syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [557] 🐞 Fixed [64] 🐞 Invalid [206] ⬇ Missing Backports [39] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2024/03/17 | linux-6.1.y (ToT) | d7543167affd | C | [report] KASAN: use-after-free Read in ntfs_read_folio |
| 2023/05/05 | upstream (ToT) | 78b421b6a7c6 | C | [report] KASAN: use-after-free Read in ntfs_read_folio |
| 2024/03/17 | upstream (ToT) | 741e9d668aa5 | C | Didn't crash |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KASAN: use-after-free Read in ntfs_read_folio ntfs3 | C | error | done | 12 | 96d | 404d | 26/26 | fixed on 2024/03/20 11:33 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2024/03/20 17:24 | 1h40m | fix candidate | upstream | job log (0) | |
| 2023/10/02 23:43 | 11m | bisect fix | linux-6.1.y | error job log (0) | |
| 2023/07/11 09:09 | 2h10m | bisect fix | linux-6.1.y | job log (0) log | |
| 2023/06/06 19:38 | 33m | bisect fix | linux-6.1.y | job log (0) log | |
| 2023/04/17 10:25 | 57m | bisect fix | linux-6.1.y | job log (0) log |
loop0: detected capacity change from 0 to 190 ================================================================== BUG: KASAN: use-after-free in ntfs_read_folio+0x6c0/0x1d70 fs/ntfs/aops.c:489 Read of size 1 at addr ffff0000de1e717f by task syz-executor342/4312 CPU: 0 PID: 4312 Comm: syz-executor342 Not tainted 6.1.20-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x174/0x4c0 mm/kasan/report.c:395 kasan_report+0xd4/0x130 mm/kasan/report.c:495 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189 memcpy+0x48/0x90 mm/kasan/shadow.c:65 ntfs_read_folio+0x6c0/0x1d70 fs/ntfs/aops.c:489 filemap_read_folio+0x14c/0x39c mm/filemap.c:2407 do_read_cache_folio+0x24c/0x544 mm/filemap.c:3535 do_read_cache_page mm/filemap.c:3577 [inline] read_cache_page+0x6c/0x180 mm/filemap.c:3586 read_mapping_page include/linux/pagemap.h:756 [inline] ntfs_map_page fs/ntfs/aops.h:75 [inline] load_and_init_attrdef fs/ntfs/super.c:1609 [inline] load_system_files+0x1e34/0x4734 fs/ntfs/super.c:1817 ntfs_fill_super+0x14e0/0x2314 fs/ntfs/super.c:2892 mount_bdev+0x26c/0x368 fs/super.c:1414 ntfs_mount+0x44/0x58 fs/ntfs/super.c:3049 legacy_get_tree+0xd4/0x16c fs/fs_context.c:610 vfs_get_tree+0x90/0x274 fs/super.c:1544 do_new_mount+0x25c/0x8c8 fs/namespace.c:3040 path_mount+0x590/0xe58 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 The buggy address belongs to the physical page: page:0000000082148dbf refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11e1e7 flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000000000 fffffc00037df188 fffffc0003789048 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000de1e7000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000de1e7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff0000de1e7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff0000de1e7180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000de1e7200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ntfs: volume version 3.1. syz-executor342: attempt to access beyond end of device loop0: rw=0, sector=2072, nr_sectors = 8 limit=190 syz-executor342: attempt to access beyond end of device loop0: rw=0, sector=552, nr_sectors = 8 limit=190 syz-executor342: attempt to access beyond end of device loop0: rw=0, sector=224, nr_sectors = 8 limit=190
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023/03/18 10:25 | linux-6.1.y | 7eaef76fbc46 | 7939252e | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in ntfs_read_folio | |
| 2023/05/07 12:41 | linux-6.1.y | ca48fc16c493 | 90c93c40 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in ntfs_read_folio | |
| 2023/12/29 08:15 | linux-6.1.y | 4aa6747d9352 | fb427a07 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-6-1-kasan | KASAN: out-of-bounds Read in ntfs_read_folio | |
| 2023/12/29 07:55 | linux-6.1.y | 4aa6747d9352 | fb427a07 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in ntfs_read_folio | ||
| 2023/08/05 21:38 | linux-6.1.y | 52a953d0934b | 4ffcc9ef | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Write in ntfs_read_folio |