Title | Replies (including bot) | Last reply |
---|---|---|
[syzbot] [mm?] [hfs?] KASAN: slab-out-of-bounds Write in shmem_file_read_iter | 0 (2) | 2024/12/06 14:16 |
syzbot |
sign-in | mailing list | source | docs |
Title | Replies (including bot) | Last reply |
---|---|---|
[syzbot] [mm?] [hfs?] KASAN: slab-out-of-bounds Write in shmem_file_read_iter | 0 (2) | 2024/12/06 14:16 |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2024/11/27 23:00 | 23m | retest repro | upstream | OK log | |
2024/11/01 10:02 | 20m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | report log | |
2024/09/18 22:11 | 15m | retest repro | upstream | report log | |
2024/07/10 18:43 | 2h58m | retest repro | upstream | report log | |
2024/04/27 16:23 | 16m | retest repro | upstream | report log | |
2024/04/25 09:21 | 16m | retest repro | upstream | report log | |
2024/03/04 03:45 | 26m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | OK log | |
2023/12/24 22:19 | 17m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | report log |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2024/12/06 08:11 | 6h04m | bisect fix | upstream | OK (1) job log | |
2024/10/04 11:04 | 2h26m | bisect fix | upstream | OK (0) job log log | |
2024/08/30 22:30 | 2h31m | bisect fix | upstream | OK (0) job log log | |
2024/07/31 12:08 | 1h48m | bisect fix | upstream | OK (0) job log log | |
2024/06/23 14:24 | 5h30m | bisect fix | upstream | OK (0) job log log |
================================================================== BUG: KASAN: slab-out-of-bounds in memcpy_to_iter lib/iov_iter.c:65 [inline] BUG: KASAN: slab-out-of-bounds in iterate_bvec include/linux/iov_iter.h:123 [inline] BUG: KASAN: slab-out-of-bounds in iterate_and_advance2 include/linux/iov_iter.h:304 [inline] BUG: KASAN: slab-out-of-bounds in iterate_and_advance include/linux/iov_iter.h:328 [inline] BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0x81c/0x1860 lib/iov_iter.c:185 Write of size 2048 at addr ffff0000c5924000 by task kworker/u8:4/167 CPU: 1 UID: 0 PID: 167 Comm: kworker/u8:4 Tainted: G W 6.12.0-rc3-syzkaller-gc7e6f5e2fb8d #0 Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: loop0 loop_rootcg_workfn Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:484 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x198/0x538 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 kasan_check_range+0x268/0x2a8 mm/kasan/generic.c:189 __asan_memcpy+0x54/0x84 mm/kasan/shadow.c:106 memcpy_to_iter lib/iov_iter.c:65 [inline] iterate_bvec include/linux/iov_iter.h:123 [inline] iterate_and_advance2 include/linux/iov_iter.h:304 [inline] iterate_and_advance include/linux/iov_iter.h:328 [inline] _copy_to_iter+0x81c/0x1860 lib/iov_iter.c:185 copy_page_to_iter+0x204/0x2fc lib/iov_iter.c:362 shmem_file_read_iter+0x4a4/0x9e0 mm/shmem.c:3167 do_iter_readv_writev+0x490/0x6d4 vfs_iter_read+0x138/0x3bc fs/read_write.c:923 lo_read_simple drivers/block/loop.c:283 [inline] do_req_filebacked drivers/block/loop.c:516 [inline] loop_handle_cmd drivers/block/loop.c:1910 [inline] loop_process_work+0xc3c/0x1fe8 drivers/block/loop.c:1945 loop_rootcg_workfn+0x28/0x38 drivers/block/loop.c:1976 process_one_work+0x7bc/0x1600 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x97c/0xeec kernel/workqueue.c:3391 kthread+0x288/0x310 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 Allocated by task 13249: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:565 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:257 [inline] __do_kmalloc_node mm/slub.c:4264 [inline] __kmalloc_noprof+0x2a4/0x49c mm/slub.c:4276 kmalloc_noprof include/linux/slab.h:882 [inline] hfsplus_read_wrapper+0x38c/0xf6c fs/hfsplus/wrapper.c:182 hfsplus_fill_super+0x2f0/0x166c fs/hfsplus/super.c:419 mount_bdev+0x1d4/0x2a0 fs/super.c:1679 hfsplus_mount+0x44/0x58 fs/hfsplus/super.c:647 legacy_get_tree+0xd4/0x16c fs/fs_context.c:662 vfs_get_tree+0x90/0x28c fs/super.c:1800 do_new_mount+0x278/0x900 fs/namespace.c:3507 path_mount+0x590/0xe04 fs/namespace.c:3834 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4055 [inline] __se_sys_mount fs/namespace.c:4032 [inline] __arm64_sys_mount+0x45c/0x5a8 fs/namespace.c:4032 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 The buggy address belongs to the object at ffff0000c5924000 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 0 bytes inside of allocated 512-byte region [ffff0000c5924000, ffff0000c5924200) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105924 head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 ksm flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) page_type: f5(slab) raw: 05ffc00000000040 ffff0000c0001c80 fffffdffc343a800 dead000000000003 raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 head: 05ffc00000000040 ffff0000c0001c80 fffffdffc343a800 dead000000000003 head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 head: 05ffc00000000002 fffffdffc3164901 ffffffffffffffff 0000000000000000 head: ffff000000000004 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000c5924100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000c5924180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000c5924200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff0000c5924280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000c5924300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2024/10/18 07:47 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | c7e6f5e2fb8d | 666f77ed | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | KASAN: slab-out-of-bounds Write in shmem_file_read_iter | |
2023/12/10 19:26 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | d46efae31672 | 28b24332 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | KASAN: slab-out-of-bounds Write in shmem_file_read_iter | |
2024/03/22 21:16 | upstream | fe46a7dd189e | 7a239ce7 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-smack-root | KASAN: slab-out-of-bounds Write in shmem_file_read_iter | |
2024/03/17 00:02 | upstream | fe46a7dd189e | d615901c | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-root | KASAN: slab-out-of-bounds Write in shmem_file_read_iter |