syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [984] ≡ Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] ⬇ Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [ntfs?] KASAN: use-after-free Read in ntfs_attr_find (2) | 0 (2) | 2024/03/19 11:03 |
| [syzbot] Monthly ntfs report (Oct 2023) | 0 (1) | 2023/10/04 13:13 |
| fs/ntfs : use-after-free Read in ntfs_attr_find | 1 (1) | 2023/08/22 17:44 |
| [syzbot] Monthly ntfs report (Jun 2023) | 0 (1) | 2023/06/02 08:40 |
| [syzbot] Monthly ntfs report (May 2023) | 0 (1) | 2023/05/02 07:18 |
| [syzbot] Monthly ntfs report | 0 (1) | 2023/03/31 15:00 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2024/04/19 09:16 | 25m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | OK log | |
| 2024/03/22 11:51 | 26m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | OK log | |
| 2024/03/22 11:51 | 26m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | OK log | |
| 2024/03/07 14:18 | 52m | retest repro | upstream | OK log | |
| 2024/03/03 06:46 | 23m | retest repro | upstream | OK log | |
| 2024/03/03 06:46 | 23m | retest repro | upstream | OK log | |
| 2024/03/03 05:55 | 20m | retest repro | upstream | OK log | |
| 2024/03/03 05:53 | 44m | retest repro | upstream | OK log | |
| 2024/03/03 05:55 | 17m | retest repro | upstream | OK log | |
| 2024/03/03 05:55 | 17m | retest repro | upstream | OK log | |
| 2023/08/22 13:02 | 28m | ghandatmanas@gmail.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.5-rc6 | report log |
loop0: detected capacity change from 0 to 4096 ================================================================== BUG: KASAN: use-after-free in ntfs_attr_find+0x7d6/0xd50 fs/ntfs/attrib.c:609 Read of size 2 at addr ffff888076e8a442 by task syz-executor604/5044 CPU: 0 PID: 5044 Comm: syz-executor604 Not tainted 6.7.0-syzkaller-12824-g9d64bf433c53 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x163/0x540 mm/kasan/report.c:488 kasan_report+0x142/0x170 mm/kasan/report.c:601 ntfs_attr_find+0x7d6/0xd50 fs/ntfs/attrib.c:609 ntfs_attr_lookup+0x4e4/0x2390 ntfs_read_locked_inode+0xa32/0x4940 fs/ntfs/inode.c:666 ntfs_iget+0x113/0x190 fs/ntfs/inode.c:177 load_and_init_mft_mirror fs/ntfs/super.c:1035 [inline] load_system_files+0x100/0x4840 fs/ntfs/super.c:1780 ntfs_fill_super+0x19b3/0x2bd0 fs/ntfs/super.c:2900 mount_bdev+0x206/0x2d0 fs/super.c:1663 legacy_get_tree+0xef/0x190 fs/fs_context.c:662 vfs_get_tree+0x8c/0x2a0 fs/super.c:1784 do_new_mount+0x2be/0xb40 fs/namespace.c:3352 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fa1caa446ca Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8ac67208 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fff8ac67210 RCX: 00007fa1caa446ca RDX: 000000002001f6c0 RSI: 0000000020000080 RDI: 00007fff8ac67210 RBP: 0000000000000004 R08: 00007fff8ac67250 R09: 000000000001f66a R10: 000000000000c70b R11: 0000000000000286 R12: 00007fff8ac67250 R13: 0000000000000003 R14: 0000000000200000 R15: 00007fa1caa8e04b </TASK> The buggy address belongs to the physical page: page:ffffea0001dba280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x76e8a flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000000 ffffea0001dba2c8 ffff8880b9842830 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 0, migratetype Movable, gfp_mask 0x8(__GFP_MOVABLE), pid 1, tgid 1 (swapper/0), ts 15230632161, free_ts 17116424573 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1e6/0x210 mm/page_alloc.c:1533 split_map_pages+0x24a/0x510 mm/compaction.c:97 isolate_freepages_range+0x476/0x4d0 mm/compaction.c:774 alloc_contig_range+0x62e/0x9a0 mm/page_alloc.c:6410 __alloc_contig_pages mm/page_alloc.c:6433 [inline] alloc_contig_pages+0x3f4/0x4f0 mm/page_alloc.c:6513 debug_vm_pgtable_alloc_huge_page+0xb9/0x110 mm/debug_vm_pgtable.c:1095 init_args+0x837/0xb10 mm/debug_vm_pgtable.c:1277 debug_vm_pgtable+0xe0/0x540 mm/debug_vm_pgtable.c:1315 do_one_initcall+0x234/0x810 init/main.c:1236 do_initcall_level+0x157/0x210 init/main.c:1298 do_initcalls+0x3f/0x80 init/main.c:1314 kernel_init_freeable+0x429/0x5c0 init/main.c:1551 kernel_init+0x1d/0x2a0 init/main.c:1441 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 page last free pid 1 tgid 1 stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x959/0xa80 mm/page_alloc.c:2346 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2486 free_contig_range+0x9e/0x160 mm/page_alloc.c:6535 destroy_args+0x8a/0x890 mm/debug_vm_pgtable.c:1028 debug_vm_pgtable+0x4ba/0x540 mm/debug_vm_pgtable.c:1408 do_one_initcall+0x234/0x810 init/main.c:1236 do_initcall_level+0x157/0x210 init/main.c:1298 do_initcalls+0x3f/0x80 init/main.c:1314 kernel_init_freeable+0x429/0x5c0 init/main.c:1551 kernel_init+0x1d/0x2a0 init/main.c:1441 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Memory state around the buggy address: ffff888076e8a300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888076e8a380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff888076e8a400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888076e8a480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888076e8a500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2024/01/20 18:00 | upstream | 9d64bf433c53 | 9bd8dcda | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/11/30 12:11 | upstream | 3b47bc037bd4 | f819d6f7 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-badwrites-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/11/08 04:12 | upstream | 13d88ac54ddd | 83211397 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-selinux-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/08/25 22:50 | upstream | 4f9e7fabf864 | 03d9c195 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/08/16 06:13 | upstream | 4853c74bd7ab | 39990d51 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-smack-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/05/22 07:47 | upstream | e2065b8c1b01 | 4bce1a3e | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/02/25 23:27 | upstream | 489fa31ea873 | ee50e71c | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/06/08 11:39 | linux-next | 715abedee4cd | 7086cdb9 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-linux-next-kasan-gce-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2024/01/20 21:52 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 0802e17d9aca | 9bd8dcda | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/10/08 17:57 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 19af4a4ed414 | 5e837c76 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/02/25 23:20 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 2ebd1fbb946d | ee50e71c | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/10/18 13:50 | upstream | 06dc10eae55b | 342b9c55 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/06/19 06:25 | upstream | 8c1f0c38b310 | f3921d4d | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/06/13 08:11 | upstream | fb054096aea0 | 749afb64 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/05/25 20:34 | upstream | 933174ae28ba | 0513b3e6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/05/05 08:21 | upstream | 78b421b6a7c6 | 518a39a6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/04/20 19:43 | upstream | cb0856346a60 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/04/03 15:40 | upstream | 7e364e56293b | 41147e3e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/03/24 13:33 | upstream | 1e760fa3596e | f94b4a29 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/03/02 00:48 | upstream | ee3f96b16468 | f8902b57 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2024/02/18 05:51 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 905b00721763 | 578f7538 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/06/10 09:50 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | d8b213732169 | 7086cdb9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find |