[syzbot] [ext4?] WARNING in __ext4_ioctl

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+2cab87506a0e7885f4b9@syzkaller.appspotmail.com>
To: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org,
	 linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	tytso@mit.edu
Subject: [syzbot] [ext4?] WARNING in __ext4_ioctl
Date: Mon, 24 Jun 2024 01:10:20 -0700	[thread overview]
Message-ID: <000000000000eea704061b9e4fb8@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    7c16f0a4ed1c Merge tag 'i2c-for-6.10-rc5' of git://git.ker..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e04151980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3d112b9ab538ebab
dashboard link: https://syzkaller.appspot.com/bug?extid=2cab87506a0e7885f4b9
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b29845d4c0ce/disk-7c16f0a4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e39e5d18a392/vmlinux-7c16f0a4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f6ac8c44d142/bzImage-7c16f0a4.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2cab87506a0e7885f4b9@syzkaller.appspotmail.com

------------[ cut here ]------------
strnlen: detected buffer overflow: 17 byte read of buffer size 16
WARNING: CPU: 1 PID: 19420 at lib/string_helpers.c:1029 __fortify_report+0x9c/0xd0 lib/string_helpers.c:1029
Modules linked in:
CPU: 1 PID: 19420 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00330-g7c16f0a4ed1c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:__fortify_report+0x9c/0xd0 lib/string_helpers.c:1029
Code: ed 48 c7 c0 20 c9 8f 8b 48 0f 44 d8 e8 8d 53 0b fd 4d 89 e0 48 89 ea 48 89 d9 4c 89 f6 48 c7 c7 a0 c9 8f 8b e8 e5 6e cd fc 90 <0f> 0b 90 90 5b 5d 41 5c 41 5d 41 5e e9 3e 67 8c 06 48 89 de 48 c7
RSP: 0018:ffffc90004c2fbf0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffffffff8b8fc920 RCX: ffffc9000bb9b000
RDX: 0000000000040000 RSI: ffffffff81514a46 RDI: 0000000000000001
RBP: 0000000000000011 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000010
R13: 0000000000000000 R14: ffffffff8b8fd2e0 R15: ffff88802bb42060
FS:  00007f6eba6e46c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff2d1cbc28 CR3: 0000000062552000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __fortify_panic+0x23/0x30 lib/string_helpers.c:1036
 strnlen include/linux/fortify-string.h:235 [inline]
 sized_strscpy include/linux/fortify-string.h:309 [inline]
 ext4_ioctl_getlabel fs/ext4/ioctl.c:1154 [inline]
 __ext4_ioctl+0x404d/0x4580 fs/ext4/ioctl.c:1609
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x196/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6eb987d0a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6eba6e40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f6eb99b3f80 RCX: 00007f6eb987d0a9
RDX: 0000000020000100 RSI: 0000000081009431 RDI: 0000000000000003
RBP: 00007f6eb98ec074 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f6eb99b3f80 R15: 00007ffcd312f958
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

                 reply	other threads:[~2024-06-24  8:10 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000eea704061b9e4fb8@google.com \
    --to=syzbot+2cab87506a0e7885f4b9@syzkaller.appspotmail.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.