syzbot

 sign-in | mailing list | source | docs
🐞 Open [674]
🐞 Fixed [67]
🐞 Invalid [821]
Missing Backports [96]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write (2)

Status: upstream: reported C repro on 2024/01/13 21:08
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+43147f1cd55d15dfbf7d@syzkaller.appspotmail.com
First crash: 439d, last: 2h27m
Discussions (1)
Title Replies (including bot) Last reply
Follow-up on Linux Kernel Vulnerability [v5.15] KASAN-stack-out-of-bounds-Read in gfs2_file_buffered_write 1 (1) 2024/11/26 12:08
Bug presence (1)
Date Name Commit Repro Result
2024/04/12 upstream (ToT) 586b5dfb51b9 C [report] WARNING in __folio_mark_dirty
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write 412 514d 714d 0/3 auto-obsoleted due to no activity on 2024/01/09 18:18

Sample crash report:
gfs2: fsid=syz:syz.0: first mount done, others may mount
==================================================================
BUG: KASAN: stack-out-of-bounds in should_fault_in_pages fs/gfs2/file.c:785 [inline]
BUG: KASAN: stack-out-of-bounds in gfs2_file_buffered_write+0x4c8/0x874 fs/gfs2/file.c:1070
Read of size 8 at addr ffff80001d1a6fb0 by task syz-executor816/4021

CPU: 1 PID: 4021 Comm: syz-executor816 Not tainted 5.15.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0x174/0x1e4 mm/kasan/report.c:451
 __asan_report_load8_noabort+0x44/0x50 mm/kasan/report_generic.c:309
 should_fault_in_pages fs/gfs2/file.c:785 [inline]
 gfs2_file_buffered_write+0x4c8/0x874 fs/gfs2/file.c:1070
 gfs2_file_write_iter+0x3b8/0xc80 fs/gfs2/file.c:1166
 __kernel_write+0x488/0x8b8 fs/read_write.c:539
 __dump_emit+0x200/0x338 fs/coredump.c:875
 dump_emit+0x288/0x36c fs/coredump.c:912
 elf_core_dump+0x2598/0x3640 fs/binfmt_elf.c:2237
 do_coredump+0x12c8/0x2890 fs/coredump.c:826
 get_signal+0x3dc/0x1550 kernel/signal.c:2886
 do_signal arch/arm64/kernel/signal.c:890 [inline]
 do_notify_resume+0x320/0x32b8 arch/arm64/kernel/signal.c:943
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 el0_da+0x118/0x20c arch/arm64/kernel/entry-common.c:495
 el0t_64_sync_handler+0xc0/0xe4 arch/arm64/kernel/entry-common.c:629
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584


addr ffff80001d1a6fb0 is located in stack of task syz-executor816/4021 at offset 48 in frame:
 new_sync_read fs/read_write.c:405 [inline]
 __kernel_write+0x0/0x8b8 fs/read_write.c:485

this frame has 3 objects:
 [32, 48) 'iov'
 [64, 112) 'kiocb'
 [144, 184) 'iter'

Memory state around the buggy address:
 ffff80001d1a6e80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
 ffff80001d1a6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff80001d1a6f80: f1 f1 f1 f1 00 00 f2 f2 00 00 00 00 00 00 f2 f2
                                     ^
 ffff80001d1a7000: f2 f2 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
 ffff80001d1a7080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (5876):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/14 23:35 linux-5.15.y 0c935c049b5c e2826670 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (clean fs)] [mounted in repro #2] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2024/07/14 02:02 linux-5.15.y f45bea23c39c eaeb5c15 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2024/04/12 10:00 linux-5.15.y cdfd0a7f0139 27de0a5c .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/25 01:02 linux-5.15.y 0c935c049b5c 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/22 02:33 linux-5.15.y 0c935c049b5c c6512ef7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/21 09:39 linux-5.15.y 0c935c049b5c 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/17 04:25 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/16 22:56 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/16 05:15 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/16 00:52 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/09 23:25 linux-5.15.y c16c81c81336 163f510d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/07 12:42 linux-5.15.y c16c81c81336 831e3629 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2024/01/13 21:08 linux-5.15.y 26c690eff0a5 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/28 14:38 linux-5.15.y 0c935c049b5c 6c09fb82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/28 10:09 linux-5.15.y 0c935c049b5c 6c09fb82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/28 03:38 linux-5.15.y 0c935c049b5c 6c09fb82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/27 21:45 linux-5.15.y 0c935c049b5c 6c09fb82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/27 07:30 linux-5.15.y 0c935c049b5c 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/23 00:20 linux-5.15.y 0c935c049b5c c6512ef7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/22 20:47 linux-5.15.y 0c935c049b5c c6512ef7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/22 16:27 linux-5.15.y 0c935c049b5c c6512ef7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/21 15:23 linux-5.15.y 0c935c049b5c 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/21 11:34 linux-5.15.y 0c935c049b5c 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/18 08:54 linux-5.15.y 0c935c049b5c ce3352cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/17 01:49 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/17 00:28 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/16 20:09 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/16 18:34 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/16 08:18 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/16 06:17 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/15 20:44 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/15 17:01 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/15 15:48 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/15 12:36 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/15 08:49 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/15 03:11 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/14 21:04 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/14 19:37 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/14 18:19 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/14 16:18 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/14 14:30 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/14 09:00 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/14 05:54 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/12 06:44 linux-5.15.y c16c81c81336 ee70e6db .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/10 21:46 linux-5.15.y c16c81c81336 16256247 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/08 22:03 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/08 21:14 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/08 14:23 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/08 08:03 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/08 03:13 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: stack-out-of-bounds Read in gfs2_file_buffered_write
2025/03/08 17:51 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: slab-out-of-bounds Read in gfs2_file_buffered_write
* Struck through repros no longer work on HEAD.