[moderation] [keyrings?] [lsm?] KASAN: slab-out-of-bounds Read in key_task_permission
16 views
Skip to first unread message
syzbot
Jul 11, 2023, 2:03:14 PM7/11/23
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a452483508d7 Merge tag 's390-6.5-2' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14643f30a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=9831e2c2660aae77
dashboard link: https://syzkaller.appspot.com/bug?extid=2ce7eb69dcaf720e3165
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [dhow...@redhat.com jar...@kernel.org jmo...@namei.org keyr...@vger.kernel.org linux-...@vger.kernel.org linux-secu...@vger.kernel.org pa...@paul-moore.com se...@hallyn.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9a57ac39a87c/disk-a4524835.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4ebd5e627b95/vmlinux-a4524835.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7534e893d278/bzImage-a4524835.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2ce7eb...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 [inline]
BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]
BUG: KASAN: slab-out-of-bounds in key_task_permission+0x38f/0x400 security/keys/permission.c:54
Read of size 4 at addr ffff88802b641ba0 by task syz-executor.2/31965
CPU: 0 PID: 31965 Comm: syz-executor.2 Not tainted 6.4.0-syzkaller-12155-ga452483508d7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:364
print_report mm/kasan/report.c:475 [inline]
kasan_report+0x11d/0x130 mm/kasan/report.c:588
__kuid_val include/linux/uidgid.h:36 [inline]
uid_eq include/linux/uidgid.h:63 [inline]
key_task_permission+0x38f/0x400 security/keys/permission.c:54
search_nested_keyrings+0x889/0xe30 security/keys/keyring.c:793
keyring_search_rcu+0x1b1/0x310 security/keys/keyring.c:922
search_cred_keyrings_rcu+0x19d/0x2e0 security/keys/process_keys.c:480
search_process_keyrings_rcu+0x1c/0x320 security/keys/process_keys.c:544
lookup_user_key+0x10ce/0x12a0 security/keys/process_keys.c:762
dh_data_from_key+0x26/0x2d0 security/keys/dh.c:25
__keyctl_dh_compute+0x2fb/0xfd0 security/keys/dh.c:186
keyctl_dh_compute+0xc3/0x130 security/keys/dh.c:312
__do_sys_keyctl+0x3d0/0x610 security/keys/keyctl.c:1973
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f297988c389
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f29783fe168 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
RAX: ffffffffffffffda RBX: 00007f29799abf80 RCX: 00007f297988c389
RDX: 0000000020000340 RSI: 0000000020000300 RDI: 0000000000000017
RBP: 00007f29798d7493 R08: 0000000020000440 R09: 0000000000000000
R10: 000000000000009a R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdbca7492f R14: 00007f29783fe300 R15: 0000000000022000
</TASK>
Allocated by task 5029:
kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:374 [inline]
____kasan_kmalloc mm/kasan/common.c:333 [inline]
__kasan_kmalloc+0xa3/0xb0 mm/kasan/common.c:383
kasan_kmalloc include/linux/kasan.h:196 [inline]
__do_kmalloc_node mm/slab_common.c:985 [inline]
__kmalloc_node+0x61/0x1a0 mm/slab_common.c:992
kmalloc_array_node include/linux/slab.h:680 [inline]
kcalloc_node include/linux/slab.h:685 [inline]
memcg_alloc_slab_cgroups+0xee/0x1e0 mm/memcontrol.c:2899
account_slab mm/slab.h:636 [inline]
kmem_getpages mm/slab.c:1364 [inline]
cache_grow_begin+0x331/0x3b0 mm/slab.c:2550
cache_alloc_refill+0x289/0x3a0 mm/slab.c:2923
____cache_alloc mm/slab.c:2999 [inline]
____cache_alloc mm/slab.c:2982 [inline]
__do_cache_alloc mm/slab.c:3182 [inline]
slab_alloc_node mm/slab.c:3230 [inline]
slab_alloc mm/slab.c:3246 [inline]
__kmem_cache_alloc_lru mm/slab.c:3423 [inline]
kmem_cache_alloc+0x397/0x3f0 mm/slab.c:3432
dup_fd+0x8d/0xcf0 fs/file.c:324
copy_files kernel/fork.c:1791 [inline]
copy_process+0x263b/0x75c0 kernel/fork.c:2491
kernel_clone+0xeb/0x890 kernel/fork.c:2911
__do_sys_clone+0xba/0x100 kernel/fork.c:3054
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The buggy address belongs to the object at ffff88802b641b80
which belongs to the cache kmalloc-32 of size 32
The buggy address is located 0 bytes to the right of
allocated 32-byte region [ffff88802b641b80, ffff88802b641ba0)
The buggy address belongs to the physical page:
page:ffffea0000ad9040 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802b641fc1 pfn:0x2b641
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0x32()
raw: 00fff00000000200 ffff888012840100 ffffea0001d7d190 ffffea00008accd0
raw: ffff88802b641fc1 ffff88802b641000 0000000100000032 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 5255, tgid 5252 (syz-executor.0), ts 84711792979, free_ts 78893243407
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x2db/0x350 mm/page_alloc.c:1570
prep_new_page mm/page_alloc.c:1577 [inline]
get_page_from_freelist+0xfed/0x2d30 mm/page_alloc.c:3221
__alloc_pages+0x1cb/0x4a0 mm/page_alloc.c:4477
__alloc_pages_node include/linux/gfp.h:237 [inline]
kmem_getpages mm/slab.c:1356 [inline]
cache_grow_begin+0x9b/0x3b0 mm/slab.c:2550
cache_alloc_refill+0x289/0x3a0 mm/slab.c:2923
____cache_alloc mm/slab.c:2999 [inline]
____cache_alloc mm/slab.c:2982 [inline]
__do_cache_alloc mm/slab.c:3182 [inline]
slab_alloc_node mm/slab.c:3230 [inline]
__kmem_cache_alloc_node+0x392/0x410 mm/slab.c:3521
kmalloc_trace+0x26/0xe0 mm/slab_common.c:1076
kmalloc include/linux/slab.h:582 [inline]
kzalloc include/linux/slab.h:703 [inline]
alloc_workqueue_attrs kernel/workqueue.c:3707 [inline]
alloc_workqueue+0x8be/0x1110 kernel/workqueue.c:4651
nci_register_device+0x370/0xb50 net/nfc/nci/core.c:1233
virtual_ncidev_open+0x14f/0x230 drivers/nfc/virtual_ncidev.c:148
misc_open+0x383/0x4a0 drivers/char/misc.c:165
chrdev_open+0x273/0x780 fs/char_dev.c:414
do_dentry_open+0x6ce/0x17b0 fs/open.c:914
do_open fs/namei.c:3636 [inline]
path_openat+0x1b65/0x2710 fs/namei.c:3793
do_filp_open+0x1ba/0x410 fs/namei.c:3820
do_sys_openat2+0x160/0x1c0 fs/open.c:1407
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1161 [inline]
free_unref_page_prepare+0x62e/0xcb0 mm/page_alloc.c:2348
free_unref_page+0x33/0x370 mm/page_alloc.c:2443
slab_destroy mm/slab.c:1608 [inline]
slabs_destroy+0x85/0xc0 mm/slab.c:1628
cache_flusharray mm/slab.c:3341 [inline]
___cache_free+0x2c5/0x410 mm/slab.c:3404
qlink_free mm/kasan/quarantine.c:166 [inline]
qlist_free_all+0x4f/0x1a0 mm/kasan/quarantine.c:185
kasan_quarantine_reduce+0x195/0x220 mm/kasan/quarantine.c:292
__kasan_slab_alloc+0x63/0x90 mm/kasan/common.c:305
kasan_slab_alloc include/linux/kasan.h:186 [inline]
slab_post_alloc_hook mm/slab.h:750 [inline]
slab_alloc_node mm/slab.c:3237 [inline]
__kmem_cache_alloc_node+0x206/0x410 mm/slab.c:3521
__do_kmalloc_node mm/slab_common.c:984 [inline]
__kmalloc+0x4e/0x190 mm/slab_common.c:998
kmalloc include/linux/slab.h:586 [inline]
tomoyo_realpath_from_path+0xc3/0x600 security/tomoyo/realpath.c:251
tomoyo_realpath_nofollow+0xcc/0xe0 security/tomoyo/realpath.c:304
tomoyo_find_next_domain+0x28d/0x1ff0 security/tomoyo/domain.c:727
tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
tomoyo_bprm_check_security+0x139/0x1d0 security/tomoyo/tomoyo.c:91
security_bprm_check+0x49/0xb0 security/security.c:1102
search_binary_handler fs/exec.c:1726 [inline]
exec_binprm fs/exec.c:1780 [inline]
bprm_execve fs/exec.c:1855 [inline]
bprm_execve+0x740/0x1980 fs/exec.c:1811
kernel_execve+0x3ee/0x500 fs/exec.c:2023
Memory state around the buggy address:
ffff88802b641a80: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
ffff88802b641b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
>ffff88802b641b80: 00 00 00 00 fc fc fc fc 00 fc fc fc fc fc fc fc
^
ffff88802b641c00: fb fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
ffff88802b641c80: 00 00 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: a452483508d7 Merge tag 's390-6.5-2' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14643f30a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=9831e2c2660aae77
dashboard link: https://syzkaller.appspot.com/bug?extid=2ce7eb69dcaf720e3165
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [dhow...@redhat.com jar...@kernel.org jmo...@namei.org keyr...@vger.kernel.org linux-...@vger.kernel.org linux-secu...@vger.kernel.org pa...@paul-moore.com se...@hallyn.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9a57ac39a87c/disk-a4524835.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4ebd5e627b95/vmlinux-a4524835.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7534e893d278/bzImage-a4524835.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2ce7eb...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 [inline]
BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]
BUG: KASAN: slab-out-of-bounds in key_task_permission+0x38f/0x400 security/keys/permission.c:54
Read of size 4 at addr ffff88802b641ba0 by task syz-executor.2/31965
CPU: 0 PID: 31965 Comm: syz-executor.2 Not tainted 6.4.0-syzkaller-12155-ga452483508d7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:364
print_report mm/kasan/report.c:475 [inline]
kasan_report+0x11d/0x130 mm/kasan/report.c:588
__kuid_val include/linux/uidgid.h:36 [inline]
uid_eq include/linux/uidgid.h:63 [inline]
key_task_permission+0x38f/0x400 security/keys/permission.c:54
search_nested_keyrings+0x889/0xe30 security/keys/keyring.c:793
keyring_search_rcu+0x1b1/0x310 security/keys/keyring.c:922
search_cred_keyrings_rcu+0x19d/0x2e0 security/keys/process_keys.c:480
search_process_keyrings_rcu+0x1c/0x320 security/keys/process_keys.c:544
lookup_user_key+0x10ce/0x12a0 security/keys/process_keys.c:762
dh_data_from_key+0x26/0x2d0 security/keys/dh.c:25
__keyctl_dh_compute+0x2fb/0xfd0 security/keys/dh.c:186
keyctl_dh_compute+0xc3/0x130 security/keys/dh.c:312
__do_sys_keyctl+0x3d0/0x610 security/keys/keyctl.c:1973
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f297988c389
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f29783fe168 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
RAX: ffffffffffffffda RBX: 00007f29799abf80 RCX: 00007f297988c389
RDX: 0000000020000340 RSI: 0000000020000300 RDI: 0000000000000017
RBP: 00007f29798d7493 R08: 0000000020000440 R09: 0000000000000000
R10: 000000000000009a R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdbca7492f R14: 00007f29783fe300 R15: 0000000000022000
</TASK>
Allocated by task 5029:
kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:374 [inline]
____kasan_kmalloc mm/kasan/common.c:333 [inline]
__kasan_kmalloc+0xa3/0xb0 mm/kasan/common.c:383
kasan_kmalloc include/linux/kasan.h:196 [inline]
__do_kmalloc_node mm/slab_common.c:985 [inline]
__kmalloc_node+0x61/0x1a0 mm/slab_common.c:992
kmalloc_array_node include/linux/slab.h:680 [inline]
kcalloc_node include/linux/slab.h:685 [inline]
memcg_alloc_slab_cgroups+0xee/0x1e0 mm/memcontrol.c:2899
account_slab mm/slab.h:636 [inline]
kmem_getpages mm/slab.c:1364 [inline]
cache_grow_begin+0x331/0x3b0 mm/slab.c:2550
cache_alloc_refill+0x289/0x3a0 mm/slab.c:2923
____cache_alloc mm/slab.c:2999 [inline]
____cache_alloc mm/slab.c:2982 [inline]
__do_cache_alloc mm/slab.c:3182 [inline]
slab_alloc_node mm/slab.c:3230 [inline]
slab_alloc mm/slab.c:3246 [inline]
__kmem_cache_alloc_lru mm/slab.c:3423 [inline]
kmem_cache_alloc+0x397/0x3f0 mm/slab.c:3432
dup_fd+0x8d/0xcf0 fs/file.c:324
copy_files kernel/fork.c:1791 [inline]
copy_process+0x263b/0x75c0 kernel/fork.c:2491
kernel_clone+0xeb/0x890 kernel/fork.c:2911
__do_sys_clone+0xba/0x100 kernel/fork.c:3054
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The buggy address belongs to the object at ffff88802b641b80
which belongs to the cache kmalloc-32 of size 32
The buggy address is located 0 bytes to the right of
allocated 32-byte region [ffff88802b641b80, ffff88802b641ba0)
The buggy address belongs to the physical page:
page:ffffea0000ad9040 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802b641fc1 pfn:0x2b641
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0x32()
raw: 00fff00000000200 ffff888012840100 ffffea0001d7d190 ffffea00008accd0
raw: ffff88802b641fc1 ffff88802b641000 0000000100000032 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 5255, tgid 5252 (syz-executor.0), ts 84711792979, free_ts 78893243407
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x2db/0x350 mm/page_alloc.c:1570
prep_new_page mm/page_alloc.c:1577 [inline]
get_page_from_freelist+0xfed/0x2d30 mm/page_alloc.c:3221
__alloc_pages+0x1cb/0x4a0 mm/page_alloc.c:4477
__alloc_pages_node include/linux/gfp.h:237 [inline]
kmem_getpages mm/slab.c:1356 [inline]
cache_grow_begin+0x9b/0x3b0 mm/slab.c:2550
cache_alloc_refill+0x289/0x3a0 mm/slab.c:2923
____cache_alloc mm/slab.c:2999 [inline]
____cache_alloc mm/slab.c:2982 [inline]
__do_cache_alloc mm/slab.c:3182 [inline]
slab_alloc_node mm/slab.c:3230 [inline]
__kmem_cache_alloc_node+0x392/0x410 mm/slab.c:3521
kmalloc_trace+0x26/0xe0 mm/slab_common.c:1076
kmalloc include/linux/slab.h:582 [inline]
kzalloc include/linux/slab.h:703 [inline]
alloc_workqueue_attrs kernel/workqueue.c:3707 [inline]
alloc_workqueue+0x8be/0x1110 kernel/workqueue.c:4651
nci_register_device+0x370/0xb50 net/nfc/nci/core.c:1233
virtual_ncidev_open+0x14f/0x230 drivers/nfc/virtual_ncidev.c:148
misc_open+0x383/0x4a0 drivers/char/misc.c:165
chrdev_open+0x273/0x780 fs/char_dev.c:414
do_dentry_open+0x6ce/0x17b0 fs/open.c:914
do_open fs/namei.c:3636 [inline]
path_openat+0x1b65/0x2710 fs/namei.c:3793
do_filp_open+0x1ba/0x410 fs/namei.c:3820
do_sys_openat2+0x160/0x1c0 fs/open.c:1407
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1161 [inline]
free_unref_page_prepare+0x62e/0xcb0 mm/page_alloc.c:2348
free_unref_page+0x33/0x370 mm/page_alloc.c:2443
slab_destroy mm/slab.c:1608 [inline]
slabs_destroy+0x85/0xc0 mm/slab.c:1628
cache_flusharray mm/slab.c:3341 [inline]
___cache_free+0x2c5/0x410 mm/slab.c:3404
qlink_free mm/kasan/quarantine.c:166 [inline]
qlist_free_all+0x4f/0x1a0 mm/kasan/quarantine.c:185
kasan_quarantine_reduce+0x195/0x220 mm/kasan/quarantine.c:292
__kasan_slab_alloc+0x63/0x90 mm/kasan/common.c:305
kasan_slab_alloc include/linux/kasan.h:186 [inline]
slab_post_alloc_hook mm/slab.h:750 [inline]
slab_alloc_node mm/slab.c:3237 [inline]
__kmem_cache_alloc_node+0x206/0x410 mm/slab.c:3521
__do_kmalloc_node mm/slab_common.c:984 [inline]
__kmalloc+0x4e/0x190 mm/slab_common.c:998
kmalloc include/linux/slab.h:586 [inline]
tomoyo_realpath_from_path+0xc3/0x600 security/tomoyo/realpath.c:251
tomoyo_realpath_nofollow+0xcc/0xe0 security/tomoyo/realpath.c:304
tomoyo_find_next_domain+0x28d/0x1ff0 security/tomoyo/domain.c:727
tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
tomoyo_bprm_check_security+0x139/0x1d0 security/tomoyo/tomoyo.c:91
security_bprm_check+0x49/0xb0 security/security.c:1102
search_binary_handler fs/exec.c:1726 [inline]
exec_binprm fs/exec.c:1780 [inline]
bprm_execve fs/exec.c:1855 [inline]
bprm_execve+0x740/0x1980 fs/exec.c:1811
kernel_execve+0x3ee/0x500 fs/exec.c:2023
Memory state around the buggy address:
ffff88802b641a80: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
ffff88802b641b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
>ffff88802b641b80: 00 00 00 00 fc fc fc fc 00 fc fc fc fc fc fc fc
^
ffff88802b641c00: fb fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
ffff88802b641c80: 00 00 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 5, 2023, 1:52:44 PM10/5/23
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages