possible deadlock in proc_pid_attr_write
11 views
Skip to first unread message
syzbot
Dec 9, 2017, 5:43:01 AM12/9/17
to adob...@gmail.com, akinob...@gmail.com, ak...@linux-foundation.org, dvy...@google.com, ebie...@xmission.com, jpoi...@redhat.com, linux-...@vger.kernel.org, mho...@suse.com, mi...@kernel.org, syzkall...@googlegroups.com, vegard...@oracle.com
Hello,
syzkaller hit the following crash on
968edbd93c0cbb40ab48aca972392d377713a0c3
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor5'.
======================================================
WARNING: possible circular locking dependency detected
4.15.0-rc2+ #121 Not tainted
------------------------------------------------------
syz-executor4/15909 is trying to acquire lock:
(&sig->cred_guard_mutex){+.+.}, at: [<00000000488b916b>]
proc_pid_attr_write+0x169/0x280 fs/proc/base.c:2541
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock fs/pipe.c:75
[inline]
(&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_wait+0x1e6/0x280
fs/pipe.c:123
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&pipe->mutex/1){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
__pipe_lock fs/pipe.c:88 [inline]
fifo_open+0x15c/0xa40 fs/pipe.c:916
do_dentry_open+0x682/0xd70 fs/open.c:752
vfs_open+0x107/0x230 fs/open.c:866
do_last fs/namei.c:3379 [inline]
path_openat+0x1157/0x3530 fs/namei.c:3519
do_filp_open+0x25b/0x3b0 fs/namei.c:3554
do_open_execat+0x1b9/0x5c0 fs/exec.c:849
do_execveat_common.isra.30+0x90c/0x23c0 fs/exec.c:1741
compat_do_execve fs/exec.c:1875 [inline]
C_SYSC_execve fs/exec.c:1950 [inline]
compat_SyS_execve+0x3f/0x50 fs/exec.c:1946
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
-> #0 (&sig->cred_guard_mutex){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2031 [inline]
validate_chain kernel/locking/lockdep.c:2473 [inline]
__lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
proc_pid_attr_write+0x169/0x280 fs/proc/base.c:2541
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(&sig->cred_guard_mutex);
lock(&pipe->mutex/1);
lock(&sig->cred_guard_mutex);
*** DEADLOCK ***
2 locks held by syz-executor4/15909:
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>] file_start_write
include/linux/fs.h:2715 [inline]
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>] do_splice
fs/splice.c:1146 [inline]
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>] SYSC_splice
fs/splice.c:1402 [inline]
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>]
SyS_splice+0x1117/0x1630 fs/splice.c:1382
#1: (&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock_nested
fs/pipe.c:67 [inline]
#1: (&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock
fs/pipe.c:75 [inline]
#1: (&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>]
pipe_wait+0x1e6/0x280 fs/pipe.c:123
stack backtrace:
CPU: 0 PID: 15909 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #121
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271
check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914
check_prevs_add kernel/locking/lockdep.c:2031 [inline]
validate_chain kernel/locking/lockdep.c:2473 [inline]
__lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
proc_pid_attr_write+0x169/0x280 fs/proc/base.c:2541
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
RIP: 0023:0xf7fb3c79
RSP: 002b:00000000f77af08c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000000000
RDX: 0000000000000013 RSI: 0000000000000000 RDI: 00000000000001ff
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 15909 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #121
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:sidtab_search_core+0x6a/0x320 security/selinux/ss/sidtab.c:88
RSP: 0018:ffff8801cf6a75b8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000008 RCX: ffffffff8220c12d
RDX: 0000000000000001 RSI: ffffc90003af4000 RDI: ffffffff874c6180
RBP: ffff8801cf6a75e8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: ffffed003b62479a R12: 0000000000000001
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8801db400000(0063) knlGS:00000000f77afb40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000020a0bfe0 CR3: 00000001c480f000 CR4: 00000000001406f0
DR0: 0000000020001020 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
sidtab_search+0x1f/0x30 security/selinux/ss/sidtab.c:111
security_bounded_transition+0xa8/0x4d0 security/selinux/ss/services.c:873
selinux_setprocattr+0x8d0/0xb50 security/selinux/hooks.c:6042
security_setprocattr+0x85/0xc0 security/security.c:1264
proc_pid_attr_write+0x1e6/0x280 fs/proc/base.c:2545
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
RIP: 0023:0xf7fb3c79
RSP: 002b:00000000f77af08c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000000000
RDX: 0000000000000013 RSI: 0000000000000000 RDI: 00000000000001ff
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Code: ea 03 41 83 e4 7f 80 3c 02 00 0f 85 7d 02 00 00 4c 8b 33 4d 63 e4 48
b8 00 00 00 00 00 fc ff df 4b 8d 1c e6 48 89 da 48 c1 ea 03 <80> 3c 02 00
0f 85 41 02 00 00 48 8b 1b 48 85 db 0f 84 8b 00 00
RIP: sidtab_search_core+0x6a/0x320 security/selinux/ss/sidtab.c:88 RSP:
ffff8801cf6a75b8
---[ end trace adc7a1b095154ef6 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzkaller hit the following crash on
968edbd93c0cbb40ab48aca972392d377713a0c3
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
netlink: 13 bytes leftover after parsing attributes in process
`syz-executor5'.
======================================================
WARNING: possible circular locking dependency detected
4.15.0-rc2+ #121 Not tainted
------------------------------------------------------
syz-executor4/15909 is trying to acquire lock:
(&sig->cred_guard_mutex){+.+.}, at: [<00000000488b916b>]
proc_pid_attr_write+0x169/0x280 fs/proc/base.c:2541
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock_nested
fs/pipe.c:67 [inline]
(&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock fs/pipe.c:75
[inline]
(&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_wait+0x1e6/0x280
fs/pipe.c:123
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&pipe->mutex/1){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
__pipe_lock fs/pipe.c:88 [inline]
fifo_open+0x15c/0xa40 fs/pipe.c:916
do_dentry_open+0x682/0xd70 fs/open.c:752
vfs_open+0x107/0x230 fs/open.c:866
do_last fs/namei.c:3379 [inline]
path_openat+0x1157/0x3530 fs/namei.c:3519
do_filp_open+0x25b/0x3b0 fs/namei.c:3554
do_open_execat+0x1b9/0x5c0 fs/exec.c:849
do_execveat_common.isra.30+0x90c/0x23c0 fs/exec.c:1741
compat_do_execve fs/exec.c:1875 [inline]
C_SYSC_execve fs/exec.c:1950 [inline]
compat_SyS_execve+0x3f/0x50 fs/exec.c:1946
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
-> #0 (&sig->cred_guard_mutex){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2031 [inline]
validate_chain kernel/locking/lockdep.c:2473 [inline]
__lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
proc_pid_attr_write+0x169/0x280 fs/proc/base.c:2541
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(&sig->cred_guard_mutex);
lock(&pipe->mutex/1);
lock(&sig->cred_guard_mutex);
*** DEADLOCK ***
2 locks held by syz-executor4/15909:
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>] file_start_write
include/linux/fs.h:2715 [inline]
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>] do_splice
fs/splice.c:1146 [inline]
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>] SYSC_splice
fs/splice.c:1402 [inline]
#0: (sb_writers#6){.+.+}, at: [<00000000ca7b52e2>]
SyS_splice+0x1117/0x1630 fs/splice.c:1382
#1: (&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock_nested
fs/pipe.c:67 [inline]
#1: (&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>] pipe_lock
fs/pipe.c:75 [inline]
#1: (&pipe->mutex/1){+.+.}, at: [<0000000023fcc29b>]
pipe_wait+0x1e6/0x280 fs/pipe.c:123
stack backtrace:
CPU: 0 PID: 15909 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #121
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271
check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914
check_prevs_add kernel/locking/lockdep.c:2031 [inline]
validate_chain kernel/locking/lockdep.c:2473 [inline]
__lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:930
proc_pid_attr_write+0x169/0x280 fs/proc/base.c:2541
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
RIP: 0023:0xf7fb3c79
RSP: 002b:00000000f77af08c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000000000
RDX: 0000000000000013 RSI: 0000000000000000 RDI: 00000000000001ff
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 15909 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #121
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:sidtab_search_core+0x6a/0x320 security/selinux/ss/sidtab.c:88
RSP: 0018:ffff8801cf6a75b8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000008 RCX: ffffffff8220c12d
RDX: 0000000000000001 RSI: ffffc90003af4000 RDI: ffffffff874c6180
RBP: ffff8801cf6a75e8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: ffffed003b62479a R12: 0000000000000001
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8801db400000(0063) knlGS:00000000f77afb40
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000020a0bfe0 CR3: 00000001c480f000 CR4: 00000000001406f0
DR0: 0000000020001020 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
sidtab_search+0x1f/0x30 security/selinux/ss/sidtab.c:111
security_bounded_transition+0xa8/0x4d0 security/selinux/ss/services.c:873
selinux_setprocattr+0x8d0/0xb50 security/selinux/hooks.c:6042
security_setprocattr+0x85/0xc0 security/security.c:1264
proc_pid_attr_write+0x1e6/0x280 fs/proc/base.c:2545
__vfs_write+0xef/0x970 fs/read_write.c:480
__kernel_write+0xfe/0x350 fs/read_write.c:501
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x328/0x730 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125
RIP: 0023:0xf7fb3c79
RSP: 002b:00000000f77af08c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000000000
RDX: 0000000000000013 RSI: 0000000000000000 RDI: 00000000000001ff
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Code: ea 03 41 83 e4 7f 80 3c 02 00 0f 85 7d 02 00 00 4c 8b 33 4d 63 e4 48
b8 00 00 00 00 00 fc ff df 4b 8d 1c e6 48 89 da 48 c1 ea 03 <80> 3c 02 00
0f 85 41 02 00 00 48 8b 1b 48 85 db 0f 84 8b 00 00
RIP: sidtab_search_core+0x6a/0x320 security/selinux/ss/sidtab.c:88 RSP:
ffff8801cf6a75b8
---[ end trace adc7a1b095154ef6 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Eric Biggers
Dec 12, 2017, 5:00:09 PM12/12/17
to syzbot, adob...@gmail.com, akinob...@gmail.com, ak...@linux-foundation.org, dvy...@google.com, ebie...@xmission.com, jpoi...@redhat.com, linux-...@vger.kernel.org, mho...@suse.com, mi...@kernel.org, syzkall...@googlegroups.com, vegard...@oracle.com
On Sat, Dec 09, 2017 at 02:43:00AM -0800, syzbot wrote:
>
> syzbot will keep track of this bug report.
> Once a fix for this bug is merged into any tree, reply to this email with:
> #syz fix: exact-commit-title
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new
> bug report.
> Note: all commands must start from beginning of the line in the email body.
#syz dup: possible deadlock in seq_read
>
> syzbot will keep track of this bug report.
> Once a fix for this bug is merged into any tree, reply to this email with:
> #syz fix: exact-commit-title
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new
> bug report.
> Note: all commands must start from beginning of the line in the email body.
Reply all
Reply to author
Forward
0 new messages