[v5.15] WARNING in do_open_execat (2)
1 view
Skip to first unread message
syzbot
Oct 13, 2023, 12:40:43 AM10/13/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 02e21884dcf2 Linux 5.15.135
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=157907c9680000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4cc6ae646bdb7fa
dashboard link: https://syzkaller.appspot.com/bug?extid=e5c24ff201100b18d690
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/070649b789aa/disk-02e21884.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b4dc88e68ad3/vmlinux-02e21884.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3bf6aaa2a543/bzImage-02e21884.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e5c24f...@syzkaller.appspotmail.com
loop2: detected capacity change from 0 to 4096
ntfs: volume version 3.1.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 16624 at fs/exec.c:929 do_open_execat+0x330/0x7a0 fs/exec.c:928
Modules linked in:
CPU: 0 PID: 16624 Comm: syz-executor.2 Not tainted 5.15.135-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
RIP: 0010:do_open_execat+0x330/0x7a0 fs/exec.c:928
Code: 89 de e8 f3 86 a9 ff 31 ff 89 de e8 ea 86 a9 ff 45 84 e4 75 3d 45 85 f6 0f 8f 66 04 00 00 e8 77 84 a9 ff eb bd e8 70 84 a9 ff <0f> 0b 48 c7 c3 f3 ff ff ff 49 bd 00 00 00 00 00 fc ff df 4c 8b 7c
RSP: 0018:ffffc90003f6fc40 EFLAGS: 00010283
RAX: ffffffff81d69d70 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc90004001000 RSI: 00000000000005df RDI: 00000000000005e0
RBP: ffffc90003f6fd30 R08: ffffffff81d69c04 R09: ffffc90003f6fac0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888019aa3680
R13: ffff888086c80320 R14: 00000000ffffff9c R15: ffff888038001100
FS: 00007f2a38c686c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30b29000 CR3: 000000003dc2b000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bprm_execve+0x51f/0x17c0 fs/exec.c:1819
do_execveat_common+0x583/0x720 fs/exec.c:1949
do_execve fs/exec.c:2019 [inline]
__do_sys_execve fs/exec.c:2095 [inline]
__se_sys_execve fs/exec.c:2090 [inline]
__x64_sys_execve+0x8e/0xa0 fs/exec.c:2090
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f2a3a6e6ae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2a38c680c8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007f2a3a805f80 RCX: 00007f2a3a6e6ae9
RDX: 00000000200004c0 RSI: 0000000020000400 RDI: 00000000200000c0
RBP: 00007f2a3a73247a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f2a3a805f80 R15: 00007ffe3d35fb78
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 02e21884dcf2 Linux 5.15.135
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=157907c9680000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4cc6ae646bdb7fa
dashboard link: https://syzkaller.appspot.com/bug?extid=e5c24ff201100b18d690
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/070649b789aa/disk-02e21884.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b4dc88e68ad3/vmlinux-02e21884.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3bf6aaa2a543/bzImage-02e21884.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e5c24f...@syzkaller.appspotmail.com
loop2: detected capacity change from 0 to 4096
ntfs: volume version 3.1.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 16624 at fs/exec.c:929 do_open_execat+0x330/0x7a0 fs/exec.c:928
Modules linked in:
CPU: 0 PID: 16624 Comm: syz-executor.2 Not tainted 5.15.135-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
RIP: 0010:do_open_execat+0x330/0x7a0 fs/exec.c:928
Code: 89 de e8 f3 86 a9 ff 31 ff 89 de e8 ea 86 a9 ff 45 84 e4 75 3d 45 85 f6 0f 8f 66 04 00 00 e8 77 84 a9 ff eb bd e8 70 84 a9 ff <0f> 0b 48 c7 c3 f3 ff ff ff 49 bd 00 00 00 00 00 fc ff df 4c 8b 7c
RSP: 0018:ffffc90003f6fc40 EFLAGS: 00010283
RAX: ffffffff81d69d70 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc90004001000 RSI: 00000000000005df RDI: 00000000000005e0
RBP: ffffc90003f6fd30 R08: ffffffff81d69c04 R09: ffffc90003f6fac0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888019aa3680
R13: ffff888086c80320 R14: 00000000ffffff9c R15: ffff888038001100
FS: 00007f2a38c686c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30b29000 CR3: 000000003dc2b000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bprm_execve+0x51f/0x17c0 fs/exec.c:1819
do_execveat_common+0x583/0x720 fs/exec.c:1949
do_execve fs/exec.c:2019 [inline]
__do_sys_execve fs/exec.c:2095 [inline]
__se_sys_execve fs/exec.c:2090 [inline]
__x64_sys_execve+0x8e/0xa0 fs/exec.c:2090
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f2a3a6e6ae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2a38c680c8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007f2a3a805f80 RCX: 00007f2a3a6e6ae9
RDX: 00000000200004c0 RSI: 0000000020000400 RDI: 00000000200000c0
RBP: 00007f2a3a73247a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f2a3a805f80 R15: 00007ffe3d35fb78
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 13, 2023, 7:10:50 AM10/13/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 02e21884dcf2 Linux 5.15.135
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17d3c561680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e04741680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/070649b789aa/disk-02e21884.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b4dc88e68ad3/vmlinux-02e21884.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3bf6aaa2a543/bzImage-02e21884.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5433aaceec7c/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e5c24f...@syzkaller.appspotmail.com
ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
ntfs: volume version 3.1.
process 'syz-executor274' launched './file1' with NULL argv: empty string added
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3503 at fs/exec.c:929 do_open_execat+0x330/0x7a0 fs/exec.c:928
Modules linked in:
CPU: 0 PID: 3503 Comm: syz-executor274 Not tainted 5.15.135-syzkaller #0
RAX: ffffffff81d69d70 RBX: 0000000000000000 RCX: ffff8880789ebb80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000008000
RBP: ffffc900020afd30 R08: ffffffff81d69c04 R09: ffffc900020afac0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807d3b1180
R13: ffff888072686620 R14: 00000000ffffff9c R15: ffff8880780ad500
FS: 0000555555768380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc31a80bd8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007ffc31a80db8 RCX: 00007f1bc606c6f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
RBP: 00007f1bc60fe610 R08: 000000000001ec65 R09: 0000000000000000
R10: 00007ffc31a80aa0 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffc31a80da8 R14: 0000000000000001 R15: 0000000000000001
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 02e21884dcf2 Linux 5.15.135
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=e4cc6ae646bdb7fa
dashboard link: https://syzkaller.appspot.com/bug?extid=e5c24ff201100b18d690
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113f55a1680000
dashboard link: https://syzkaller.appspot.com/bug?extid=e5c24ff201100b18d690
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e04741680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/070649b789aa/disk-02e21884.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b4dc88e68ad3/vmlinux-02e21884.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3bf6aaa2a543/bzImage-02e21884.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e5c24f...@syzkaller.appspotmail.com
ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
ntfs: volume version 3.1.
process 'syz-executor274' launched './file1' with NULL argv: empty string added
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3503 at fs/exec.c:929 do_open_execat+0x330/0x7a0 fs/exec.c:928
Modules linked in:
CPU: 0 PID: 3503 Comm: syz-executor274 Not tainted 5.15.135-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
RIP: 0010:do_open_execat+0x330/0x7a0 fs/exec.c:928
Code: 89 de e8 f3 86 a9 ff 31 ff 89 de e8 ea 86 a9 ff 45 84 e4 75 3d 45 85 f6 0f 8f 66 04 00 00 e8 77 84 a9 ff eb bd e8 70 84 a9 ff <0f> 0b 48 c7 c3 f3 ff ff ff 49 bd 00 00 00 00 00 fc ff df 4c 8b 7c
RSP: 0018:ffffc900020afc40 EFLAGS: 00010293
RIP: 0010:do_open_execat+0x330/0x7a0 fs/exec.c:928
Code: 89 de e8 f3 86 a9 ff 31 ff 89 de e8 ea 86 a9 ff 45 84 e4 75 3d 45 85 f6 0f 8f 66 04 00 00 e8 77 84 a9 ff eb bd e8 70 84 a9 ff <0f> 0b 48 c7 c3 f3 ff ff ff 49 bd 00 00 00 00 00 fc ff df 4c 8b 7c
RAX: ffffffff81d69d70 RBX: 0000000000000000 RCX: ffff8880789ebb80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000008000
RBP: ffffc900020afd30 R08: ffffffff81d69c04 R09: ffffc900020afac0
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807d3b1180
R13: ffff888072686620 R14: 00000000ffffff9c R15: ffff8880780ad500
FS: 0000555555768380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1bbde2ee00 CR3: 0000000023464000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bprm_execve+0x51f/0x17c0 fs/exec.c:1819
do_execveat_common+0x583/0x720 fs/exec.c:1949
do_execve fs/exec.c:2019 [inline]
__do_sys_execve fs/exec.c:2095 [inline]
__se_sys_execve fs/exec.c:2090 [inline]
__x64_sys_execve+0x8e/0xa0 fs/exec.c:2090
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f1bc606c6f9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bprm_execve+0x51f/0x17c0 fs/exec.c:1819
do_execveat_common+0x583/0x720 fs/exec.c:1949
do_execve fs/exec.c:2019 [inline]
__do_sys_execve fs/exec.c:2095 [inline]
__se_sys_execve fs/exec.c:2090 [inline]
__x64_sys_execve+0x8e/0xa0 fs/exec.c:2090
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc31a80bd8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007ffc31a80db8 RCX: 00007f1bc606c6f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
RBP: 00007f1bc60fe610 R08: 000000000001ec65 R09: 0000000000000000
R10: 00007ffc31a80aa0 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffc31a80da8 R14: 0000000000000001 R15: 0000000000000001
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Apr 26, 2024, 7:32:04 AM (10 days ago) Apr 26
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 7ffa8f3d30236e0ab897c30bdb01224ff1fe1c89
git tree: upstream
Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
Date: Mon Jan 15 07:20:25 2024 +0000
fs: Remove NTFS classic
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1655c28b180000
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 7ffa8f3d30236e0ab897c30bdb01224ff1fe1c89
git tree: upstream
Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
Date: Mon Jan 15 07:20:25 2024 +0000
fs: Remove NTFS classic
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1655c28b180000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4cc6ae646bdb7fa
dashboard link: https://syzkaller.appspot.com/bug?extid=e5c24ff201100b18d690
dashboard link: https://syzkaller.appspot.com/bug?extid=e5c24ff201100b18d690
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113f55a1680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e04741680000
Please keep in mind that other backports might be required as well.
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e04741680000
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages