syzbot

 sign-in | mailing list | source | docs
🐞 Open [822]
🐞 Fixed [84]
🐞 Invalid [1066]
Missing Backports [127]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress

Status: upstream: reported C repro on 2025/02/25 19:01
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+97e2bfc681254dbac9d6@syzkaller.appspotmail.com
First crash: 242d, last: 8h30m
Bug presence (2)
Date Name Commit Repro Result
2025/06/06 linux-5.15.y (ToT) 1c700860e8bc C [report] KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/06 upstream (ToT) e271ed52b344 C Didn't crash
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in z_erofs_lz4_decompress erofs 7 1 812d 812d 0/29 auto-obsoleted due to no activity on 2023/11/03 19:44
upstream KMSAN: uninit-value in z_erofs_lz4_decompress (3) erofs 7 C 16 626d 632d 0/29 closed as dup on 2024/03/19 10:34
upstream KMSAN: uninit-value in z_erofs_lz4_decompress (2) erofs 7 C 33 636d 668d 25/29 fixed on 2024/01/30 15:47
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net 23 C 138977 974d 1327d 22/29 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm 23 C 21180 870d 965d 22/29 fixed on 2023/06/08 14:41
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/07/05 01:41 14m retest repro linux-5.15.y report log
2025/07/05 01:41 11m retest repro linux-5.15.y report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/07/20 21:06 2h49m fix candidate upstream OK (0) job log

Sample crash report:
erofs: (device loop0): z_erofs_readahead: readahead error at page 47 @ nid 36
erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
erofs: (device loop0): z_erofs_readahead: readahead error at page 46 @ nid 36
attempt to access beyond end of device
loop0: rw=524288, want=32, limit=16
erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -29 in[58, 4038] out[3537]
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in hex_dump_to_buffer+0x3c0/0xd50 lib/hexdump.c:193
Read of size 1 at addr ffffc900012b7000 by task syz.0.17/4431

CPU: 0 PID: 4431 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 print_address_description+0x60/0x2d0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0xdf/0x130 mm/kasan/report.c:451
 hex_dump_to_buffer+0x3c0/0xd50 lib/hexdump.c:193
 print_hex_dump+0x136/0x260 lib/hexdump.c:276
 z_erofs_lz4_decompress+0xc7f/0x1180 fs/erofs/decompressor.c:243
 z_erofs_decompress_generic fs/erofs/decompressor.c:332 [inline]
 z_erofs_decompress+0x767/0xde0 fs/erofs/decompressor.c:410
 z_erofs_decompress_pcluster fs/erofs/zdata.c:980 [inline]
 z_erofs_decompress_queue+0x11a6/0x1990 fs/erofs/zdata.c:1058
 z_erofs_runqueue+0x164c/0x1890 fs/erofs/zdata.c:1370
 z_erofs_readahead+0xb81/0x10c0 fs/erofs/zdata.c:1459
 read_pages+0x165/0x920 mm/readahead.c:130
 page_cache_ra_unbounded+0x830/0x930 mm/readahead.c:239
 do_page_cache_ra mm/readahead.c:269 [inline]
 force_page_cache_ra+0x3e5/0x440 mm/readahead.c:301
 force_page_cache_readahead mm/internal.h:78 [inline]
 generic_fadvise+0x520/0x7d0 mm/fadvise.c:107
 vfs_fadvise mm/fadvise.c:186 [inline]
 ksys_fadvise64_64 mm/fadvise.c:200 [inline]
 __do_sys_fadvise64 mm/fadvise.c:215 [inline]
 __se_sys_fadvise64 mm/fadvise.c:213 [inline]
 __x64_sys_fadvise64+0x139/0x180 mm/fadvise.c:213
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f5016cefba9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffb95ebcb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
RAX: ffffffffffffffda RBX: 00007f5016f36fa0 RCX: 00007f5016cefba9
RDX: 0000000000020000 RSI: 000000000000fcff RDI: 0000000000000004
RBP: 00007f5016d72e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5016f36fa0 R14: 00007f5016f36fa0 R15: 0000000000000004
 </TASK>


Memory state around the buggy address:
 ffffc900012b6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc900012b6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc900012b7000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc900012b7080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc900012b7100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (596):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/15 05:35 linux-5.15.y 43bb85222e53 e2beed91 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/06 01:31 linux-5.15.y 1c700860e8bc 6b6b5f21 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/02/25 19:59 linux-5.15.y c16c81c81336 d34966d1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/02/25 19:21 linux-5.15.y c16c81c81336 d34966d1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/26 01:57 linux-5.15.y ac56c046adf4 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/25 23:35 linux-5.15.y ac56c046adf4 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/23 15:43 linux-5.15.y ac56c046adf4 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/23 02:27 linux-5.15.y ac56c046adf4 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/23 01:21 linux-5.15.y ac56c046adf4 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/19 03:14 linux-5.15.y 29e53a5b1c4f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/06 06:11 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/04 23:32 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/04 09:56 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/03 20:40 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/03 15:51 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/03 15:51 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/02 22:10 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/10/01 00:49 linux-5.15.y 43bb85222e53 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/29 00:22 linux-5.15.y 43bb85222e53 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/28 18:56 linux-5.15.y 43bb85222e53 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/25 22:01 linux-5.15.y 43bb85222e53 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/25 15:10 linux-5.15.y 43bb85222e53 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/25 07:09 linux-5.15.y 43bb85222e53 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/24 20:57 linux-5.15.y 43bb85222e53 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/24 17:02 linux-5.15.y 43bb85222e53 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/21 11:32 linux-5.15.y 43bb85222e53 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/20 07:52 linux-5.15.y 43bb85222e53 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/19 23:56 linux-5.15.y 43bb85222e53 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/18 17:34 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/17 08:00 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/16 18:39 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/16 07:10 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/16 05:55 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/15 04:31 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/12 14:57 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/12 03:35 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/11 13:03 linux-5.15.y de9476bb4f1b fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/11 12:59 linux-5.15.y de9476bb4f1b fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/11 10:47 linux-5.15.y de9476bb4f1b fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/11 09:39 linux-5.15.y de9476bb4f1b fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/11 03:34 linux-5.15.y de9476bb4f1b fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/09 11:29 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/08 17:59 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/06 16:36 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/06 10:22 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/06 09:23 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/05 21:12 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/05 18:59 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/09/05 13:49 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/08/26 14:11 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/02/25 19:01 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
* Struck through repros no longer work on HEAD.