general protection fault in sidtab_context_to_sid
瀏覽次數:5 次
跳到第一則未讀訊息
syzbot
2019年11月11日 上午11:34:122019/11/11
收件者:syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 00aff683 Merge tag 'for-5.4-rc6-tag' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17f7483ce00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8c5e2eca3f31f9bf
dashboard link: https://syzkaller.appspot.com/bug?extid=f884580a23e441544117
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [epa...@parisplace.org ja...@google.com
kees...@chromium.org linux-...@vger.kernel.org omos...@redhat.com
pa...@paul-moore.com s...@tycho.nsa.gov sel...@vger.kernel.org]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f88458...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 14967 Comm: syz-executor.1 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:context_cmp security/selinux/ss/context.h:153 [inline]
RIP: 0010:sidtab_rcache_search security/selinux/ss/sidtab.c:233 [inline]
RIP: 0010:sidtab_reverse_lookup security/selinux/ss/sidtab.c:251 [inline]
RIP: 0010:sidtab_context_to_sid+0x54d/0x23a0
security/selinux/ss/sidtab.c:352
Code: 0f 84 a9 00 00 00 e8 02 42 6d fe 31 d2 4c 89 ff 44 89 e6 e8 35 ea ff
ff 48 8d 78 0c 48 89 85 60 ff ff ff 48 89 f8 48 c1 e8 03 <42> 0f b6 14 30
48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RSP: 0018:ffff88804fb579c8 EFLAGS: 00010203
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffc90008190000
RDX: 00000000000007cd RSI: ffffffff8305ce7d RDI: 000000000000000c
RBP: ffff88804fb57ad8 R08: ffff88805166a5c0 R09: ffffed10107f813f
R10: ffffed10107f813e R11: ffff888083fc09f7 R12: 000000000000011a
R13: ffff88809b378068 R14: dffffc0000000000 R15: ffff88809b378000
FS: 00007f0fd5c69700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2cc2a000 CR3: 0000000058cb6000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
security_compute_sid.part.0+0xb82/0x1600
security/selinux/ss/services.c:1808
security_compute_sid security/selinux/ss/services.c:1833 [inline]
security_transition_sid+0x126/0x190 security/selinux/ss/services.c:1833
socket_sockcreate_sid security/selinux/hooks.c:4464 [inline]
socket_sockcreate_sid security/selinux/hooks.c:4456 [inline]
selinux_socket_create+0x453/0x610 security/selinux/hooks.c:4498
security_socket_create+0x7b/0xc0 security/security.c:1975
__sock_create+0x90/0x730 net/socket.c:1373
sock_create net/socket.c:1469 [inline]
__sys_socket+0x103/0x220 net/socket.c:1511
__do_sys_socket net/socket.c:1520 [inline]
__se_sys_socket net/socket.c:1518 [inline]
__x64_sys_socket+0x73/0xb0 net/socket.c:1518
do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a219
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f0fd5c68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0fd5c696d4
R13: 00000000004c974d R14: 00000000004e11d0 R15: 00000000ffffffff
Modules linked in:
---[ end trace 8eaad656aa346a2b ]---
RIP: 0010:context_cmp security/selinux/ss/context.h:153 [inline]
RIP: 0010:sidtab_rcache_search security/selinux/ss/sidtab.c:233 [inline]
RIP: 0010:sidtab_reverse_lookup security/selinux/ss/sidtab.c:251 [inline]
RIP: 0010:sidtab_context_to_sid+0x54d/0x23a0
security/selinux/ss/sidtab.c:352
Code: 0f 84 a9 00 00 00 e8 02 42 6d fe 31 d2 4c 89 ff 44 89 e6 e8 35 ea ff
ff 48 8d 78 0c 48 89 85 60 ff ff ff 48 89 f8 48 c1 e8 03 <42> 0f b6 14 30
48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RSP: 0018:ffff88804fb579c8 EFLAGS: 00010203
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffc90008190000
RDX: 00000000000007cd RSI: ffffffff8305ce7d RDI: 000000000000000c
RBP: ffff88804fb57ad8 R08: ffff88805166a5c0 R09: ffffed10107f813f
R10: ffffed10107f813e R11: ffff888083fc09f7 R12: 000000000000011a
R13: ffff88809b378068 R14: dffffc0000000000 R15: ffff88809b378000
FS: 00007f0fd5c69700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2cc2a000 CR3: 0000000058cb6000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 00aff683 Merge tag 'for-5.4-rc6-tag' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17f7483ce00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8c5e2eca3f31f9bf
dashboard link: https://syzkaller.appspot.com/bug?extid=f884580a23e441544117
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: [epa...@parisplace.org ja...@google.com
kees...@chromium.org linux-...@vger.kernel.org omos...@redhat.com
pa...@paul-moore.com s...@tycho.nsa.gov sel...@vger.kernel.org]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f88458...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 14967 Comm: syz-executor.1 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:context_cmp security/selinux/ss/context.h:153 [inline]
RIP: 0010:sidtab_rcache_search security/selinux/ss/sidtab.c:233 [inline]
RIP: 0010:sidtab_reverse_lookup security/selinux/ss/sidtab.c:251 [inline]
RIP: 0010:sidtab_context_to_sid+0x54d/0x23a0
security/selinux/ss/sidtab.c:352
Code: 0f 84 a9 00 00 00 e8 02 42 6d fe 31 d2 4c 89 ff 44 89 e6 e8 35 ea ff
ff 48 8d 78 0c 48 89 85 60 ff ff ff 48 89 f8 48 c1 e8 03 <42> 0f b6 14 30
48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RSP: 0018:ffff88804fb579c8 EFLAGS: 00010203
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffc90008190000
RDX: 00000000000007cd RSI: ffffffff8305ce7d RDI: 000000000000000c
RBP: ffff88804fb57ad8 R08: ffff88805166a5c0 R09: ffffed10107f813f
R10: ffffed10107f813e R11: ffff888083fc09f7 R12: 000000000000011a
R13: ffff88809b378068 R14: dffffc0000000000 R15: ffff88809b378000
FS: 00007f0fd5c69700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2cc2a000 CR3: 0000000058cb6000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
security_compute_sid.part.0+0xb82/0x1600
security/selinux/ss/services.c:1808
security_compute_sid security/selinux/ss/services.c:1833 [inline]
security_transition_sid+0x126/0x190 security/selinux/ss/services.c:1833
socket_sockcreate_sid security/selinux/hooks.c:4464 [inline]
socket_sockcreate_sid security/selinux/hooks.c:4456 [inline]
selinux_socket_create+0x453/0x610 security/selinux/hooks.c:4498
security_socket_create+0x7b/0xc0 security/security.c:1975
__sock_create+0x90/0x730 net/socket.c:1373
sock_create net/socket.c:1469 [inline]
__sys_socket+0x103/0x220 net/socket.c:1511
__do_sys_socket net/socket.c:1520 [inline]
__se_sys_socket net/socket.c:1518 [inline]
__x64_sys_socket+0x73/0xb0 net/socket.c:1518
do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a219
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f0fd5c68c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0fd5c696d4
R13: 00000000004c974d R14: 00000000004e11d0 R15: 00000000ffffffff
Modules linked in:
---[ end trace 8eaad656aa346a2b ]---
RIP: 0010:context_cmp security/selinux/ss/context.h:153 [inline]
RIP: 0010:sidtab_rcache_search security/selinux/ss/sidtab.c:233 [inline]
RIP: 0010:sidtab_reverse_lookup security/selinux/ss/sidtab.c:251 [inline]
RIP: 0010:sidtab_context_to_sid+0x54d/0x23a0
security/selinux/ss/sidtab.c:352
Code: 0f 84 a9 00 00 00 e8 02 42 6d fe 31 d2 4c 89 ff 44 89 e6 e8 35 ea ff
ff 48 8d 78 0c 48 89 85 60 ff ff ff 48 89 f8 48 c1 e8 03 <42> 0f b6 14 30
48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RSP: 0018:ffff88804fb579c8 EFLAGS: 00010203
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffc90008190000
RDX: 00000000000007cd RSI: ffffffff8305ce7d RDI: 000000000000000c
RBP: ffff88804fb57ad8 R08: ffff88805166a5c0 R09: ffffed10107f813f
R10: ffffed10107f813e R11: ffff888083fc09f7 R12: 000000000000011a
R13: ffff88809b378068 R14: dffffc0000000000 R15: ffff88809b378000
FS: 00007f0fd5c69700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2cc2a000 CR3: 0000000058cb6000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
2020年2月8日 凌晨4:47:062020/2/8
收件者:syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
回覆所有人
回覆作者
轉寄
0 則新訊息