syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [866] ≡ Subsystems 🐞 Fixed [4879] 🐞 Invalid [11676] ⬇ Missing Backports [71] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] Monthly ntfs report (Oct 2023) | 0 (1) | 2023/10/04 13:13 |
| fs/ntfs : use-after-free Read in ntfs_attr_find | 1 (1) | 2023/08/22 17:44 |
| [syzbot] Monthly ntfs report (Jun 2023) | 0 (1) | 2023/06/02 08:40 |
| [syzbot] Monthly ntfs report (May 2023) | 0 (1) | 2023/05/02 07:18 |
| [syzbot] Monthly ntfs report | 0 (1) | 2023/03/31 15:00 |
| [syzbot] [ntfs?] KASAN: use-after-free Read in ntfs_attr_find (2) | 0 (1) | 2023/03/01 23:29 |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KASAN: use-after-free Read in ntfs_attr_find ntfs | C | done | 74 | 302d | 468d | 24/25 | fixed on 2023/02/24 13:50 | |
| linux-6.1 | KASAN: use-after-free Read in ntfs_attr_find | 3 | 228d | 239d | 0/3 | auto-obsoleted due to no activity on 2023/08/21 05:46 | |||
| linux-4.14 | KASAN: slab-out-of-bounds Read in ntfs_attr_find (2) | C | 31 | 283d | 468d | 0/1 | upstream: reported C repro on 2022/08/25 11:21 | ||
| linux-4.19 | KASAN: use-after-free Read in ntfs_attr_find (2) | C | 1 | 284d | 284d | 0/1 | upstream: reported C repro on 2023/02/26 02:15 | ||
| linux-4.14 | KASAN: use-after-free Read in ntfs_attr_find | C | done | 4 | 1150d | 1169d | 1/1 | fixed on 2020/11/12 10:36 | |
| linux-4.19 | KASAN: use-after-free Read in ntfs_attr_find | C | done | 13 | 1135d | 1166d | 1/1 | fixed on 2020/11/27 11:32 | |
| linux-5.15 | KASAN: slab-out-of-bounds Read in ntfs_attr_find | 1 | 227d | 227d | 0/3 | auto-obsoleted due to no activity on 2023/08/22 04:27 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2023/11/22 04:16 | 13m | retest repro | upstream | report log | |
| 2023/11/22 04:16 | 38m | retest repro | upstream | report log | |
| 2023/11/22 04:13 | 26m | retest repro | linux-next | OK log | |
| 2023/11/01 16:52 | 19m | retest repro | upstream | report log | |
| 2023/11/01 16:52 | 22m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | report log | |
| 2023/10/07 01:17 | 13m | retest repro | upstream | report log | |
| 2023/09/22 23:19 | 18m | retest repro | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | report log | |
| 2023/09/08 22:57 | 9m | retest repro | upstream | report log | |
| 2023/09/08 22:57 | 10m | retest repro | upstream | report log | |
| 2023/08/22 13:02 | 28m | ghandatmanas@gmail.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.5-rc6 | report log |
loop0: detected capacity change from 0 to 4096 ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. ================================================================== BUG: KASAN: use-after-free in ntfs_attr_find+0xaa4/0xbe0 fs/ntfs/attrib.c:609 Read of size 2 at addr ffff888052d77042 by task syz-executor391/5068 CPU: 1 PID: 5068 Comm: syz-executor391 Not tainted 6.7.0-rc3-syzkaller-00033-g3b47bc037bd4 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc4/0x620 mm/kasan/report.c:475 kasan_report+0xda/0x110 mm/kasan/report.c:588 ntfs_attr_find+0xaa4/0xbe0 fs/ntfs/attrib.c:609 ntfs_attr_lookup+0x10e0/0x2100 fs/ntfs/attrib.c:1213 ntfs_read_locked_inode+0x9bf/0x5860 fs/ntfs/inode.c:666 ntfs_read_inode_mount+0xef9/0x2730 fs/ntfs/inode.c:2098 ntfs_fill_super+0x185c/0x9100 fs/ntfs/super.c:2863 mount_bdev+0x1f3/0x2e0 fs/super.c:1650 legacy_get_tree+0x109/0x220 fs/fs_context.c:662 vfs_get_tree+0x8c/0x370 fs/super.c:1771 do_new_mount fs/namespace.c:3337 [inline] path_mount+0x1492/0x1ed0 fs/namespace.c:3664 do_mount fs/namespace.c:3677 [inline] __do_sys_mount fs/namespace.c:3886 [inline] __se_sys_mount fs/namespace.c:3863 [inline] __x64_sys_mount+0x293/0x310 fs/namespace.c:3863 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f3fcba44daa Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fffa61e1ed8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fffa61e1ef0 RCX: 00007f3fcba44daa RDX: 00000000200000c0 RSI: 00000000200001c0 RDI: 00007fffa61e1ef0 RBP: 0000000000000004 R08: 00007fffa61e1f30 R09: 000000000001f63d R10: 0000000000000004 R11: 0000000000000286 R12: 0000000000000004 R13: 00007fffa61e1f30 R14: 0000000000000003 R15: 0000000000200000 </TASK> The buggy address belongs to the physical page: page:ffffea00014b5dc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x52d77 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000000 ffffea00014d2f88 ffff8880b9942630 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5068, tgid 5068 (syz-executor391), ts 54959981955, free_ts 55030976425 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x2d0/0x350 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1544 [inline] get_page_from_freelist+0xa25/0x36d0 mm/page_alloc.c:3312 __alloc_pages+0x22e/0x2420 mm/page_alloc.c:4568 alloc_pages_mpol+0x258/0x5f0 mm/mempolicy.c:2133 vma_alloc_folio+0xad/0x220 mm/mempolicy.c:2172 wp_page_copy mm/memory.c:3114 [inline] do_wp_page+0x13be/0x36b0 mm/memory.c:3510 handle_pte_fault mm/memory.c:5054 [inline] __handle_mm_fault+0x1d7d/0x3d70 mm/memory.c:5179 handle_mm_fault+0x47a/0xa10 mm/memory.c:5344 do_user_addr_fault+0x30b/0x1000 arch/x86/mm/fault.c:1364 handle_page_fault arch/x86/mm/fault.c:1505 [inline] exc_page_fault+0x5d/0xc0 arch/x86/mm/fault.c:1561 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1137 [inline] free_unref_page_prepare+0x4fa/0xaa0 mm/page_alloc.c:2347 free_unref_page_list+0xe6/0xb40 mm/page_alloc.c:2533 release_pages+0x32a/0x14f0 mm/swap.c:1042 folios_put include/linux/mm.h:1539 [inline] folio_batch_move_lru+0x2f7/0x470 mm/swap.c:224 lru_add_drain_cpu+0x535/0x860 mm/swap.c:652 lru_add_drain+0x10a/0x440 mm/swap.c:752 __folio_batch_release+0x89/0xe0 mm/swap.c:1059 folio_batch_release include/linux/pagevec.h:83 [inline] truncate_inode_pages_range+0x33e/0xf00 mm/truncate.c:371 kill_bdev block/bdev.c:76 [inline] set_blocksize+0x2af/0x360 block/bdev.c:152 sb_set_blocksize+0x47/0x120 block/bdev.c:161 ntfs_fill_super+0x134d/0x9100 fs/ntfs/super.c:2818 mount_bdev+0x1f3/0x2e0 fs/super.c:1650 legacy_get_tree+0x109/0x220 fs/fs_context.c:662 vfs_get_tree+0x8c/0x370 fs/super.c:1771 do_new_mount fs/namespace.c:3337 [inline] path_mount+0x1492/0x1ed0 fs/namespace.c:3664 do_mount fs/namespace.c:3677 [inline] __do_sys_mount fs/namespace.c:3886 [inline] __se_sys_mount fs/namespace.c:3863 [inline] __x64_sys_mount+0x293/0x310 fs/namespace.c:3863 Memory state around the buggy address: ffff888052d76f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888052d76f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888052d77000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888052d77080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888052d77100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ntfs: (device loop0): ntfs_is_extended_system_file(): Inode hard link count doesn't match number of name attributes. You should run chkdsk. ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x0 as bad. Run chkdsk. ntfs: (device loop0): ntfs_read_inode_mount(): ntfs_read_inode() of $MFT failed. BUG or corrupt $MFT. Run chkdsk and if no errors are found, please report you saw this message to linux-ntfs-dev@lists.sourceforge.net ntfs: (device loop0): ntfs_fill_super(): Failed to load essential metadata.
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023/11/30 12:11 | upstream | 3b47bc037bd4 | f819d6f7 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-badwrites-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/11/08 04:12 | upstream | 13d88ac54ddd | 83211397 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-selinux-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/08/25 22:50 | upstream | 4f9e7fabf864 | 03d9c195 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/08/16 06:13 | upstream | 4853c74bd7ab | 39990d51 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-smack-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/05/22 07:47 | upstream | e2065b8c1b01 | 4bce1a3e | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/02/25 23:27 | upstream | 489fa31ea873 | ee50e71c | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/10/08 17:57 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 19af4a4ed414 | 5e837c76 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/02/25 23:20 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 2ebd1fbb946d | ee50e71c | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/06/08 11:39 | linux-next | 715abedee4cd | 7086cdb9 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-linux-next-kasan-gce-root | KASAN: use-after-free Read in ntfs_attr_find | |
| 2023/10/18 13:50 | upstream | 06dc10eae55b | 342b9c55 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-smack-root | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/06/19 06:25 | upstream | 8c1f0c38b310 | f3921d4d | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/06/13 08:11 | upstream | fb054096aea0 | 749afb64 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/05/25 20:34 | upstream | 933174ae28ba | 0513b3e6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/05/05 08:21 | upstream | 78b421b6a7c6 | 518a39a6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/04/20 19:43 | upstream | cb0856346a60 | a219f34e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/04/03 15:40 | upstream | 7e364e56293b | 41147e3e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/03/24 13:33 | upstream | 1e760fa3596e | f94b4a29 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/03/02 00:48 | upstream | ee3f96b16468 | f8902b57 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: use-after-free Read in ntfs_attr_find | ||
| 2023/06/10 09:50 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | d8b213732169 | 7086cdb9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in ntfs_attr_find |