VirtualBox

Opened 23 months ago

Last modified 13 months ago

#21410 closed defect

RIP: 0010:vbsf_inode_revalidate_worker+0x542/0x580 [vboxsf] — at Version 1

Reported by: Srini8987 Owned by:
Component: shared folders Version: VirtualBox-7.0.4
Keywords: Cc:
Guest type: Linux Host type: Windows

Description (last modified by galitsyn)

Hi,

I am seeing below error with kernel 6.1.5-200.fc37.x86_64.

------------[ cut here ]------------
memcpy: detected field-spanning write (size 14) of single field "&pReq->StrPath" at /tmp/vbox.0/utils.c:591 (size 6)
WARNING: CPU: 0 PID: 2470 at /tmp/vbox.0/utils.c:591 vbsf_inode_revalidate_worker+0x542/0x580 [vboxsf]
Modules linked in: vboxsf(OE) snd_seq_dummy snd_hrtimer vboxvideo(OE) nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security ip_set rfkill nf_tables nfnetlink ip6table_filter ip6_tables iptable_filter ip_tables qrtr sunrpc snd_intel8x0 snd_ac97_codec ac97_bus snd_seq snd_seq_device snd_pcm intel_rapl_msr snd_timer intel_rapl_common pktcdvd pcspkr snd soundcore i2c_piix4 joydev zram crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic virtio_net ghash_clmulni_intel vmwgfx net_failover sha512_ssse3 drm_ttm_helper video serio_raw failover vboxguest(OE) ttm wmi ata_generic pata_acpi scsi_dh_rdac scsi_dh_emc scsi_dh_alua fuse dm_multipath
CPU: 0 PID: 2470 Comm: ls Tainted: G        W  OE      6.1.5-200.fc37.x86_64 #1
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
RIP: 0010:vbsf_inode_revalidate_worker+0x542/0x580 [vboxsf]
Code: cf fd ff ff b9 06 00 00 00 4c 89 fe 4c 89 14 24 48 c7 c2 e0 a8 a5 c0 48 c7 c7 90 a8 a5 c0 c6 05 04 a6 00 00 01 e8 42 4c 31 d7 <0f> 0b 4c 8b 14 24 e9 9e fd ff ff 83 f8 98 41 bb b9 ff ff ff b8 fe
RSP: 0018:ffffb046852bbb58 EFLAGS: 00010282
RAX: 0000000000000074 RBX: ffff986681154e00 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff9874a863 RDI: 00000000ffffffff
RBP: ffff9866874a0144 R08: 0000000000000000 R09: ffffb046852bb9f8
R10: 0000000000000003 R11: ffffffff99146488 R12: ffff98667f8b6f00
R13: ffff98668100d6c0 R14: ffff986682574c00 R15: 000000000000000e
FS:  00007f85aafd3c40(0000) GS:ffff98675bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056279ce6f718 CR3: 00000000011ce000 CR4: 00000000000506f0
Call Trace:
 <TASK>
 vbsf_dentry_revalidate+0x4f/0xb0 [vboxsf]
 lookup_fast+0x74/0xe0
 walk_component+0x1f/0x150
 path_lookupat+0x67/0x190
 filename_lookup+0xd3/0x1c0
 vfs_statx+0x8e/0x150
 do_statx+0x50/0x80
 __x64_sys_statx+0x62/0x80
 do_syscall_64+0x5b/0x80
 ? do_syscall_64+0x67/0x80
 ? fpregs_restore_userregs+0x12/0xe0
 ? exit_to_user_mode_prepare+0x18f/0x1f0
 ? syscall_exit_to_user_mode+0x17/0x40
 ? do_syscall_64+0x67/0x80
 ? do_syscall_64+0x67/0x80
 ? exc_page_fault+0x70/0x170
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f85ab16ca5e
Code: 83 0d 00 ba ff ff ff ff 64 c7 00 16 00 00 00 e9 a5 fd ff ff e8 d3 0f 02 00 0f 1f 00 f3 0f 1e fa 41 89 ca b8 4c 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2a 89 c1 85 c0 74 0f 48 8b 05 9d 83 0d 00 64
RSP: 002b:00007ffda585f578 EFLAGS: 00000246 ORIG_RAX: 000000000000014c
RAX: ffffffffffffffda RBX: 000056279ce5fee8 RCX: 00007f85ab16ca5e
RDX: 0000000000000900 RSI: 00007ffda585f6b0 RDI: 00000000ffffff9c
RBP: 000000000000025e R08: 00007ffda585f580 R09: 0000000000000020
R10: 000000000000025e R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 000056279ce5fed0 R15: 0000000000000000
 </TASK>
---[ end trace 0000000000000000 ]---

Change History (2)

by Srini8987, 23 months ago

Attachment: 21410_1.7z added

VBOX.log, guest dmesg

comment:1 by galitsyn, 23 months ago

Description: modified (diff)

Hi Srini8987,

Thank you for pointing out. I reproduced this issue with kernel 6.1.5-100.fc36 as well. This is currently looks like a false-positive to me when kernel is configured with CONFIG_FORTIFY_SOURCE=y. It will be fixed in one of the next maintenance release.

Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette