rax