syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| upstream | KASAN: use-after-free Read in do_garbage_collect f2fs | 19 | C | inconclusive | 2 | 974d | 974d | 22/29 | fixed on 2023/02/24 13:50 | |
| android-5-15 | KASAN: use-after-free Read in do_garbage_collect | 19 | C | error | 2 | 836d | 998d | 2/2 | fixed on 2023/04/04 21:07 |
================================================================== BUG: KASAN: use-after-free in data_blkaddr fs/f2fs/f2fs.h:2699 [inline] BUG: KASAN: use-after-free in is_alive fs/f2fs/gc.c:1030 [inline] BUG: KASAN: use-after-free in gc_data_segment fs/f2fs/gc.c:1448 [inline] BUG: KASAN: use-after-free in do_garbage_collect+0x5b28/0x7160 fs/f2fs/gc.c:1653 Read of size 4 at addr ffff8881dcc45568 by task kworker/u4:2/172 CPU: 0 PID: 172 Comm: kworker/u4:2 Not tainted 5.4.210-syzkaller-00003-g5a34019eb955 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18e/0x1d5 lib/dump_stack.c:118 print_address_description+0x8c/0x630 mm/kasan/report.c:384 __kasan_report+0xf6/0x130 mm/kasan/report.c:516 kasan_report+0x30/0x60 mm/kasan/common.c:653 data_blkaddr fs/f2fs/f2fs.h:2699 [inline] is_alive fs/f2fs/gc.c:1030 [inline] gc_data_segment fs/f2fs/gc.c:1448 [inline] do_garbage_collect+0x5b28/0x7160 fs/f2fs/gc.c:1653 f2fs_gc+0x872/0x17f0 fs/f2fs/gc.c:1745 f2fs_balance_fs+0x2c2/0x340 fs/f2fs/segment.c:528 f2fs_write_inode+0x694/0x730 fs/f2fs/inode.c:722 write_inode+0xf1/0x360 fs/fs-writeback.c:1326 __writeback_single_inode+0x3bf/0x840 fs/fs-writeback.c:1524 writeback_sb_inodes+0x9a9/0x19d0 fs/fs-writeback.c:1730 wb_writeback+0x3c2/0xc20 fs/fs-writeback.c:1905 wb_do_writeback+0x181/0xaf0 fs/fs-writeback.c:2050 wb_workfn+0xf8/0x450 fs/fs-writeback.c:2091 process_one_work+0x6ca/0xc40 kernel/workqueue.c:2287 worker_thread+0xae0/0x1440 kernel/workqueue.c:2433 kthread+0x2d8/0x360 kernel/kthread.c:288 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352 The buggy address belongs to the page: page:ffffea0007731140 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x8000000000000000() raw: 8000000000000000 ffffea0007731188 ffffea0007731108 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff8881dcc45400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881dcc45480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8881dcc45500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8881dcc45580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881dcc45600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2022/11/13 10:40 | android12-5.4 | 5a34019eb955 | f42ee5d8 | .config | strace log | report | syz | C | [mounted in repro] | ci2-android-5-4-kasan | KASAN: use-after-free Read in do_garbage_collect | |
| 2022/10/20 17:08 | android12-5.4 | ff63a5f5cdf6 | b31320fc | .config | strace log | report | syz | C | [disk image] [vmlinux] [mounted in repro] | ci2-android-5-4-kasan | KASAN: use-after-free Read in do_garbage_collect | |
| 2022/11/05 18:12 | android12-5.4 | d87b38e6be0f | 6d752409 | .config | console log | report | info | ci2-android-5-4-kasan | KASAN: use-after-free Read in do_garbage_collect | |||
| 2022/11/19 13:19 | android12-5.4 | e9f865cb240f | 5bb70014 | .config | console log | report | info | ci2-android-5-4-kasan | KASAN: slab-out-of-bounds Read in do_garbage_collect |