Hello,
syzbot found the following crash on:
HEAD commit:d2f8825a Merge tag 'for_linus' of git://git.kernel.org/pub..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13c5592210
kernel config: https://syzkaller.appspot.com/x/.config?x=b3368ce0cc5f5ace
dashboard link: https://syzkaller.appspot.com/bug?extid=cff8c4c75acd8c6fb842
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cff8c4c75acd8c6fb...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address
0xe2666003: [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range
[0x0018-0x001f]
CPU: 0 PID: 12489 Comm: systemd-rfkill Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0010:tomoyo_check_acl+0xa9/0x3e0 security/tomoyo/domain.c:173
Code: 00 0f 85 2d 03 00 00 49 8b 1c 24 49 39 dc 0f 84 bd 01 00 00 e8 28 65 14
fe 48 8d 7b 18 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08
84 c0 0f 85 a7 02 00 00 44 0f b6 73 18 31
RSP: 0018:c90016987bc8 EFLAGS: 00010246
RAX: 0003 RBX: RCX: 835ed028
RDX: RSI: 835ecff8 RDI: 0018
RBP: dc00 R08: 8880a1cce1c0 R09:
R10: R11: R12: 8880a72db990
R13: c90016987c80 R14: 0033 R15: 0002
FS: 7f9e4b6ba8c0() GS:8880ae60() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7f9e4b399e30 CR3: 4df8d000 CR4: 001426f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
tomoyo_path_number_perm+0x314/0x4d0 security/tomoyo/file.c:733
security_file_ioctl+0x6c/0xb0 security/security.c:1460
ksys_ioctl+0x50/0x180 fs/ioctl.c:765
__do_sys_ioctl fs/ioctl.c:780 [inline]
__se_sys_ioctl fs/ioctl.c:778 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:778
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x7f9e4adab80a
Code: ff e9 62 fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 53 49 89 f0 48 63 ff be
01 54 00 00 b8 10 00 00 00 48 83 ec 30 48 89 e2 0f 05 <48> 3d 00 f0 ff ff 77 6e
85 c0 89 c3 75 5c 8b 04 24 8b 54 24 0c 4c
RSP: 002b:7fffcc16ea20 EFLAGS: 0202 ORIG_RAX: 0010
RAX: ffda RBX: 0007 RCX: 7f9e4adab80a
RDX: 7fffcc16ea20 RSI: 5401 RDI: 0002
RBP: 0007 R08: 7fffcc16ea60 R09:
R10: 00020d50 R11: 0202 R12: 56153471ef90
R13: 7fffcc16ec30 R14: R15:
Modules linked in:
---[ end trace 1f05c0d7f6671379 ]---
RIP: 0010:tomoyo_check_acl+0xa9/0x3e0 security/tomoyo/domain.c:173
Code: 00 0f 85 2d 03 00 00 49 8b 1c 24 49 39 dc 0f 84 bd 01 00 00 e8 28 65 14
fe 48 8d 7b 18 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08
84 c0 0f 85 a7 02 00 00 44 0f b6 73 18 31
RSP: 0018:c90016987bc8 EFLAGS: 00010246
RAX: 0003 RBX: RCX: 835ed028
RDX: RSI: 835ecff8 RDI: 0018
RBP: dc00 R08: 8880a1cce1c0 R09:
R10: R11: R12: 8880a72db990
R13: c90016987c80 R14: 0033 R15: 0002
FS: 7f9e4b6ba8c0() GS:8880ae60() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 55f7b8031310 CR3: 4df8d000 CR4: 001426f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
