syzbot


kernel BUG at lib/string.c:LINE! (5)

Status: fixed on 2020/10/15 08:22
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+e864a35d361e1d4e29a5@syzkaller.appspotmail.com
Fix commit: 35be8851d172 btrfs: fix overflow when copying corrupt csums for a message
First crash: 1348d, last: 1338d
Cause bisection: introduced by (bisect log) :
commit 3951e7f050ac6a38bbc859fc3cd6093890c31d1c
Author: Johannes Thumshirn <jthumshirn@suse.de>
Date: Mon Oct 7 09:11:01 2019 +0000

  btrfs: add xxhash64 to checksumming algorithms

Crash: kernel BUG at lib/string.c:LINE! (log)
Repro: C syz .config
  
Discussions (4)
Title Replies (including bot) Last reply
[PATCH 5.8 00/99] 5.8.13-rc1 review 110 (110) 2020/10/01 19:24
[PATCH 5.4 000/388] 5.4.69-rc1 review 392 (392) 2020/09/30 14:29
kernel BUG at lib/string.c:LINE! (5) 1 (3) 2020/09/17 13:14
Re: kernel BUG at lib/string.c:LINE! (5) 1 (1) 2020/09/16 08:45
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at lib/string.c:LINE! netfilter C 73 2419d 2434d 3/26 fixed on 2017/10/24 07:07
upstream kernel BUG at lib/string.c:LINE! (2) rdma syz 2 2265d 2264d 4/26 fixed on 2018/03/23 18:14
upstream kernel BUG at lib/string.c:LINE! (6) netfilter C done 2 1253d 1249d 19/26 fixed on 2021/03/10 01:48
upstream kernel BUG in sg_write scsi 3 1167d 1167d 0/26 auto-closed as invalid on 2021/05/17 10:34
upstream kernel BUG at lib/string.c:LINE! (3) rdma C 5 2248d 2249d 5/26 fixed on 2018/04/06 16:37
upstream kernel BUG at lib/string.c:LINE! (4) lvs C 2 2200d 2200d 5/26 fixed on 2018/06/07 13:52

Sample crash report:
detected buffer overflow in memcpy
------------[ cut here ]------------
kernel BUG at lib/string.c:1129!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 26 Comm: kworker/u4:2 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: btrfs-endio-meta btrfs_work_helper
RIP: 0010:fortify_panic+0xf/0x20 lib/string.c:1129
Code: 89 c7 48 89 74 24 08 48 89 04 24 e8 ab 39 00 fe 48 8b 74 24 08 48 8b 04 24 eb d5 48 89 fe 48 c7 c7 40 22 97 88 e8 b0 8c a9 fd <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 41 57 41 56 41
RSP: 0018:ffffc90000e27980 EFLAGS: 00010286
RAX: 0000000000000022 RBX: ffff8880a80dca64 RCX: 0000000000000000
RDX: ffff8880a90860c0 RSI: ffffffff815dba07 RDI: fffff520001c4f22
RBP: ffff8880a80dca00 R08: 0000000000000022 R09: ffff8880ae7318e7
R10: 0000000000000000 R11: 0000000000077578 R12: 00000000ffffff6e
R13: 0000000000000008 R14: ffffc90000e27a40 R15: 1ffff920001c4f3c
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557335f440d0 CR3: 000000009647d000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 memcpy include/linux/string.h:405 [inline]
 btree_readpage_end_io_hook.cold+0x206/0x221 fs/btrfs/disk-io.c:642
 end_bio_extent_readpage+0x4de/0x10c0 fs/btrfs/extent_io.c:2854
 bio_endio+0x3cf/0x7f0 block/bio.c:1449
 end_workqueue_fn+0x114/0x170 fs/btrfs/disk-io.c:1695
 btrfs_work_helper+0x221/0xe20 fs/btrfs/async-thread.c:318
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
---[ end trace b68924293169feef ]---
RIP: 0010:fortify_panic+0xf/0x20 lib/string.c:1129
Code: 89 c7 48 89 74 24 08 48 89 04 24 e8 ab 39 00 fe 48 8b 74 24 08 48 8b 04 24 eb d5 48 89 fe 48 c7 c7 40 22 97 88 e8 b0 8c a9 fd <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 41 57 41 56 41
RSP: 0018:ffffc90000e27980 EFLAGS: 00010286
RAX: 0000000000000022 RBX: ffff8880a80dca64 RCX: 0000000000000000
RDX: ffff8880a90860c0 RSI: ffffffff815dba07 RDI: fffff520001c4f22
RBP: ffff8880a80dca00 R08: 0000000000000022 R09: ffff8880ae7318e7
R10: 0000000000000000 R11: 0000000000077578 R12: 00000000ffffff6e
R13: 0000000000000008 R14: ffffc90000e27a40 R15: 1ffff920001c4f3c
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f95b7c4d008 CR3: 000000009647d000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (558):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/09/14 11:12 upstream e4c26faa426c 2d3cdd63 .config console log report syz C ci-upstream-kasan-gce-root
2020/09/24 03:04 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/24 02:00 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/24 00:13 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/23 23:40 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/23 22:25 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/23 20:32 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 19:22 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/23 18:19 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/23 17:29 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/23 16:26 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 15:02 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-root
2020/09/23 13:59 upstream 805c6d3c1921 287cd75a .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 10:11 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 08:48 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 07:29 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 06:24 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 04:43 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-root
2020/09/23 04:42 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-root
2020/09/23 01:30 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/23 00:12 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-upstream-kasan-gce-root
2020/09/22 23:07 upstream 805c6d3c1921 3e8f6c27 .config console log report info ci-qemu-upstream
2020/09/22 21:55 upstream 98477740630f 3e8f6c27 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/22 16:23 upstream 98477740630f 3e8f6c27 .config console log report info ci-upstream-kasan-gce-root
2020/09/22 13:55 upstream 98477740630f 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/22 11:55 upstream 98477740630f 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/22 10:47 upstream 98477740630f 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/22 09:41 upstream 98477740630f 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/22 08:09 upstream 98477740630f 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/22 07:05 upstream 98477740630f 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/22 06:45 upstream 98477740630f 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/22 04:36 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/22 03:25 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/22 02:15 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/22 01:34 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/22 00:25 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/21 23:24 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/21 22:06 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/21 21:04 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/21 19:24 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/21 19:06 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/21 16:22 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/21 15:18 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-root
2020/09/21 12:58 upstream ba4f184e126b 9e1fa68e .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/14 09:55 upstream e4c26faa426c 2d3cdd63 .config console log report ci-qemu-upstream
2020/09/23 12:46 upstream 805c6d3c1921 287cd75a .config console log report info ci-qemu-upstream-386
2020/09/22 19:25 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-qemu-upstream-386
2020/09/22 12:18 upstream 98477740630f 3e8f6c27 .config console log report info ci-qemu-upstream-386
2020/09/17 10:14 linux-next 5fa35f247b56 8247808b .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.