ci2 starts bisection 2024-07-15 02:31:39.240233478 +0000 UTC m=+290023.787864944 bisecting fixing commit since 8790a94475c92d0969f6ff47b55fd15c4919ccaa building syzkaller on bcd9b39fec6079d0458646b5a7c4fb7e5421c49e ensuring issue is reproducible on original commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa testing commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: eac1b597ea753bc9bd2ef1333dcc93d46262eb64b5119172035860e49817ab81 all runs: crashed: general protection fault in security_inode_getattr representative crash: general protection fault in security_inode_getattr, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: da360a46155ca028719466228c09a07c0f263a66b9dcddda008f2ac550756708 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr representative crash: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed kconfig minimization: base=5179 full=6492 leaves diff=255 split chunks (needed=false): <255> split chunk #0 of len 255 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e6558a53ff5848083393f696de69255afc1316309b1e9d5210fad0f9b975214e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr representative crash: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8ca212ae8e9f9e19d25198bbf83e7ccce8438e51bcbc696a719d51e5c70d5244 run #0: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc002ab76d0 0xc002ab77c0 0xc002ab7860] Location: Message:The zone 'projects/syzkaller/zones/us-central1-b' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #1: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc002b4e0a0 0xc002b4e780 0xc002b4e820] Location: Message:The zone 'projects/syzkaller/zones/us-central1-b' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #2: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc002ab7a90 0xc002ab7b80 0xc002ab7c20] Location: Message:The zone 'projects/syzkaller/zones/us-central1-b' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr representative crash: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e621de3e55cea5a8338faf58b143193b5bac45d39e28e0a841ac5cde12042ab9 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr representative crash: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e1a1a5c502b0c6757505c2225f81d22b58cd9e4926b3f91a8f4b20598f54b3cf all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr representative crash: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 8790a94475c92d0969f6ff47b55fd15c4919ccaa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 8790a94475c92d0969f6ff47b55fd15c4919ccaa: net/socket.c:1242: undefined reference to `wext_handle_ioctl' net/socket.c:3437: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 51 configs; suspects: [HID_ZEROPLUS USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing current HEAD 96d66062d0767aeafb690ce014ec91785820d62b testing commit 96d66062d0767aeafb690ce014ec91785820d62b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 27e601d513821267460d15c55e0c4d315a63027166591b84e0d3e19b555d5564 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr representative crash: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr, types: [UNKNOWN] crash still not fixed/happens on the oldest tested release revisions tested: 7, total time: 39m5.377793384s (build: 17m18.046114033s, test: 19m30.059689566s) crash still not fixed or there were kernel test errors commit msg: ANDROID: GKI: Add initialization for mutex oem_data. crash: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr BUG: kernel NULL pointer dereference, address: 0000000000000030 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 11705a067 P4D 11705a067 PUD 117057067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 359 Comm: syz-executor.0 Not tainted 6.1.84-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline] RIP: 0010:security_inode_getattr+0xd/0x50 security/security.c:1359 Code: ff 53 18 85 c0 74 eb 41 89 c6 44 89 f0 5b 41 5c 41 5e 41 5f 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 53 48 8b 47 08 <48> 8b 40 30 45 31 f6 f6 40 0d 02 75 1f 49 89 ff 48 c7 c3 08 89 d5 RSP: 0018:ffffc9000076b7f8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000076b8e0 RCX: 0000000000000000 RDX: 00000000000007ff RSI: ffffc9000076b8f0 RDI: ffffc9000076b8e0 RBP: ffffc9000076b810 R08: 0000000000040006 R09: ffffc9000076b8e0 R10: 0000000000000000 R11: ffff888108cfbbb8 R12: ffffc9000076b8f0 R13: 00000000ffffffe6 R14: 0000000000000000 R15: 00000000000007ff FS: 00007f3fdd2196c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 000000011705b000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vfs_getattr+0x1e/0xc0 fs/stat.c:158 ovl_copy_up_one fs/overlayfs/copy_up.c:974 [inline] ovl_copy_up_flags+0x1be/0x13c0 fs/overlayfs/copy_up.c:1060 ovl_maybe_copy_up+0x89/0xa0 fs/overlayfs/copy_up.c:1092 ovl_open+0x43/0xb0 fs/overlayfs/file.c:155 do_dentry_open+0x253/0x3d0 fs/open.c:884 vfs_open fs/open.c:1015 [inline] dentry_open+0x46/0x70 fs/open.c:1031 file_open+0xc4/0x220 fs/incfs/vfs.c:1473 do_dentry_open+0x253/0x3d0 fs/open.c:884 vfs_open+0x28/0x30 fs/open.c:1015 do_open fs/namei.c:3627 [inline] path_openat+0x9e0/0xb60 fs/namei.c:3784 do_filp_open+0xad/0x150 fs/namei.c:3811 do_sys_openat2+0x8e/0x240 fs/open.c:1341 do_sys_open fs/open.c:1357 [inline] __do_sys_openat fs/open.c:1373 [inline] __se_sys_openat fs/open.c:1368 [inline] __x64_sys_openat+0x79/0xa0 fs/open.c:1368 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f3fdc47dda9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3fdd2190c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f3fdc5abf80 RCX: 00007f3fdc47dda9 RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000004 RBP: 00007f3fdc4ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f3fdc5abf80 R15: 00007ffe4aa00ca8 Modules linked in: CR2: 0000000000000030 ---[ end trace 0000000000000000 ]--- RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline] RIP: 0010:security_inode_getattr+0xd/0x50 security/security.c:1359 Code: ff 53 18 85 c0 74 eb 41 89 c6 44 89 f0 5b 41 5c 41 5e 41 5f 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 53 48 8b 47 08 <48> 8b 40 30 45 31 f6 f6 40 0d 02 75 1f 49 89 ff 48 c7 c3 08 89 d5 RSP: 0018:ffffc9000076b7f8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000076b8e0 RCX: 0000000000000000 RDX: 00000000000007ff RSI: ffffc9000076b8f0 RDI: ffffc9000076b8e0 RBP: ffffc9000076b810 R08: 0000000000040006 R09: ffffc9000076b8e0 R10: 0000000000000000 R11: ffff888108cfbbb8 R12: ffffc9000076b8f0 R13: 00000000ffffffe6 R14: 0000000000000000 R15: 00000000000007ff FS: 00007f3fdd2196c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 000000011705b000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: ff 53 18 call *0x18(%rbx) 3: 85 c0 test %eax,%eax 5: 74 eb je 0xfffffff2 7: 41 89 c6 mov %eax,%r14d a: 44 89 f0 mov %r14d,%eax d: 5b pop %rbx e: 41 5c pop %r12 10: 41 5e pop %r14 12: 41 5f pop %r15 14: 5d pop %rbp 15: c3 ret 16: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1d: 55 push %rbp 1e: 48 89 e5 mov %rsp,%rbp 21: 41 57 push %r15 23: 41 56 push %r14 25: 53 push %rbx 26: 48 8b 47 08 mov 0x8(%rdi),%rax * 2a: 48 8b 40 30 mov 0x30(%rax),%rax <-- trapping instruction 2e: 45 31 f6 xor %r14d,%r14d 31: f6 40 0d 02 testb $0x2,0xd(%rax) 35: 75 1f jne 0x56 37: 49 89 ff mov %rdi,%r15 3a: 48 rex.W 3b: c7 .byte 0xc7 3c: c3 ret 3d: 08 .byte 0x8 3e: 89 d5 mov %edx,%ebp