general protection fault in security_inode_getattr
12 views
Skip to first unread message
syzbot
Sep 7, 2020, 10:23:15 PM9/7/20
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c99fd3bf UPSTREAM: spi: add power control when set_cs
git tree: android-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=13638829900000
kernel config: https://syzkaller.appspot.com/x/.config?x=cfb1b86f84d1d53d
dashboard link: https://syzkaller.appspot.com/bug?extid=80af3add22f1afdb306b
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+80af3a...@syzkaller.appspotmail.com
overlayfs: './file1' not a directory
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 15800 Comm: syz-executor.0 Not tainted 5.4.63-syzkaller-01129-gc99fd3bf1076 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:d_backing_inode include/linux/dcache.h:551 [inline]
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RSP: 0018:ffff88810a1ff978 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 0000000000040000
RDX: ffffc900004cf000 RSI: 0000000000000408 RDI: 0000000000000409
RBP: ffff88810a1ffb90 R08: dffffc0000000000 R09: ffff88810a1ffaa0
R10: ffffed102143ff56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff88810a1ffaa0 R14: ffff88810a1ffaa0 R15: dffffc0000000000
FS: 00007f96b8fe0700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe8f74fb000 CR3: 000000012104c001 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
vfs_getattr+0x27/0x6e0 fs/stat.c:115
ovl_getattr+0x313/0xe60 fs/overlayfs/inode.c:236
vfs_statx fs/stat.c:191 [inline]
vfs_stat include/linux/fs.h:3340 [inline]
__do_sys_newstat fs/stat.c:341 [inline]
__se_sys_newstat+0x105/0x8c0 fs/stat.c:337
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f96b8fdfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
RAX: ffffffffffffffda RBX: 00000000000339c0 RCX: 000000000045d5b9
RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000020000280
RBP: 000000000118d018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffe5af7f3bf R14: 00007f96b8fe09c0 R15: 000000000118cfec
Modules linked in:
---[ end trace 7ab361d6cc42004b ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:551 [inline]
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RSP: 0018:ffff88810a1ff978 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 0000000000040000
RDX: ffffc900004cf000 RSI: 0000000000000408 RDI: 0000000000000409
RBP: ffff88810a1ffb90 R08: dffffc0000000000 R09: ffff88810a1ffaa0
R10: ffffed102143ff56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff88810a1ffaa0 R14: ffff88810a1ffaa0 R15: dffffc0000000000
FS: 00007f96b8fe0700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001c000 CR3: 000000012104c004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: c99fd3bf UPSTREAM: spi: add power control when set_cs
git tree: android-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=13638829900000
kernel config: https://syzkaller.appspot.com/x/.config?x=cfb1b86f84d1d53d
dashboard link: https://syzkaller.appspot.com/bug?extid=80af3add22f1afdb306b
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+80af3a...@syzkaller.appspotmail.com
overlayfs: './file1' not a directory
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 15800 Comm: syz-executor.0 Not tainted 5.4.63-syzkaller-01129-gc99fd3bf1076 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:d_backing_inode include/linux/dcache.h:551 [inline]
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RSP: 0018:ffff88810a1ff978 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 0000000000040000
RDX: ffffc900004cf000 RSI: 0000000000000408 RDI: 0000000000000409
RBP: ffff88810a1ffb90 R08: dffffc0000000000 R09: ffff88810a1ffaa0
R10: ffffed102143ff56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff88810a1ffaa0 R14: ffff88810a1ffaa0 R15: dffffc0000000000
FS: 00007f96b8fe0700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe8f74fb000 CR3: 000000012104c001 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
vfs_getattr+0x27/0x6e0 fs/stat.c:115
ovl_getattr+0x313/0xe60 fs/overlayfs/inode.c:236
vfs_statx fs/stat.c:191 [inline]
vfs_stat include/linux/fs.h:3340 [inline]
__do_sys_newstat fs/stat.c:341 [inline]
__se_sys_newstat+0x105/0x8c0 fs/stat.c:337
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f96b8fdfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
RAX: ffffffffffffffda RBX: 00000000000339c0 RCX: 000000000045d5b9
RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000020000280
RBP: 000000000118d018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffe5af7f3bf R14: 00007f96b8fe09c0 R15: 000000000118cfec
Modules linked in:
---[ end trace 7ab361d6cc42004b ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:551 [inline]
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RSP: 0018:ffff88810a1ff978 EFLAGS: 00010206
RAX: 0000000000000006 RBX: 0000000000000030 RCX: 0000000000040000
RDX: ffffc900004cf000 RSI: 0000000000000408 RDI: 0000000000000409
RBP: ffff88810a1ffb90 R08: dffffc0000000000 R09: ffff88810a1ffaa0
R10: ffffed102143ff56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff88810a1ffaa0 R14: ffff88810a1ffaa0 R15: dffffc0000000000
FS: 00007f96b8fe0700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001c000 CR3: 000000012104c004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 7, 2020, 10:40:16 PM9/7/20
to syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: c99fd3bf UPSTREAM: spi: add power control when set_cs
git tree: android-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=117d05f9900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+80af3a...@syzkaller.appspotmail.com
RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff8881c6ec3e00
RDX: 0000000000000000 RSI: ffff8881d38afb90 RDI: ffff8881d38afaa0
RBP: ffff8881d38afb90 R08: dffffc0000000000 R09: ffff8881d38afaa0
R10: ffffed103a715f56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff8881d38afaa0 R14: ffff8881d38afaa0 R15: dffffc0000000000
FS: 00007fc78d96a700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
Modules linked in:
---[ end trace c1546054af02b65e ]---
RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff8881c6ec3e00
RDX: 0000000000000000 RSI: ffff8881d38afb90 RDI: ffff8881d38afaa0
RBP: ffff8881d38afb90 R08: dffffc0000000000 R09: ffff8881d38afaa0
R10: ffffed103a715f56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff8881d38afaa0 R14: ffff8881d38afaa0 R15: dffffc0000000000
FS: 00007fc78d96a700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
HEAD commit: c99fd3bf UPSTREAM: spi: add power control when set_cs
git tree: android-5.4
kernel config: https://syzkaller.appspot.com/x/.config?x=cfb1b86f84d1d53d
dashboard link: https://syzkaller.appspot.com/bug?extid=80af3add22f1afdb306b
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13469fc9900000
dashboard link: https://syzkaller.appspot.com/bug?extid=80af3add22f1afdb306b
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+80af3a...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3409 Comm: syz-executor.2 Not tainted 5.4.63-syzkaller-01129-gc99fd3bf1076 #0
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:d_backing_inode include/linux/dcache.h:551 [inline]
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RSP: 0018:ffff8881d38af978 EFLAGS: 00010206
RIP: 0010:d_backing_inode include/linux/dcache.h:551 [inline]
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff8881c6ec3e00
RDX: 0000000000000000 RSI: ffff8881d38afb90 RDI: ffff8881d38afaa0
RBP: ffff8881d38afb90 R08: dffffc0000000000 R09: ffff8881d38afaa0
R10: ffffed103a715f56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff8881d38afaa0 R14: ffff8881d38afaa0 R15: dffffc0000000000
FS: 00007fc78d96a700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562c8b83e798 CR3: 00000001cf925001 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vfs_getattr+0x27/0x6e0 fs/stat.c:115
ovl_getattr+0x313/0xe60 fs/overlayfs/inode.c:236
vfs_statx fs/stat.c:191 [inline]
vfs_stat include/linux/fs.h:3340 [inline]
__do_sys_newstat fs/stat.c:341 [inline]
__se_sys_newstat+0x105/0x8c0 fs/stat.c:337
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc78d969c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
vfs_getattr+0x27/0x6e0 fs/stat.c:115
ovl_getattr+0x313/0xe60 fs/overlayfs/inode.c:236
vfs_statx fs/stat.c:191 [inline]
vfs_stat include/linux/fs.h:3340 [inline]
__do_sys_newstat fs/stat.c:341 [inline]
__se_sys_newstat+0x105/0x8c0 fs/stat.c:337
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5b9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RAX: ffffffffffffffda RBX: 00000000000339c0 RCX: 000000000045d5b9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007fff5423bdcf R14: 00007fc78d96a9c0 R15: 000000000118cfec
Modules linked in:
---[ end trace c1546054af02b65e ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:551 [inline]
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RSP: 0018:ffff8881d38af978 EFLAGS: 00010206
RIP: 0010:security_inode_getattr+0x42/0x140 security/security.c:1221
Code: 69 ff 49 8d 5e 08 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 6c f0 96 ff 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 4f f0 96 ff 48 8b 1b 48 83 c3 0c
RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff8881c6ec3e00
RDX: 0000000000000000 RSI: ffff8881d38afb90 RDI: ffff8881d38afaa0
RBP: ffff8881d38afb90 R08: dffffc0000000000 R09: ffff8881d38afaa0
R10: ffffed103a715f56 R11: 0000000000000000 R12: 0000000000000400
R13: ffff8881d38afaa0 R14: ffff8881d38afaa0 R15: dffffc0000000000
FS: 00007fc78d96a700(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff26b94630 CR3: 00000001cf925002 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
syzbot
Mar 26, 2024, 5:54:27 PMMar 26
to syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 43a5ead9254d BACKPORT: net: core: enable SO_BINDTODEVICE f..
git tree: android12-5.4
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1271dc6e180000
kernel config: https://syzkaller.appspot.com/x/.config?x=a2dd4b5d39d9fde5
dashboard link: https://syzkaller.appspot.com/bug?extid=80af3add22f1afdb306b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=110f2ff1180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11339546180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/480eb8fbb672/disk-43a5ead9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/756f2dac4021/vmlinux-43a5ead9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/77e35c2bfd36/bzImage-43a5ead9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+80af3a...@syzkaller.appspotmail.com
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline]
RIP: 0010:security_inode_getattr+0x42/0x120 security/security.c:1241
Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5
RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0
RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0
RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0
FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
Call Trace:
vfs_getattr+0x27/0x700 fs/stat.c:115
ovl_copy_up_one fs/overlayfs/copy_up.c:804 [inline]
ovl_copy_up_flags+0x5b2/0x29f0 fs/overlayfs/copy_up.c:886
ovl_maybe_copy_up+0x14e/0x180 fs/overlayfs/copy_up.c:918
ovl_open+0xa3/0x320 fs/overlayfs/file.c:128
do_dentry_open+0x964/0x1130 fs/open.c:796
vfs_open fs/open.c:910 [inline]
dentry_open+0xb1/0xf0 fs/open.c:926
file_open+0x2ab/0x620 fs/incfs/vfs.c:1449
do_dentry_open+0x964/0x1130 fs/open.c:796
do_last fs/namei.c:3515 [inline]
path_openat+0x2992/0x3480 fs/namei.c:3634
do_filp_open+0x20b/0x450 fs/namei.c:3664
do_sys_open+0x39c/0x810 fs/open.c:1113
do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x5c/0xc1
Modules linked in:
---[ end trace 6d8a3904c6a322b6 ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline]
RIP: 0010:security_inode_getattr+0x42/0x120 security/security.c:1241
Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5
RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0
RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0
RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0
FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
----------------
Code disassembly (best guess):
0: 5c pop %rsp
1: ff 49 8d decl -0x73(%rcx)
4: 5f pop %rdi
5: 08 48 89 or %cl,-0x77(%rax)
8: d8 48 c1 fmuls -0x3f(%rax)
b: e8 03 42 80 3c call 0x3c804213
10: 20 00 and %al,(%rax)
12: 74 08 je 0x1c
14: 48 89 df mov %rbx,%rdi
17: e8 cc fd 8b ff call 0xff8bfde8
1c: 48 8b 2b mov (%rbx),%rbp
1f: 48 83 c5 30 add $0x30,%rbp
23: 48 89 e8 mov %rbp,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 ef mov %rbp,%rdi
34: e8 af fd 8b ff call 0xff8bfde8
39: 48 8b 6d 00 mov 0x0(%rbp),%rbp
3d: 48 rex.W
3e: 83 .byte 0x83
3f: c5 .byte 0xc5
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 43a5ead9254d BACKPORT: net: core: enable SO_BINDTODEVICE f..
git tree: android12-5.4
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1271dc6e180000
kernel config: https://syzkaller.appspot.com/x/.config?x=a2dd4b5d39d9fde5
dashboard link: https://syzkaller.appspot.com/bug?extid=80af3add22f1afdb306b
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=110f2ff1180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11339546180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/480eb8fbb672/disk-43a5ead9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/756f2dac4021/vmlinux-43a5ead9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/77e35c2bfd36/bzImage-43a5ead9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+80af3a...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 357 Comm: syz-executor989 Not tainted 5.4.265-syzkaller-00009-g43a5ead9254d #0
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline]
RIP: 0010:security_inode_getattr+0x42/0x120 security/security.c:1241
Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5
RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0
RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0
RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0
FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000040 CR3: 00000001dc36a000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vfs_getattr+0x27/0x700 fs/stat.c:115
ovl_copy_up_one fs/overlayfs/copy_up.c:804 [inline]
ovl_copy_up_flags+0x5b2/0x29f0 fs/overlayfs/copy_up.c:886
ovl_maybe_copy_up+0x14e/0x180 fs/overlayfs/copy_up.c:918
ovl_open+0xa3/0x320 fs/overlayfs/file.c:128
do_dentry_open+0x964/0x1130 fs/open.c:796
vfs_open fs/open.c:910 [inline]
dentry_open+0xb1/0xf0 fs/open.c:926
file_open+0x2ab/0x620 fs/incfs/vfs.c:1449
do_dentry_open+0x964/0x1130 fs/open.c:796
do_last fs/namei.c:3515 [inline]
path_openat+0x2992/0x3480 fs/namei.c:3634
do_filp_open+0x20b/0x450 fs/namei.c:3664
do_sys_open+0x39c/0x810 fs/open.c:1113
do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x5c/0xc1
Modules linked in:
---[ end trace 6d8a3904c6a322b6 ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline]
RIP: 0010:security_inode_getattr+0x42/0x120 security/security.c:1241
Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5
RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0
RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0
RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0
FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000040 CR3: 00000001dc36a000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 5c pop %rsp
1: ff 49 8d decl -0x73(%rcx)
4: 5f pop %rdi
5: 08 48 89 or %cl,-0x77(%rax)
8: d8 48 c1 fmuls -0x3f(%rax)
b: e8 03 42 80 3c call 0x3c804213
10: 20 00 and %al,(%rax)
12: 74 08 je 0x1c
14: 48 89 df mov %rbx,%rdi
17: e8 cc fd 8b ff call 0xff8bfde8
1c: 48 8b 2b mov (%rbx),%rbp
1f: 48 83 c5 30 add $0x30,%rbp
23: 48 89 e8 mov %rbp,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 ef mov %rbp,%rdi
34: e8 af fd 8b ff call 0xff8bfde8
39: 48 8b 6d 00 mov 0x0(%rbp),%rbp
3d: 48 rex.W
3e: 83 .byte 0x83
3f: c5 .byte 0xc5
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages