[v6.1] WARNING in do_open_execat
0 views
Skip to first unread message
syzbot
Sep 15, 2023, 10:14:03 PM9/15/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 09045dae0d90 Linux 6.1.53
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15aa2254680000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b6b62dcf58648f
dashboard link: https://syzkaller.appspot.com/bug?extid=966287e895af04ec4106
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dc157dc1ba01/disk-09045dae.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/613eb14b19a3/vmlinux-09045dae.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f6d7a5bbc572/Image-09045dae.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+966287...@syzkaller.appspotmail.com
loop4: detected capacity change from 0 to 4096
ntfs: volume version 3.1.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 25996 at fs/exec.c:937 do_open_execat+0x434/0x640
Modules linked in:
CPU: 1 PID: 25996 Comm: syz-executor.4 Not tainted 6.1.53-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_open_execat+0x434/0x640
lr : do_open_execat+0x430/0x640 fs/exec.c:936
sp : ffff800022ac7a60
x29: ffff800022ac7ad0 x28: ffff0001266f2468 x27: ffff0001285de600
x26: dfff800000000000 x25: ffff700004558f4c x24: dfff800000000000
x23: 0000000000000000 x22: ffff00012d744520 x21: ffff0001285de600
x20: fffffffffffffff3 x19: ffff0000d004d680 x18: ffff800022ac7260
x17: ffff8000158ad000 x16: ffff800012075c40 x15: 0000000000000000
x14: 1ffff00002b160b0 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000001d761 x10: ffff800027d6b000 x9 : ffff800008a5722c
x8 : 000000000001d762 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000010
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000008000
Call trace:
do_open_execat+0x434/0x640
bprm_execve+0x480/0x162c fs/exec.c:1818
do_execveat_common+0x668/0x814 fs/exec.c:1948
do_execve fs/exec.c:2022 [inline]
__do_sys_execve fs/exec.c:2098 [inline]
__se_sys_execve fs/exec.c:2093 [inline]
__arm64_sys_execve+0x98/0xb0 fs/exec.c:2093
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 17824
hardirqs last enabled at (17823): [<ffff800012209d34>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (17823): [<ffff800012209d34>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (17824): [<ffff8000121244c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (17208): [<ffff80000803305c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (17206): [<ffff800008033028>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 09045dae0d90 Linux 6.1.53
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15aa2254680000
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b6b62dcf58648f
dashboard link: https://syzkaller.appspot.com/bug?extid=966287e895af04ec4106
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dc157dc1ba01/disk-09045dae.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/613eb14b19a3/vmlinux-09045dae.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f6d7a5bbc572/Image-09045dae.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+966287...@syzkaller.appspotmail.com
loop4: detected capacity change from 0 to 4096
ntfs: volume version 3.1.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 25996 at fs/exec.c:937 do_open_execat+0x434/0x640
Modules linked in:
CPU: 1 PID: 25996 Comm: syz-executor.4 Not tainted 6.1.53-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_open_execat+0x434/0x640
lr : do_open_execat+0x430/0x640 fs/exec.c:936
sp : ffff800022ac7a60
x29: ffff800022ac7ad0 x28: ffff0001266f2468 x27: ffff0001285de600
x26: dfff800000000000 x25: ffff700004558f4c x24: dfff800000000000
x23: 0000000000000000 x22: ffff00012d744520 x21: ffff0001285de600
x20: fffffffffffffff3 x19: ffff0000d004d680 x18: ffff800022ac7260
x17: ffff8000158ad000 x16: ffff800012075c40 x15: 0000000000000000
x14: 1ffff00002b160b0 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000001d761 x10: ffff800027d6b000 x9 : ffff800008a5722c
x8 : 000000000001d762 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000010
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000008000
Call trace:
do_open_execat+0x434/0x640
bprm_execve+0x480/0x162c fs/exec.c:1818
do_execveat_common+0x668/0x814 fs/exec.c:1948
do_execve fs/exec.c:2022 [inline]
__do_sys_execve fs/exec.c:2098 [inline]
__se_sys_execve fs/exec.c:2093 [inline]
__arm64_sys_execve+0x98/0xb0 fs/exec.c:2093
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 17824
hardirqs last enabled at (17823): [<ffff800012209d34>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (17823): [<ffff800012209d34>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (17824): [<ffff8000121244c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (17208): [<ffff80000803305c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (17206): [<ffff800008033028>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 15, 2023, 10:29:52 PM9/15/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 09045dae0d90 Linux 6.1.53
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=170d2b02680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10bb7a28680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dc157dc1ba01/disk-09045dae.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/613eb14b19a3/vmlinux-09045dae.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f6d7a5bbc572/Image-09045dae.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/2184990e0885/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+966287...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 4096
ntfs: volume version 3.1.
process 'syz-executor317' launched './file1' with NULL argv: empty string added
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4220 at fs/exec.c:937 do_open_execat+0x434/0x640
Modules linked in:
CPU: 0 PID: 4220 Comm: syz-executor317 Not tainted 6.1.53-syzkaller #0
x29: ffff80001dcf7ad0 x28: ffff0000ce58dbe8 x27: ffff0000de515500
x26: dfff800000000000 x25: ffff700003b9ef4c x24: dfff800000000000
x23: 0000000000000000 x22: ffff0000dfa176a0 x21: ffff0000de515500
x20: fffffffffffffff3 x19: ffff0000d8152f00 x18: ffff80001dcf7260
x11: ff80800008a5722c x10: 0000000000000000 x9 : ffff800008a5722c
x8 : ffff0000ce58d340 x7 : 0000000000000000 x6 : 0000000000000000
hardirqs last enabled at (30355): [<ffff800012209d34>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (30355): [<ffff800012209d34>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (30356): [<ffff8000121244c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (30108): [<ffff80000803305c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (30106): [<ffff800008033028>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 09045dae0d90 Linux 6.1.53
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=a4b6b62dcf58648f
dashboard link: https://syzkaller.appspot.com/bug?extid=966287e895af04ec4106
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=167ef464680000
dashboard link: https://syzkaller.appspot.com/bug?extid=966287e895af04ec4106
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10bb7a28680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dc157dc1ba01/disk-09045dae.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/613eb14b19a3/vmlinux-09045dae.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f6d7a5bbc572/Image-09045dae.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+966287...@syzkaller.appspotmail.com
ntfs: volume version 3.1.
process 'syz-executor317' launched './file1' with NULL argv: empty string added
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4220 at fs/exec.c:937 do_open_execat+0x434/0x640
Modules linked in:
CPU: 0 PID: 4220 Comm: syz-executor317 Not tainted 6.1.53-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_open_execat+0x434/0x640
lr : do_open_execat+0x430/0x640 fs/exec.c:936
sp : ffff80001dcf7a60
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_open_execat+0x434/0x640
lr : do_open_execat+0x430/0x640 fs/exec.c:936
x29: ffff80001dcf7ad0 x28: ffff0000ce58dbe8 x27: ffff0000de515500
x26: dfff800000000000 x25: ffff700003b9ef4c x24: dfff800000000000
x23: 0000000000000000 x22: ffff0000dfa176a0 x21: ffff0000de515500
x20: fffffffffffffff3 x19: ffff0000d8152f00 x18: ffff80001dcf7260
x17: ffff8000158ad000 x16: ffff800012075c40 x15: 0000000000000000
x14: 1ffff00002b160b0 x13: dfff800000000000 x12: 0000000000000002
x11: ff80800008a5722c x10: 0000000000000000 x9 : ffff800008a5722c
x8 : ffff0000ce58d340 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000010
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000008000
Call trace:
do_open_execat+0x434/0x640
bprm_execve+0x480/0x162c fs/exec.c:1818
do_execveat_common+0x668/0x814 fs/exec.c:1948
do_execve fs/exec.c:2022 [inline]
__do_sys_execve fs/exec.c:2098 [inline]
__se_sys_execve fs/exec.c:2093 [inline]
__arm64_sys_execve+0x98/0xb0 fs/exec.c:2093
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 30356
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000008000
Call trace:
do_open_execat+0x434/0x640
bprm_execve+0x480/0x162c fs/exec.c:1818
do_execveat_common+0x668/0x814 fs/exec.c:1948
do_execve fs/exec.c:2022 [inline]
__do_sys_execve fs/exec.c:2098 [inline]
__se_sys_execve fs/exec.c:2093 [inline]
__arm64_sys_execve+0x98/0xb0 fs/exec.c:2093
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
hardirqs last enabled at (30355): [<ffff800012209d34>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (30355): [<ffff800012209d34>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (30356): [<ffff8000121244c4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (30108): [<ffff80000803305c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (30106): [<ffff800008033028>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages