syzbot


KASAN: wild-memory-access Read in hfsplus_bnode_read_u16

Status: upstream: reported C repro on 2023/06/21 04:00
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+9947d6d413633b3877d2@syzkaller.appspotmail.com
First crash: 258d, last: 68d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: wild-memory-access Read in hfsplus_bnode_read (log)
Repro: C syz .config
  
Fix bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [hfs?] KASAN: wild-memory-access Read in hfsplus_bnode_read_u16 0 (1) 2023/06/21 04:00
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/02/11 09:30 20m retest repro upstream OK log
2023/12/23 16:40 10m retest repro upstream report log
Fix bisection attempts (5)
Created Duration User Patch Repo Result
2024/01/23 12:19 1h09m bisect fix upstream error job log (0)
2023/12/03 05:31 1h54m bisect fix upstream job log (0) log
2023/10/31 14:50 2h10m bisect fix upstream job log (0) log
2023/09/30 04:56 2h14m bisect fix upstream job log (0) log
2023/07/24 11:41 2h37m bisect fix upstream job log (0) log
Cause bisection attempts (2)
Created Duration User Patch Repo Result
2023/09/18 13:50 4h53m bisect upstream job log (0) log
2023/06/21 02:41 6h05m bisect upstream error job log (0)
marked invalid by nogikh@google.com

Sample crash report:
==================================================================
BUG: KASAN: wild-memory-access in memcpy_from_page include/linux/highmem.h:417 [inline]
BUG: KASAN: wild-memory-access in hfsplus_bnode_read fs/hfsplus/bnode.c:32 [inline]
BUG: KASAN: wild-memory-access in hfsplus_bnode_read_u16+0x146/0x2c0 fs/hfsplus/bnode.c:45
Read of size 1 at addr 000508800000103f by task kworker/u4:0/11

CPU: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.7.0-rc4-syzkaller-00358-gf2e8a57ee903 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 print_report+0xe6/0x540 mm/kasan/report.c:478
 kasan_report+0x142/0x170 mm/kasan/report.c:588
 kasan_check_range+0x27e/0x290 mm/kasan/generic.c:187
 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
 memcpy_from_page include/linux/highmem.h:417 [inline]
 hfsplus_bnode_read fs/hfsplus/bnode.c:32 [inline]
 hfsplus_bnode_read_u16+0x146/0x2c0 fs/hfsplus/bnode.c:45
 hfsplus_bnode_find+0x769/0x10c0 fs/hfsplus/bnode.c:522
 hfsplus_btree_write+0x24/0x4c0 fs/hfsplus/btree.c:289
 hfsplus_system_write_inode fs/hfsplus/super.c:136 [inline]
 hfsplus_write_inode+0x4c0/0x5e0 fs/hfsplus/super.c:162
 write_inode fs/fs-writeback.c:1473 [inline]
 __writeback_single_inode+0x69b/0xfc0 fs/fs-writeback.c:1690
 writeback_sb_inodes+0x8e3/0x1220 fs/fs-writeback.c:1916
 wb_writeback+0x44d/0xc70 fs/fs-writeback.c:2092
 wb_do_writeback fs/fs-writeback.c:2239 [inline]
 wb_workfn+0x400/0xfb0 fs/fs-writeback.c:2279
 process_one_work kernel/workqueue.c:2627 [inline]
 process_scheduled_works+0x90f/0x1420 kernel/workqueue.c:2700
 worker_thread+0xa5f/0x1000 kernel/workqueue.c:2781
 kthread+0x2d3/0x370 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
 </TASK>
==================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/09 16:34 upstream f2e8a57ee903 28b24332 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: wild-memory-access Read in hfsplus_bnode_read_u16
2023/06/17 03:47 upstream 40f71e7cd3c6 f3921d4d .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root KASAN: wild-memory-access Read in hfsplus_bnode_read_u16
2023/12/09 15:58 upstream f2e8a57ee903 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: wild-memory-access Read in hfsplus_bnode_read_u16
* Struck through repros no longer work on HEAD.