lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87o7j471v8.fsf@email.froward.int.ebiederm.org>
Date:   Fri, 18 Aug 2023 11:26:51 -0500
From:   "Eric W. Biederman" <ebiederm@...ssion.com>
To:     syzbot <syzbot+6ec38f7a8db3b3fb1002@...kaller.appspotmail.com>
Cc:     anton@...era.com, brauner@...nel.org, keescook@...omium.org,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, linux-ntfs-dev@...ts.sourceforge.net,
        syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk
Subject: Re: [syzbot] [ntfs?] WARNING in do_open_execat

syzbot <syzbot+6ec38f7a8db3b3fb1002@...kaller.appspotmail.com> writes:

> Hello,
>
> syzbot found the following issue on:

Not an issue.
Nothing to do with ntfs.

The code is working as designed and intended.

syzbot generated a malformed exec and the kernel made it
well formed and warned about it.

Human beings who run syzbot please mark this as not an issue in your
system.  The directions don't have a way to say that the code is working
as expected and designed.

Eric

> HEAD commit:    16931859a650 Merge tag 'nfsd-6.5-4' of git://git.kernel.or..
> git tree:       upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=13e2673da80000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=aa796b6080b04102
> dashboard link: https://syzkaller.appspot.com/bug?extid=6ec38f7a8db3b3fb1002
> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17cdbc65a80000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1262d8cfa80000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/eecc010800b4/disk-16931859.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/f45ae06377a7/vmlinux-16931859.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/68891896edba/bzImage-16931859.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/4b6ab78b223a/mount_0.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+6ec38f7a8db3b3fb1002@...kaller.appspotmail.com
>
> ntfs: volume version 3.1.
> process 'syz-executor300' launched './file1' with NULL argv: empty string added
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 5020 at fs/exec.c:933 do_open_execat+0x18f/0x3f0 fs/exec.c:933
> Modules linked in:
> CPU: 0 PID: 5020 Comm: syz-executor300 Not tainted 6.5.0-rc6-syzkaller-00038-g16931859a650 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
> RIP: 0010:do_open_execat+0x18f/0x3f0 fs/exec.c:933
> Code: 8e 46 02 00 00 41 0f b7 1e bf 00 80 ff ff 66 81 e3 00 f0 89 de e8 b1 67 9b ff 66 81 fb 00 80 0f 84 8b 00 00 00 e8 51 6c 9b ff <0f> 0b 48 c7 c3 f3 ff ff ff e8 43 6c 9b ff 4c 89 e7 e8 4b c9 fe ff
> RSP: 0018:ffffc90003b0fd10 EFLAGS: 00010293
> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
> RDX: ffff888028401dc0 RSI: ffffffff81ea9c4f RDI: 0000000000000003
> RBP: 1ffff92000761fa2 R08: 0000000000000003 R09: 0000000000008000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802bf18780
> R13: ffff888075d70000 R14: ffff8880742776a0 R15: 0000000000000001
> FS:  000055555706b380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007ffe0f1d3ff8 CR3: 0000000015f97000 CR4: 0000000000350ef0
> Call Trace:
>  <TASK>
>  bprm_execve fs/exec.c:1830 [inline]
>  bprm_execve+0x49d/0x1a50 fs/exec.c:1811
>  do_execveat_common.isra.0+0x5d3/0x740 fs/exec.c:1963
>  do_execve fs/exec.c:2037 [inline]
>  __do_sys_execve fs/exec.c:2113 [inline]
>  __se_sys_execve fs/exec.c:2108 [inline]
>  __x64_sys_execve+0x8c/0xb0 fs/exec.c:2108
>  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>  do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
>  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7fee7ec27b39
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007ffe6c369d28 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
> RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fee7ec27b39
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000480
> RBP: 00007fee7ec7004b R08: 000000000001ee3b R09: 0000000000000000
> R10: 00007ffe6c369bf0 R11: 0000000000000246 R12: 00007fee7ec70055
> R13: 00007ffe6c369f08 R14: 0000000000000001 R15: 0000000000000001
>  </TASK>
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the bug is already fixed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite bug's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the bug is a duplicate of another bug, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ