KASAN: use-after-free Read in generic_perform

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	KASAN: slab-out-of-bounds Read in generic_perform_write origin:upstream	C			13	15d	215d	0/3	upstream: reported C repro on 2023/09/17 14:11
upstream	KASAN: slab-out-of-bounds Read in generic_perform_write hfs mm	C	inconclusive		10207	3d18h	208d	0/26	upstream: reported C repro on 2023/09/24 07:49
linux-6.1	KASAN: use-after-free Read in generic_perform_write	C		unreliable	16	4d20h	221d	0/3	upstream: reported C repro on 2023/09/12 02:51
linux-4.14	KASAN: use-after-free Read in generic_perform_write (2) hfsplus jfs	C		error	20	449d	867d	0/1	upstream: reported C repro on 2021/12/05 01:05
linux-4.14	KASAN: use-after-free Read in generic_perform_write				11	1072d	1301d	0/1	auto-closed as invalid on 2021/09/11 00:48
upstream	KASAN: use-after-free Read in generic_perform_write fs mm	C	error		73	1039d	2101d	0/26	auto-obsoleted due to no activity on 2023/04/14 08:17

================================================================== BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab-out-of-bounds in memcpy_from_page+0x8c/0x120 lib/iov_iter.c:453 Read of size 2048 at addr ffff8880ac5ce080 by task loop0/8111 CPU: 0 PID: 8111 Comm: loop0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354 kasan_report+0x8f/0xa0 mm/kasan/report.c:412 memcpy+0x20/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:377 [inline] memcpy_from_page+0x8c/0x120 lib/iov_iter.c:453 iov_iter_copy_from_user_atomic+0x701/0xaa0 lib/iov_iter.c:929 generic_perform_write+0x265/0x4d0 mm/filemap.c:3178 __generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295 generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323 call_write_iter include/linux/fs.h:1821 [inline] do_iter_readv_writev+0x668/0x790 fs/read_write.c:681 do_iter_write+0x182/0x5d0 fs/read_write.c:960 vfs_iter_write+0x70/0xa0 fs/read_write.c:973 lo_write_bvec+0x141/0x370 drivers/block/loop.c:274 lo_write_simple drivers/block/loop.c:296 [inline] do_req_filebacked drivers/block/loop.c:619 [inline] loop_handle_cmd drivers/block/loop.c:1926 [inline] loop_queue_work+0xa1c/0x20c0 drivers/block/loop.c:1940 kthread_worker_fn+0x292/0x730 kernel/kthread.c:700 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Allocated by task 8110: __do_kmalloc mm/slab.c:3727 [inline] __kmalloc+0x15a/0x3c0 mm/slab.c:3736 kmalloc include/linux/slab.h:520 [inline] hfsplus_read_wrapper+0x2c7/0xf00 fs/hfsplus/wrapper.c:177 hfsplus_fill_super+0x30a/0x19e0 fs/hfsplus/super.c:413 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 6374: __cache_free mm/slab.c:3503 [inline] kfree+0xcc/0x210 mm/slab.c:3822 kernfs_fop_release+0x120/0x190 fs/kernfs/file.c:783 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8880ac5ce080 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 0 bytes inside of 512-byte region [ffff8880ac5ce080, ffff8880ac5ce280) The buggy address belongs to the page: page:ffffea0002b17380 count:1 mapcount:0 mapping:ffff88813bff0940 index:0xffff8880ac5ce800 flags: 0xfff00000000100(slab) raw: 00fff00000000100 ffffea0002bb28c8 ffffea0002b0d6c8 ffff88813bff0940 raw: ffff8880ac5ce800 ffff8880ac5ce080 0000000100000005 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880ac5ce180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880ac5ce200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8880ac5ce280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880ac5ce300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880ac5ce380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================

Crashes (68):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2023/01/24 09:34	linux-4.19.y	3f8a27f9e27b	9dfcf09c	.config	console log	report	syz	C		[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: slab-out-of-bounds Read in generic_perform_write
2022/11/26 14:52	linux-4.19.y	3f8a27f9e27b	f4470a7b	.config	console log	report	syz	C		[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: slab-out-of-bounds Read in generic_perform_write
2023/02/26 16:10	linux-4.19.y	3f8a27f9e27b	ee50e71c	.config	console log	report	syz			[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/01/31 21:33	linux-4.19.y	3f8a27f9e27b	b68fb8d6	.config	console log	report	syz			[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/12/11 14:26	linux-4.19.y	3f8a27f9e27b	67be1ae7	.config	console log	report	syz			[disk image] [vmlinux] [mounted in repro #1] [mounted in repro #2]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/11/11 14:26	linux-4.19.y	3f8a27f9e27b	f42ee5d8	.config	console log	report	syz			[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/30 09:56	linux-4.19.y	3f8a27f9e27b	2a71366b	.config	console log	report	syz			[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/06 14:41	linux-4.19.y	3f8a27f9e27b	2c6543ad	.config	console log	report	syz			[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/04 22:06	linux-4.19.y	3f8a27f9e27b	eab8f949	.config	console log	report	syz			[disk image] [vmlinux] [mounted in repro]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/09/26 04:34	linux-4.19.y	3f8a27f9e27b	0042f2b4	.config	console log	report	syz				ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/04/17 17:36	linux-4.19.y	3f8a27f9e27b	8bcc32a6	.config	console log	report	syz				ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/03/05 01:42	linux-4.19.y	3f8a27f9e27b	f8902b57	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/02/25 01:18	linux-4.19.y	3f8a27f9e27b	ee50e71c	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/02/20 11:10	linux-4.19.y	3f8a27f9e27b	bcdf85f8	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/02/19 14:17	linux-4.19.y	3f8a27f9e27b	bcdf85f8	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/02/16 06:26	linux-4.19.y	3f8a27f9e27b	6be0f1f5	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/02/13 03:43	linux-4.19.y	3f8a27f9e27b	93e26d60	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/02/10 10:48	linux-4.19.y	3f8a27f9e27b	07980f9d	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2023/01/11 06:13	linux-4.19.y	3f8a27f9e27b	48bc529a	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/12/31 10:01	linux-4.19.y	3f8a27f9e27b	ab32d508	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/12/30 23:20	linux-4.19.y	3f8a27f9e27b	ab32d508	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/12/13 06:37	linux-4.19.y	3f8a27f9e27b	67be1ae7	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/12/08 18:18	linux-4.19.y	3f8a27f9e27b	1034e5fa	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/11/15 02:23	linux-4.19.y	3f8a27f9e27b	97de9cfc	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/11/15 00:18	linux-4.19.y	3f8a27f9e27b	97de9cfc	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/31 01:40	linux-4.19.y	3f8a27f9e27b	2a71366b	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/30 08:28	linux-4.19.y	3f8a27f9e27b	2a71366b	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/25 18:32	linux-4.19.y	3f8a27f9e27b	45645420	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/15 06:57	linux-4.19.y	3f8a27f9e27b	67cb024c	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/12 04:00	linux-4.19.y	3f8a27f9e27b	02b6492e	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/08 00:08	linux-4.19.y	3f8a27f9e27b	79a59635	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/10/06 02:49	linux-4.19.y	3f8a27f9e27b	2c6543ad	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/07/15 00:53	linux-4.19.y	3f8a27f9e27b	5d921b08	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/06/11 10:09	linux-4.19.y	3f8a27f9e27b	0d5abf15	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/05/29 12:32	linux-4.19.y	3f8a27f9e27b	a46af346	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/04/22 23:55	linux-4.19.y	3f8a27f9e27b	131df97d	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/04/17 06:38	linux-4.19.y	3f8a27f9e27b	8bcc32a6	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/04/09 22:58	linux-4.19.y	3f8a27f9e27b	e22c3da3	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/02/20 01:49	linux-4.19.y	3f8a27f9e27b	3cd800e4	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/01/31 09:52	linux-4.19.y	3f8a27f9e27b	a491ad2d	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2022/01/30 17:11	linux-4.19.y	3f8a27f9e27b	495e00c5	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/12/07 05:16	linux-4.19.y	3f8a27f9e27b	0230ba3e	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/12/06 16:53	linux-4.19.y	3f8a27f9e27b	579a8754	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/11/20 14:57	linux-4.19.y	3f8a27f9e27b	4eb20a4e	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/11/19 05:56	linux-4.19.y	3f8a27f9e27b	31a30fc0	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/11/12 13:04	linux-4.19.y	3f8a27f9e27b	75b04091	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/11/09 13:27	linux-4.19.y	3f8a27f9e27b	59bcaf9a	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/11/06 19:02	linux-4.19.y	3f8a27f9e27b	4c1be0be	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/11/05 01:31	linux-4.19.y	3f8a27f9e27b	4c1be0be	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/10/10 15:07	linux-4.19.y	e34184f53363	838e7e2c	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/09/07 15:02	linux-4.19.y	b172b44fcb17	6ca60148	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/06/17 17:14	linux-4.19.y	eb575cd5d7f6	aba2b2fb	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/06/03 23:16	linux-4.19.y	1722257b8ece	0740de69	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/05/25 12:38	linux-4.19.y	1e986fe9ad15	3c7fef33	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/05/11 16:20	linux-4.19.y	3c8c23092588	ca873091	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/03/27 09:45	linux-4.19.y	78fec1611cbf	a8529b82	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/03/18 18:51	linux-4.19.y	ac3af4beac43	7216542e	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/03/14 10:38	linux-4.19.y	030194a5b292	4a003785	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/03/07 13:07	linux-4.19.y	2cae3e25b706	c599ed12	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/02/01 02:39	linux-4.19.y	811218eceeaa	fc9fd31e	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/01/31 23:13	linux-4.19.y	811218eceeaa	fc9fd31e	.config	console log	report			info		ci2-linux-4-19	KASAN: use-after-free Read in generic_perform_write
2021/06/22 08:47	linux-4.19.y	eb575cd5d7f6	aba2b2fb	.config	console log	report			info		ci2-linux-4-19	KASAN: slab-out-of-bounds Read in generic_perform_write
2021/01/08 02:30	linux-4.19.y	4143d798313f	c104d4a3	.config	console log	report			info		ci2-linux-4-19
2020/12/28 17:49	linux-4.19.y	13d2ce42de8c	8259d56c	.config	console log	report			info		ci2-linux-4-19
2020/12/26 18:11	linux-4.19.y	13d2ce42de8c	821e0b09	.config	console log	report			info		ci2-linux-4-19
2020/12/12 22:56	linux-4.19.y	13d2ce42de8c	bca53db9	.config	console log	report			info		ci2-linux-4-19
2020/10/19 09:13	linux-4.19.y	ad326970d25c	ff4a3345	.config	console log	report			info		ci2-linux-4-19
2020/09/24 08:54	linux-4.19.y	d09b80172c22	54289b08	.config	console log	report			info		ci2-linux-4-19

Crashes (68):

Assets (help?)

2023/01/24 09:34

linux-4.19.y