syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: wild-memory-access Read in hfsplus_bnode_read_u16

Status: upstream: reported C repro on 2023/06/21 04:00
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+9947d6d413633b3877d2@syzkaller.appspotmail.com
First crash: 315d, last: 32d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: wild-memory-access Read in hfsplus_bnode_read (log)
Repro: C syz .config
  
Fix bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [hfs?] KASAN: wild-memory-access Read in hfsplus_bnode_read_u16 0 (1) 2023/06/21 04:00
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/04/10 07:18 26m retest repro upstream error OK
2024/04/08 20:01 19m retest repro upstream error OK
2024/02/11 09:30 20m retest repro upstream OK log
2023/12/23 16:40 10m retest repro upstream report log
Fix bisection attempts (5)
Created Duration User Patch Repo Result
2024/01/23 12:19 1h09m bisect fix upstream error job log (0)
2023/12/03 05:31 1h54m bisect fix upstream job log (0) log
2023/10/31 14:50 2h10m bisect fix upstream job log (0) log
2023/09/30 04:56 2h14m bisect fix upstream job log (0) log
2023/07/24 11:41 2h37m bisect fix upstream job log (0) log
Cause bisection attempts (2)
Created Duration User Patch Repo Result
2023/09/18 13:50 4h53m bisect upstream job log (0) log
2023/06/21 02:41 6h05m bisect upstream error job log (0)
marked invalid by nogikh@google.com

Sample crash report:
==================================================================
BUG: KASAN: wild-memory-access in memcpy_from_page include/linux/highmem.h:417 [inline]
BUG: KASAN: wild-memory-access in hfsplus_bnode_read fs/hfsplus/bnode.c:32 [inline]
BUG: KASAN: wild-memory-access in hfsplus_bnode_read_u16+0x146/0x2c0 fs/hfsplus/bnode.c:45
Read of size 1 at addr 000508800000103f by task kworker/u8:4/61

CPU: 0 PID: 61 Comm: kworker/u8:4 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 print_report+0xe8/0x550 mm/kasan/report.c:491
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
 memcpy_from_page include/linux/highmem.h:417 [inline]
 hfsplus_bnode_read fs/hfsplus/bnode.c:32 [inline]
 hfsplus_bnode_read_u16+0x146/0x2c0 fs/hfsplus/bnode.c:45
 hfsplus_bnode_find+0x76d/0x10c0 fs/hfsplus/bnode.c:522
 hfsplus_btree_write+0x24/0x4c0 fs/hfsplus/btree.c:289
 hfsplus_system_write_inode fs/hfsplus/super.c:136 [inline]
 hfsplus_write_inode+0x4c4/0x5e0 fs/hfsplus/super.c:162
 write_inode fs/fs-writeback.c:1498 [inline]
 __writeback_single_inode+0x6a1/0xfd0 fs/fs-writeback.c:1715
 writeback_sb_inodes+0x8e4/0x1220 fs/fs-writeback.c:1941
 wb_writeback+0x447/0xc70 fs/fs-writeback.c:2117
 wb_do_writeback fs/fs-writeback.c:2264 [inline]
 wb_workfn+0x400/0x1070 fs/fs-writeback.c:2304
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa02/0x1770 kernel/workqueue.c:3335
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
 kthread+0x2f2/0x390 kernel/kthread.c:388
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
 </TASK>
==================================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/25 19:46 upstream fe46a7dd189e 0ea90952 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root KASAN: wild-memory-access Read in hfsplus_bnode_read_u16
2023/12/09 16:34 upstream f2e8a57ee903 28b24332 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: wild-memory-access Read in hfsplus_bnode_read_u16
2023/06/17 03:47 upstream 40f71e7cd3c6 f3921d4d .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root KASAN: wild-memory-access Read in hfsplus_bnode_read_u16
2023/12/09 15:58 upstream f2e8a57ee903 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: wild-memory-access Read in hfsplus_bnode_read_u16
* Struck through repros no longer work on HEAD.