[v6.1] BUG: unable to handle kernel paging request in ntfs_security_init
0 views
Skip to first unread message
syzbot
Apr 5, 2023, 9:07:46 AM4/5/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=142657f1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bbb9a1f6f7f5a1d9
dashboard link: https://syzkaller.appspot.com/bug?extid=7a921ca3f83be96bfbdb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2affbd06cbfd/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b22d1baf827/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5e3891c88bf/Image-3b29299e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7a921c...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address dfff800000000000
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6724 Comm: syz-executor.5 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ntfs_security_init+0x464/0x9f8 fs/ntfs3/fsntfs.c:1872
lr : resident_data_ex fs/ntfs3/ntfs.h:461 [inline]
lr : ntfs_security_init+0x450/0x9f8 fs/ntfs3/fsntfs.c:1871
sp : ffff8000235176e0
x29: ffff8000235177e0 x28: dfff800000000000 x27: 0000000000000000
x26: ffff7000046a2ee4 x25: 0000000000000020 x24: 0000000000000040
x23: ffff0000d6674240 x22: 0000000000000000 x21: ffff00012a9e6990
x20: ffff00012a9e6740 x19: ffff00012571c000 x18: 1fffe000368b6b76
x17: ffff80001557d000 x16: ffff8000120905b8 x15: 0000000000000000
x14: 0000000000000002 x13: 0000000000000030 x12: 0000000000040000
x11: 000000000003ffff x10: ffff8000217ba000 x9 : ffff800009662234
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000004 x3 : ffff80001252f6a0
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000020
Call trace:
ntfs_security_init+0x464/0x9f8 fs/ntfs3/fsntfs.c:1872
ntfs_fill_super+0x35f4/0x3a04 fs/ntfs3/super.c:1238
get_tree_bdev+0x360/0x54c fs/super.c:1346
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1359
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 14000003 97ba53a5 8b1902f6 d343fec8 (38fc6908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 14000003 b 0xc
4: 97ba53a5 bl 0xfffffffffee94e98
8: 8b1902f6 add x22, x23, x25
c: d343fec8 lsr x8, x22, #3
* 10: 38fc6908 ldrsb w8, [x8, x28] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=142657f1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bbb9a1f6f7f5a1d9
dashboard link: https://syzkaller.appspot.com/bug?extid=7a921ca3f83be96bfbdb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2affbd06cbfd/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b22d1baf827/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5e3891c88bf/Image-3b29299e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7a921c...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address dfff800000000000
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6724 Comm: syz-executor.5 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ntfs_security_init+0x464/0x9f8 fs/ntfs3/fsntfs.c:1872
lr : resident_data_ex fs/ntfs3/ntfs.h:461 [inline]
lr : ntfs_security_init+0x450/0x9f8 fs/ntfs3/fsntfs.c:1871
sp : ffff8000235176e0
x29: ffff8000235177e0 x28: dfff800000000000 x27: 0000000000000000
x26: ffff7000046a2ee4 x25: 0000000000000020 x24: 0000000000000040
x23: ffff0000d6674240 x22: 0000000000000000 x21: ffff00012a9e6990
x20: ffff00012a9e6740 x19: ffff00012571c000 x18: 1fffe000368b6b76
x17: ffff80001557d000 x16: ffff8000120905b8 x15: 0000000000000000
x14: 0000000000000002 x13: 0000000000000030 x12: 0000000000040000
x11: 000000000003ffff x10: ffff8000217ba000 x9 : ffff800009662234
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000004 x3 : ffff80001252f6a0
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000020
Call trace:
ntfs_security_init+0x464/0x9f8 fs/ntfs3/fsntfs.c:1872
ntfs_fill_super+0x35f4/0x3a04 fs/ntfs3/super.c:1238
get_tree_bdev+0x360/0x54c fs/super.c:1346
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1359
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 14000003 97ba53a5 8b1902f6 d343fec8 (38fc6908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 14000003 b 0xc
4: 97ba53a5 bl 0xfffffffffee94e98
8: 8b1902f6 add x22, x23, x25
c: d343fec8 lsr x8, x22, #3
* 10: 38fc6908 ldrsb w8, [x8, x28] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 12, 2023, 1:43:57 AM5/12/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: bf4ad6fa4e53 Linux 6.1.28
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17da66a2280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ee1a89a0c6a2db67
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1118674c280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7b85a636ba8/disk-bf4ad6fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a626aeb9d231/vmlinux-bf4ad6fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/78fbbffb9ee8/Image-bf4ad6fa.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/00ea84aded15/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7a921c...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 4096
ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
x29: ffff80001d9c77e0 x28: dfff800000000000 x27: 0000000000000000
x26: ffff700003b38ee4 x25: 0000000000000020 x24: 0000000000000040
x23: ffff0000c4475238 x22: 0000000000000000 x21: ffff0000e243c4b0
x20: ffff0000e243c260 x19: ffff0000d83ce000 x18: ffff80001d9c6da0
x17: ffff80001558d000 x16: ffff80001209f97c x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000030 x12: ffff0000d51a3780
x11: ff80800009667b64 x10: 0000000000000000 x9 : ffff800009667b64
x2 : 0000000000000008 x1 : 0000000000000007 x0 : 0000000000000020
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: bf4ad6fa4e53 Linux 6.1.28
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17da66a2280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ee1a89a0c6a2db67
dashboard link: https://syzkaller.appspot.com/bug?extid=7a921ca3f83be96bfbdb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=118f411a280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1118674c280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7b85a636ba8/disk-bf4ad6fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a626aeb9d231/vmlinux-bf4ad6fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/78fbbffb9ee8/Image-bf4ad6fa.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/00ea84aded15/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7a921c...@syzkaller.appspotmail.com
ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
Unable to handle kernel paging request at virtual address dfff800000000000
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4217 Comm: syz-executor123 Not tainted 6.1.28-syzkaller #0
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ntfs_security_init+0x464/0x9f8 fs/ntfs3/fsntfs.c:1872
lr : resident_data_ex fs/ntfs3/ntfs.h:461 [inline]
lr : ntfs_security_init+0x450/0x9f8 fs/ntfs3/fsntfs.c:1871
sp : ffff80001d9c76e0
lr : resident_data_ex fs/ntfs3/ntfs.h:461 [inline]
lr : ntfs_security_init+0x450/0x9f8 fs/ntfs3/fsntfs.c:1871
x29: ffff80001d9c77e0 x28: dfff800000000000 x27: 0000000000000000
x26: ffff700003b38ee4 x25: 0000000000000020 x24: 0000000000000040
x23: ffff0000c4475238 x22: 0000000000000000 x21: ffff0000e243c4b0
x20: ffff0000e243c260 x19: ffff0000d83ce000 x18: ffff80001d9c6da0
x17: ffff80001558d000 x16: ffff80001209f97c x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000030 x12: ffff0000d51a3780
x11: ff80800009667b64 x10: 0000000000000000 x9 : ffff800009667b64
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000004 x3 : ffff80001253fbe0
x2 : 0000000000000008 x1 : 0000000000000007 x0 : 0000000000000020
Call trace:
ntfs_security_init+0x464/0x9f8 fs/ntfs3/fsntfs.c:1872
ntfs_fill_super+0x35f4/0x3a04 fs/ntfs3/super.c:1238
get_tree_bdev+0x360/0x54c fs/super.c:1346
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1359
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: 14000003 97ba4bd5 8b1902f6 d343fec8 (38fc6908)
ntfs_security_init+0x464/0x9f8 fs/ntfs3/fsntfs.c:1872
ntfs_fill_super+0x35f4/0x3a04 fs/ntfs3/super.c:1238
get_tree_bdev+0x360/0x54c fs/super.c:1346
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1359
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 14000003 b 0xc
4: 97ba4bd5 bl 0xfffffffffee92f58
----------------
Code disassembly (best guess):
0: 14000003 b 0xc
8: 8b1902f6 add x22, x23, x25
c: d343fec8 lsr x8, x22, #3
* 10: 38fc6908 ldrsb w8, [x8, x28] <-- trapping instruction
---
If you want syzbot to run the reproducer, reply with:
c: d343fec8 lsr x8, x22, #3
* 10: 38fc6908 ldrsb w8, [x8, x28] <-- trapping instruction
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 13, 2023, 12:12:06 PM5/13/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: b0ece631f84a Linux 5.15.111
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12968616280000
kernel config: https://syzkaller.appspot.com/x/.config?x=db3750b003ff805e
dashboard link: https://syzkaller.appspot.com/bug?extid=86907330aff57bf54596
disk image: https://storage.googleapis.com/syzbot-assets/eded75b6c3f9/disk-b0ece631.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20e5ae802010/vmlinux-b0ece631.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05d665c869f3/Image-b0ece631.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+869073...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address dfff800000000000
Modules linked in:
CPU: 0 PID: 4611 Comm: syz-executor.4 Not tainted 5.15.111-syzkaller #0
pc : ntfs_security_init+0x244/0x9f8 fs/ntfs3/fsntfs.c:1882
sp : ffff80001d0076a0
x29: ffff80001d0077a0 x28: dfff800000000000 x27: 0000000000000020
x26: ffff700003a00edc x25: 0000000000000040 x24: 0000000000000000
x23: ffff00011d018160 x22: ffff80001d007720 x21: ffff0001200e44b0
x20: ffff0001200e4260 x19: ffff0000ccecc000 x18: 0000000000000000
x17: ff808000095bdaa0 x16: ffff80000824cbf4 x15: ffff8000095bdaa0
x14: 1ffff0000291a06a x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000003ffff x10: ffff8000201f9000 x9 : ffff800009586114
ntfs_fill_super+0x3008/0x33ec fs/ntfs3/super.c:1233
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1354
vfs_get_tree+0x90/0x274 fs/super.c:1508
do_new_mount+0x25c/0x8c8 fs/namespace.c:2994
path_mount+0x590/0x104c fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount fs/namespace.c:3522 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3522
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 14000003 97bcf21e 8b1b02f8 d343ff08 (38fc6908)
---[ end trace 17dd4f70a0a60e18 ]---
8: 8b1b02f8 add x24, x23, x27
c: d343ff08 lsr x8, x24, #3
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: b0ece631f84a Linux 5.15.111
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12968616280000
kernel config: https://syzkaller.appspot.com/x/.config?x=db3750b003ff805e
dashboard link: https://syzkaller.appspot.com/bug?extid=86907330aff57bf54596
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eded75b6c3f9/disk-b0ece631.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20e5ae802010/vmlinux-b0ece631.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05d665c869f3/Image-b0ece631.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Unable to handle kernel paging request at virtual address dfff800000000000
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Modules linked in:
CPU: 0 PID: 4611 Comm: syz-executor.4 Not tainted 5.15.111-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ntfs_security_init+0x244/0x9f8 fs/ntfs3/fsntfs.c:1882
lr : resident_data_ex fs/ntfs3/ntfs.h:461 [inline]
lr : ntfs_security_init+0x230/0x9f8 fs/ntfs3/fsntfs.c:1881
sp : ffff80001d0076a0
x29: ffff80001d0077a0 x28: dfff800000000000 x27: 0000000000000020
x26: ffff700003a00edc x25: 0000000000000040 x24: 0000000000000000
x23: ffff00011d018160 x22: ffff80001d007720 x21: ffff0001200e44b0
x20: ffff0001200e4260 x19: ffff0000ccecc000 x18: 0000000000000000
x17: ff808000095bdaa0 x16: ffff80000824cbf4 x15: ffff8000095bdaa0
x14: 1ffff0000291a06a x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000003ffff x10: ffff8000201f9000 x9 : ffff800009586114
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000004 x3 : ffff800011d7c7a0
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000020
Call trace:
ntfs_security_init+0x244/0x9f8 fs/ntfs3/fsntfs.c:1882
Call trace:
ntfs_fill_super+0x3008/0x33ec fs/ntfs3/super.c:1233
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1354
vfs_get_tree+0x90/0x274 fs/super.c:1508
do_new_mount+0x25c/0x8c8 fs/namespace.c:2994
path_mount+0x590/0x104c fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount fs/namespace.c:3522 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3522
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 14000003 97bcf21e 8b1b02f8 d343ff08 (38fc6908)
---[ end trace 17dd4f70a0a60e18 ]---
----------------
Code disassembly (best guess):
0: 14000003 b 0xc
4: 97bcf21e bl 0xfffffffffef3c87c
Code disassembly (best guess):
0: 14000003 b 0xc
8: 8b1b02f8 add x24, x23, x27
c: d343ff08 lsr x8, x24, #3
* 10: 38fc6908 ldrsb w8, [x8, x28] <-- trapping instruction
---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
May 13, 2023, 12:49:43 PM5/13/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: b0ece631f84a Linux 5.15.111
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17244a1a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=164a73ea280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eded75b6c3f9/disk-b0ece631.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20e5ae802010/vmlinux-b0ece631.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05d665c869f3/Image-b0ece631.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/51095a91b9f2/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+869073...@syzkaller.appspotmail.com
x29: ffff80001ae677a0 x28: dfff800000000000 x27: 0000000000000020
x26: ffff7000035ccedc x25: 0000000000000040 x24: 0000000000000000
x23: ffff0000c8926160 x22: ffff80001ae67720 x21: ffff0000dd0c44b0
x20: ffff0000dd0c4260 x19: ffff0000c761c000 x18: 0000000000000000
x11: ff80800009586114 x10: 0000000000000000 x9 : ffff800009586114
HEAD commit: b0ece631f84a Linux 5.15.111
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=db3750b003ff805e
dashboard link: https://syzkaller.appspot.com/bug?extid=86907330aff57bf54596
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16006b1a280000
dashboard link: https://syzkaller.appspot.com/bug?extid=86907330aff57bf54596
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=164a73ea280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eded75b6c3f9/disk-b0ece631.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20e5ae802010/vmlinux-b0ece631.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05d665c869f3/Image-b0ece631.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+869073...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 4096
ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
Unable to handle kernel paging request at virtual address dfff800000000000
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3961 Comm: syz-executor335 Not tainted 5.15.111-syzkaller #0
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ntfs_security_init+0x244/0x9f8 fs/ntfs3/fsntfs.c:1882
lr : resident_data_ex fs/ntfs3/ntfs.h:461 [inline]
lr : ntfs_security_init+0x230/0x9f8 fs/ntfs3/fsntfs.c:1881
sp : ffff80001ae676a0
lr : resident_data_ex fs/ntfs3/ntfs.h:461 [inline]
lr : ntfs_security_init+0x230/0x9f8 fs/ntfs3/fsntfs.c:1881
x29: ffff80001ae677a0 x28: dfff800000000000 x27: 0000000000000020
x26: ffff7000035ccedc x25: 0000000000000040 x24: 0000000000000000
x23: ffff0000c8926160 x22: ffff80001ae67720 x21: ffff0000dd0c44b0
x20: ffff0000dd0c4260 x19: ffff0000c761c000 x18: 0000000000000000
x17: ff808000095bdaa0 x16: ffff80000824cbf4 x15: ffff8000095bdaa0
x14: 1ffff0000291a06a x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009586114 x10: 0000000000000000 x9 : ffff800009586114
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000004 x3 : ffff800011d7c7a0
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000020
Call trace:
ntfs_security_init+0x244/0x9f8 fs/ntfs3/fsntfs.c:1882
ntfs_fill_super+0x3008/0x33ec fs/ntfs3/super.c:1233
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1354
vfs_get_tree+0x90/0x274 fs/super.c:1508
do_new_mount+0x25c/0x8c8 fs/namespace.c:2994
path_mount+0x590/0x104c fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount fs/namespace.c:3522 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3522
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 14000003 97bcf21e 8b1b02f8 d343ff08 (38fc6908)
---[ end trace cb2582dd91c30afb ]---
x5 : 0000000000000000 x4 : 0000000000000004 x3 : ffff800011d7c7a0
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000020
Call trace:
ntfs_security_init+0x244/0x9f8 fs/ntfs3/fsntfs.c:1882
ntfs_fill_super+0x3008/0x33ec fs/ntfs3/super.c:1233
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1354
vfs_get_tree+0x90/0x274 fs/super.c:1508
do_new_mount+0x25c/0x8c8 fs/namespace.c:2994
path_mount+0x590/0x104c fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount fs/namespace.c:3522 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3522
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 14000003 97bcf21e 8b1b02f8 d343ff08 (38fc6908)
----------------
Code disassembly (best guess):
0: 14000003 b 0xc
4: 97bcf21e bl 0xfffffffffef3c87c
8: 8b1b02f8 add x24, x23, x27
c: d343ff08 lsr x8, x24, #3
* 10: 38fc6908 ldrsb w8, [x8, x28] <-- trapping instruction
---
Code disassembly (best guess):
0: 14000003 b 0xc
4: 97bcf21e bl 0xfffffffffef3c87c
8: 8b1b02f8 add x24, x23, x27
c: d343ff08 lsr x8, x24, #3
* 10: 38fc6908 ldrsb w8, [x8, x28] <-- trapping instruction
---
Reply all
Reply to author
Forward
0 new messages