[syzbot] general protection fault in ntfs_set_inode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

syzbot found the following issue on:

HEAD commit:    0326074ff465 Merge tag 'net-next-6.1' of git://git.kernel...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16880492880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=e1de7ca9efcc028c
dashboard link: https://syzkaller.appspot.com/bug?extid=f553b35c5f71737636f7
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: i386

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f553b35c5f71737636f7@xxxxxxxxxxxxxxxxxxxxxxxxx

general protection fault, probably for non-canonical address 0xdffffc0004e2d052: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000027168290-0x0000000027168297]
CPU: 1 PID: 4671 Comm: syz-executor.1 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:ntfs_set_inode+0x4a/0x70 fs/ntfs3/inode.c:485
Code: 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 26 48 8d 7d 40 8b 1b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 13 48 89 5d 40 31 c0 5b 5d c3 48 89 df e8 bf 73 1f
RSP: 0018:ffffc90022fe7968 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 000000000000000a RCX: ffffc90003851000
RDX: 0000000004e2d052 RSI: ffffffff82a8af0d RDI: 0000000027168290
RBP: 0000000027168250 R08: 0000000000000001 R09: 0000000000000003
R10: fffff520045fcf21 R11: 0000000000000000 R12: ffffc90022fe7cb0
R13: ffffffff82a8aeff R14: 0000000000000000 R15: ffff888027168278
FS:  0000000000000000(0000) GS:ffff88802c900000(0063) knlGS:00000000f7fc9b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007f7612c78eb0 CR3: 0000000042c19000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 log_replay+0xf7f0/0xf7f0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ntfs_set_inode+0x4a/0x70 fs/ntfs3/inode.c:485
Code: 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 26 48 8d 7d 40 8b 1b 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 13 48 89 5d 40 31 c0 5b 5d c3 48 89 df e8 bf 73 1f
RSP: 0018:ffffc90022fe7968 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 000000000000000a RCX: ffffc90003851000
RDX: 0000000004e2d052 RSI: ffffffff82a8af0d RDI: 0000000027168290
RBP: 0000000027168250 R08: 0000000000000001 R09: 0000000000000003
R10: fffff520045fcf21 R11: 0000000000000000 R12: ffffc90022fe7cb0
R13: ffffffff82a8aeff R14: 0000000000000000 R15: ffff888027168278
FS:  0000000000000000(0000) GS:ffff88802c900000(0063) knlGS:00000000f7fc9b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007f7612c78eb0 CR3: 0000000042c19000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	14 02                	adc    $0x2,%al
   2:	48 89 d8             	mov    %rbx,%rax
   5:	83 e0 07             	and    $0x7,%eax
   8:	83 c0 03             	add    $0x3,%eax
   b:	38 d0                	cmp    %dl,%al
   d:	7c 04                	jl     0x13
   f:	84 d2                	test   %dl,%dl
  11:	75 26                	jne    0x39
  13:	48 8d 7d 40          	lea    0x40(%rbp),%rdi
  17:	8b 1b                	mov    (%rbx),%ebx
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	75 13                	jne    0x43
  30:	48 89 5d 40          	mov    %rbx,0x40(%rbp)
  34:	31 c0                	xor    %eax,%eax
  36:	5b                   	pop    %rbx
  37:	5d                   	pop    %rbp
  38:	c3                   	retq
  39:	48 89 df             	mov    %rbx,%rdi
  3c:	e8                   	.byte 0xe8
  3d:	bf                   	.byte 0xbf
  3e:	73 1f                	jae    0x5f


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.




[Index of Archives]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux