syzbot

 sign-in | mailing list | source | docs
🐞 Open [779]
🐞 Fixed [131]
🐞 Invalid [869]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: out-of-bounds Read in leaf_cut_from_buffer

Status: upstream: reported syz repro on 2025/09/09 04:24
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+1c3471ca884324367a2a@syzkaller.appspotmail.com
First crash: 4d01h, last: 9h01m
Bug presence (2)
Date Name Commit Repro Result
2025/09/12 linux-6.1.y (ToT) 3db754f56897 syz [report] KASAN: out-of-bounds Read in leaf_cut_from_buffer
2025/09/12 upstream (ToT) 22f20375f5b7 syz Didn't crash
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 KASAN: out-of-bounds Read in leaf_cut_from_buffer 17 1 311d 311d 0/3 auto-obsoleted due to no activity on 2025/02/13 08:50

Sample crash report:
REISERFS (device loop5): Using tea hash to sort names
REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 1)
==================================================================
BUG: KASAN: out-of-bounds in leaf_cut_from_buffer+0x1546/0x2600 fs/reiserfs/lbalance.c:1210
Read of size 18446744073709548112 at addr ffff888054041000 by task syz.5.177/5370

CPU: 1 PID: 5370 Comm: syz.5.177 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:316 [inline]
 print_report+0xa8/0x210 mm/kasan/report.c:420
 kasan_report+0x10b/0x140 mm/kasan/report.c:524
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x27b/0x290 mm/kasan/generic.c:189
 memmove+0x25/0x60 mm/kasan/shadow.c:54
 leaf_cut_from_buffer+0x1546/0x2600 fs/reiserfs/lbalance.c:1210
 leaf_move_items+0xaab/0xde0 fs/reiserfs/lbalance.c:729
 leaf_shift_right+0x2a/0xe0 fs/reiserfs/lbalance.c:803
 balance_leaf_paste_right_shift fs/reiserfs/do_balan.c:789 [inline]
 balance_leaf_paste_right fs/reiserfs/do_balan.c:897 [inline]
 balance_leaf_right fs/reiserfs/do_balan.c:916 [inline]
 balance_leaf+0xb4cb/0x10e60 fs/reiserfs/do_balan.c:1415
 do_balance+0x2fa/0x930 fs/reiserfs/do_balan.c:1888
 reiserfs_paste_into_item+0x69b/0x7e0 fs/reiserfs/stree.c:2159
 reiserfs_get_block+0x1bdc/0x3ef0 fs/reiserfs/inode.c:1069
 __block_write_begin_int+0x54b/0x1a70 fs/buffer.c:1991

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/09 13:56 linux-6.1.y 28c695c365e1 d291dd2d .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan KASAN: out-of-bounds Read in leaf_cut_from_buffer
2025/09/09 05:33 linux-6.1.y 28c695c365e1 d291dd2d .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan KASAN: out-of-bounds Read in leaf_cut_from_buffer
2025/09/09 04:23 linux-6.1.y 28c695c365e1 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan KASAN: out-of-bounds Read in leaf_cut_from_buffer
* Struck through repros no longer work on HEAD.