syzbot


WARNING in do_open_execat

Status: upstream: reported C repro on 2023/09/16 02:14
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+966287e895af04ec4106@syzkaller.appspotmail.com
First crash: 275d, last: 66d
Fix bisection: the issue occurs on the latest tested release (bisect log)
Crash: WARNING in do_open_execat (log)
Repro: C syz .config
  
Bug presence (3)
Date Name Commit Repro Result
2024/03/14 linux-6.1.y (ToT) 61adba85cc40 C [report] WARNING in do_open_execat
2023/09/16 upstream (ToT) 57d88e8a5974 C [report] WARNING in do_open_execat
2024/03/14 upstream (ToT) 480e035fc4c7 C Didn't crash
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 WARNING in do_open_execat (2) origin:upstream missing-backport C done 8 39d 247d 0/3 upstream: reported C repro on 2023/10/13 04:40
upstream WARNING in do_open_execat (2) ntfs3 C 18 56d 68d 0/27 upstream: reported C repro on 2024/04/09 22:42
linux-5.15 WARNING in do_open_execat 1 455d 455d 0/3 auto-obsoleted due to no activity on 2023/07/18 02:48
upstream WARNING in do_open_execat ntfs3 C error done 12 143d 303d 26/27 fixed on 2024/03/20 11:33
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2024/03/20 20:34 1h43m fix candidate upstream job log (0)
2024/03/02 02:02 1h54m bisect fix linux-6.1.y job log (0) log
2024/01/09 08:55 1h37m bisect fix linux-6.1.y job log (0) log
2023/10/21 15:34 1h34m bisect fix linux-6.1.y job log (0) log

Sample crash report:
ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute.
ntfs: volume version 3.1.
process 'syz-executor250' launched './file1' with NULL argv: empty string added
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4220 at fs/exec.c:937 do_open_execat+0x434/0x640
Modules linked in:
CPU: 1 PID: 4220 Comm: syz-executor250 Not tainted 6.1.80-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_open_execat+0x434/0x640
lr : do_open_execat+0x430/0x640 fs/exec.c:936
sp : ffff80001dc47a60
x29: ffff80001dc47ad0 x28: ffff0000d5dd4028 x27: ffff0000c9cb9100
x26: dfff800000000000 x25: ffff700003b88f4c x24: dfff800000000000
x23: 0000000000000000 x22: ffff0000e20c76a0 x21: ffff0000c9cb9100
x20: fffffffffffffff3 x19: ffff0000cde33b80 x18: ffff80001dc47260
x17: ffff8000188a7000 x16: ffff800012094500 x15: 0000000000000000
x14: 1ffff00002b040b0 x13: dfff800000000000 x12: 0000000000000002
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800008a58214
x8 : ffff0000d5dd3780 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000010
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000008000
Call trace:
 do_open_execat+0x434/0x640
 bprm_execve+0x480/0x162c fs/exec.c:1821
 do_execveat_common+0x668/0x814 fs/exec.c:1951
 do_execve fs/exec.c:2025 [inline]
 __do_sys_execve fs/exec.c:2101 [inline]
 __se_sys_execve fs/exec.c:2096 [inline]
 __arm64_sys_execve+0x98/0xb0 fs/exec.c:2096
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 28680
hardirqs last  enabled at (28679): [<ffff800012225cfc>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (28679): [<ffff800012225cfc>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (28680): [<ffff800012141c04>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (28452): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (28452): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (28441): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/04 09:38 linux-6.1.y a3eb3a74aa8c 25905f5d .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in do_open_execat
2024/01/22 01:24 linux-6.1.y 8fd7f4462453 9bd8dcda .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in do_open_execat
2023/12/10 08:55 linux-6.1.y 6c6a6c7e211c 28b24332 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in do_open_execat
2023/09/16 02:28 linux-6.1.y 09045dae0d90 0b6a67ac .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in do_open_execat
2024/04/11 22:47 linux-6.1.y bf1e3b1cb1e0 95ed9ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in do_open_execat
2024/04/11 22:17 linux-6.1.y bf1e3b1cb1e0 95ed9ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in do_open_execat
2023/11/18 21:15 linux-6.1.y fb2635ac69ab cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in do_open_execat
2023/11/16 11:55 linux-6.1.y fb2635ac69ab cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in do_open_execat
2023/09/16 02:12 linux-6.1.y 09045dae0d90 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in do_open_execat
* Struck through repros no longer work on HEAD.