KASAN: use-after-free Read in ntfs_read

Date	Name	Commit	Repro	Result
2024/03/17	linux-6.1.y (ToT)	d7543167affd	C	[report] KASAN: use-after-free Read in ntfs_read_folio
2023/05/05	upstream (ToT)	78b421b6a7c6	C	[report] KASAN: use-after-free Read in ntfs_read_folio
2024/03/17	upstream (ToT)	741e9d668aa5	C	Didn't crash

Date

Name

Commit

Repro

Result

2024/03/17

linux-6.1.y (ToT)

d7543167affd

[report] KASAN: use-after-free Read in ntfs_read_folio

2023/05/05

upstream (ToT)

78b421b6a7c6

[report] KASAN: use-after-free Read in ntfs_read_folio

2024/03/17

upstream (ToT)

741e9d668aa5

Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in ntfs_read_folio ntfs3	C	error	done	12	509d	817d	25/28	fixed on 2024/03/20 11:33

upstream

KASAN: use-after-free Read in ntfs_read_folio ntfs3

error

done

509d

817d

25/28

fixed on 2024/03/20 11:33


Created	Duration	User	Repo	Result
2024/10/15 01:05	0m	bisect fix	linux-6.1.y	error job log
2024/09/07 15:57	1h34m	bisect fix	linux-6.1.y	OK (0) job log log
2024/03/20 17:24	1h40m	fix candidate	upstream	OK (0) job log
2023/10/02 23:43	11m	bisect fix	linux-6.1.y	error job log
2023/07/11 09:09	2h10m	bisect fix	linux-6.1.y	OK (0) job log log marked invalid by web-security-scanner@google.com
2023/06/06 19:38	33m	bisect fix	linux-6.1.y	OK (0) job log log
2023/04/17 10:25	57m	bisect fix	linux-6.1.y	OK (0) job log log

ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. ================================================================== BUG: KASAN: use-after-free in ntfs_read_folio+0x6a8/0x1d40 fs/ntfs/aops.c:489 Read of size 285212680 at addr ffff0000e3164a9a by task syz-executor114/4294 CPU: 1 PID: 4294 Comm: syz-executor114 Not tainted 6.1.140-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack+0x30/0x40 lib/dump_stack.c:88 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106 print_address_description+0x88/0x220 mm/kasan/report.c:316 print_report+0x50/0x68 mm/kasan/report.c:427 kasan_report+0xa8/0x100 mm/kasan/report.c:531 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x260/0x2a0 mm/kasan/generic.c:189 memcpy+0x48/0x90 mm/kasan/shadow.c:65 ntfs_read_folio+0x6a8/0x1d40 fs/ntfs/aops.c:489 filemap_read_folio+0x130/0x37c mm/filemap.c:2490 do_read_cache_folio+0x24c/0x544 mm/filemap.c:3627 do_read_cache_page mm/filemap.c:3669 [inline] read_cache_page+0x6c/0x184 mm/filemap.c:3678 read_mapping_page include/linux/pagemap.h:791 [inline] ntfs_map_page fs/ntfs/aops.h:75 [inline] ntfs_readdir+0x544/0x2b88 fs/ntfs/dir.c:1243 iterate_dir+0x1f0/0x4cc fs/readdir.c:-1 __do_sys_getdents64 fs/readdir.c:369 [inline] __se_sys_getdents64 fs/readdir.c:354 [inline] __arm64_sys_getdents64+0x11c/0x318 fs/readdir.c:354 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 The buggy address belongs to the physical page: page:0000000087937fe0 refcount:3 mapcount:0 mapping:00000000e6697c65 index:0x2 pfn:0x123164 memcg:ffff0000c0940000 aops:ntfs_mst_aops ino:0 flags: 0x5ffd60000002056(referenced|uptodate|lru|workingset|private|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffd60000002056 fffffc00038c4d48 fffffc00039094c8 ffff0000e1f48548 raw: 0000000000000002 ffff0000e1e232b8 00000003ffffffff ffff0000c0940000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000e3175f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000e3175f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000e3176000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff0000e3176080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000e3176100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================

Crashes (8):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/05/27 07:47	linux-6.1.y	da3c5173c55f	874a1386	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	KASAN: use-after-free Read in ntfs_read_folio
2024/05/13 10:08	linux-6.1.y	909ba1f1b414	9026e142	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	KASAN: use-after-free Read in ntfs_read_folio
2023/03/18 10:25	linux-6.1.y	7eaef76fbc46	7939252e	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	KASAN: use-after-free Read in ntfs_read_folio
2023/05/07 12:41	linux-6.1.y	ca48fc16c493	90c93c40	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan	KASAN: use-after-free Read in ntfs_read_folio
2023/12/29 08:15	linux-6.1.y	4aa6747d9352	fb427a07	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan	KASAN: out-of-bounds Read in ntfs_read_folio
2023/12/29 07:55	linux-6.1.y	4aa6747d9352	fb427a07	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	KASAN: use-after-free Read in ntfs_read_folio
2024/05/13 09:53	linux-6.1.y	909ba1f1b414	9026e142	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	KASAN: use-after-free Read in ntfs_read_folio
2023/08/05 21:38	linux-6.1.y	52a953d0934b	4ffcc9ef	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	KASAN: use-after-free Write in ntfs_read_folio

Crashes (8):

Assets (help?)