kernel panic: MAC Initialization failed. (3)
22 views
Skip to first unread message
syzbot
Feb 28, 2019, 9:12:05 AM2/28/19
to jmo...@namei.org, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, penguin...@i-love.sakura.ne.jp, se...@hallyn.com, syzkall...@googlegroups.com, take...@nttdata.co.jp
Hello,
syzbot found the following crash on:
HEAD commit: 42fd8df9d1d9 Add linux-next specific files for 20190228
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=179e9b6cc00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0f38652d28b522f
dashboard link: https://syzkaller.appspot.com/bug?extid=2ee3f8974c2e7dc69feb
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c68242c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17190c8ac00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2ee3f8...@syzkaller.appspotmail.com
RIP: 0033:0x440fe9
Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc37062bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440fe9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007ffc37062bf0 R08: 0000000000001000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
ERROR: Out of memory at tomoyo_realpath_from_path.
Kernel panic - not syncing: MAC Initialization failed.
CPU: 0 PID: 7764 Comm: syz-executor980 Not tainted 5.0.0-rc8-next-20190228
#45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
panic+0x2cb/0x65c kernel/panic.c:214
tomoyo_warn_oom.cold+0x35/0x43 security/tomoyo/memory.c:28
tomoyo_realpath_from_path+0x3a8/0x730 security/tomoyo/realpath.c:320
tomoyo_realpath_nofollow+0xc8/0xdb security/tomoyo/realpath.c:336
tomoyo_find_next_domain+0x28c/0x1f8a security/tomoyo/domain.c:725
tomoyo_bprm_check_security security/tomoyo/tomoyo.c:107 [inline]
tomoyo_bprm_check_security+0x12a/0x1b0 security/tomoyo/tomoyo.c:97
security_bprm_check+0x69/0xb0 security/security.c:751
search_binary_handler+0x77/0x570 fs/exec.c:1644
exec_binprm fs/exec.c:1698 [inline]
__do_execve_file.isra.0+0x1394/0x23f0 fs/exec.c:1818
do_execveat_common fs/exec.c:1865 [inline]
do_execveat fs/exec.c:1893 [inline]
__do_sys_execveat fs/exec.c:1969 [inline]
__se_sys_execveat fs/exec.c:1961 [inline]
__x64_sys_execveat+0xed/0x130 fs/exec.c:1961
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440fe9
Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc37062bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440fe9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007ffc37062bf0 R08: 0000000000001000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 42fd8df9d1d9 Add linux-next specific files for 20190228
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=179e9b6cc00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0f38652d28b522f
dashboard link: https://syzkaller.appspot.com/bug?extid=2ee3f8974c2e7dc69feb
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c68242c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17190c8ac00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2ee3f8...@syzkaller.appspotmail.com
RIP: 0033:0x440fe9
Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc37062bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440fe9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007ffc37062bf0 R08: 0000000000001000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
ERROR: Out of memory at tomoyo_realpath_from_path.
Kernel panic - not syncing: MAC Initialization failed.
CPU: 0 PID: 7764 Comm: syz-executor980 Not tainted 5.0.0-rc8-next-20190228
#45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
panic+0x2cb/0x65c kernel/panic.c:214
tomoyo_warn_oom.cold+0x35/0x43 security/tomoyo/memory.c:28
tomoyo_realpath_from_path+0x3a8/0x730 security/tomoyo/realpath.c:320
tomoyo_realpath_nofollow+0xc8/0xdb security/tomoyo/realpath.c:336
tomoyo_find_next_domain+0x28c/0x1f8a security/tomoyo/domain.c:725
tomoyo_bprm_check_security security/tomoyo/tomoyo.c:107 [inline]
tomoyo_bprm_check_security+0x12a/0x1b0 security/tomoyo/tomoyo.c:97
security_bprm_check+0x69/0xb0 security/security.c:751
search_binary_handler+0x77/0x570 fs/exec.c:1644
exec_binprm fs/exec.c:1698 [inline]
__do_execve_file.isra.0+0x1394/0x23f0 fs/exec.c:1818
do_execveat_common fs/exec.c:1865 [inline]
do_execveat fs/exec.c:1893 [inline]
__do_sys_execveat fs/exec.c:1969 [inline]
__se_sys_execveat fs/exec.c:1961 [inline]
__x64_sys_execveat+0xed/0x130 fs/exec.c:1961
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440fe9
Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc37062bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440fe9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007ffc37062bf0 R08: 0000000000001000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Mar 11, 2019, 9:26:02 AM3/11/19
to ca...@schaufler-ca.com, james....@microsoft.com, jmo...@namei.org, john.j...@canonical.com, kees...@chromium.org, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, penguin...@i-love.sakura.ne.jp, se...@hallyn.com, syzkall...@googlegroups.com, take...@nttdata.co.jp
syzbot has bisected this bug to:
commit 89a9684ea158dd7eef1728be9f0aed9a7d41cf19
Author: Kees Cook <kees...@chromium.org>
Date: Tue Feb 12 18:23:18 2019 +0000
LSM: Ignore "security=" when "lsm=" is specified
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11572723200000
start commit: 89a9684e LSM: Ignore "security=" when "lsm=" is specified
git tree: linux-next
final crash: https://syzkaller.appspot.com/x/report.txt?x=13572723200000
console output: https://syzkaller.appspot.com/x/log.txt?x=15572723200000
Fixes: 89a9684e ("LSM: Ignore "security=" when "lsm=" is specified")
commit 89a9684ea158dd7eef1728be9f0aed9a7d41cf19
Author: Kees Cook <kees...@chromium.org>
Date: Tue Feb 12 18:23:18 2019 +0000
LSM: Ignore "security=" when "lsm=" is specified
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11572723200000
start commit: 89a9684e LSM: Ignore "security=" when "lsm=" is specified
git tree: linux-next
final crash: https://syzkaller.appspot.com/x/report.txt?x=13572723200000
console output: https://syzkaller.appspot.com/x/log.txt?x=15572723200000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0f38652d28b522f
dashboard link: https://syzkaller.appspot.com/bug?extid=2ee3f8974c2e7dc69feb
userspace arch: amd64
dashboard link: https://syzkaller.appspot.com/bug?extid=2ee3f8974c2e7dc69feb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c68242c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17190c8ac00000
Reported-by: syzbot+2ee3f8...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17190c8ac00000
Fixes: 89a9684e ("LSM: Ignore "security=" when "lsm=" is specified")
Tetsuo Handa
Mar 11, 2019, 9:46:05 AM3/11/19
to ca...@schaufler-ca.com, james....@microsoft.com, jmo...@namei.org, john.j...@canonical.com, kees...@chromium.org, se...@hallyn.com, take...@nttdata.co.jp, syzbot, linux-...@vger.kernel.org, linux-secu...@vger.kernel.org, syzkall...@googlegroups.com
F.Y.I. Nothing is wrong with that commit. That commit merely allows enabling TOMOYO and
one of SELinux/Smack/AppArmor at the same time for syzbot's kernel command line options.
This problem will be handled by a patch at
https://lore.kernel.org/linux-security-module/1551362770-8655-1-git-s...@I-love.SAKURA.ne.jp/
and then updating syzbot to build kernels with this option enabled.
Well, it is wonderful that syzbot started bisecting. ;-)
one of SELinux/Smack/AppArmor at the same time for syzbot's kernel command line options.
This problem will be handled by a patch at
https://lore.kernel.org/linux-security-module/1551362770-8655-1-git-s...@I-love.SAKURA.ne.jp/
and then updating syzbot to build kernels with this option enabled.
Well, it is wonderful that syzbot started bisecting. ;-)
Eric Biggers
Jun 10, 2019, 5:45:27 PM6/10/19
to Dmitry Vyukov, syzkall...@googlegroups.com, syzbot
[+Dmitry]
For this bug report the syzbot dashboard shows:
Fix commit: tomoyo: Add a kernel config option for fuzzing testing.
Patched on: [ci-upstream-net-kasan-gce], missing on: [ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-linux-next-kasan-gce-root ci-upstream-net-this-kasan-gce ci2-upstream-usb]
https://syzkaller.appspot.com/bug?id=32ab41bbdc0c28643c507dd0cf1eea1a9ce67837
Why does syzbot think the commit is missing from so many branches?
It's been upstream since v5.2-rc1:
commit e80b18599a39a625bc8b2e39ba3004a62f78805a
Author: Tetsuo Handa <penguin...@I-love.SAKURA.ne.jp>
Date: Fri Apr 12 20:04:54 2019 +0900
tomoyo: Add a kernel config option for fuzzing testing.
Fix commit: tomoyo: Add a kernel config option for fuzzing testing.
Patched on: [ci-upstream-net-kasan-gce], missing on: [ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-linux-next-kasan-gce-root ci-upstream-net-this-kasan-gce ci2-upstream-usb]
https://syzkaller.appspot.com/bug?id=32ab41bbdc0c28643c507dd0cf1eea1a9ce67837
Why does syzbot think the commit is missing from so many branches?
It's been upstream since v5.2-rc1:
commit e80b18599a39a625bc8b2e39ba3004a62f78805a
Author: Tetsuo Handa <penguin...@I-love.SAKURA.ne.jp>
Date: Fri Apr 12 20:04:54 2019 +0900
tomoyo: Add a kernel config option for fuzzing testing.
Dmitry Vyukov
Jun 11, 2019, 5:31:54 AM6/11/19
to Eric Biggers, syzkaller-bugs, syzbot, Tetsuo Handa
this bug, some was marked as invalid, some as dup of a previous
version of itself, and then commit fixes all 3 of them.
This confused the system and it seems to think that the bug is fixed
with different commits on each poll, and thus it constantly resets set
of patched instances, then starts populating new list and then resets
it again before it gets full.
I've manually marked it as fixed for now. Thanks for bringing attention to this.
Reply all
Reply to author
Forward
0 new messages