syzbot

 sign-in | mailing list | source | docs
🐞 Open [1165] 🐞 Fixed [4326] 🐞 Invalid [9670] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

KASAN: out-of-bounds Write in end_buffer_read_sync

Status: upstream: reported C repro on 2022/04/25 03:07
Reported-by: syzbot+3f7f291a3d327486073c@syzkaller.appspotmail.com
First crash: 293d, last: 1h13m

Cause bisection: introduced by (bisect log) :
commit 6e5be40d32fb1907285277c02e74493ed43d77fe
Author: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Date: Fri Aug 13 14:21:30 2021 +0000

  fs/ntfs3: Add NTFS3 in fs/Kconfig and fs/Makefile

Crash: KASAN: out-of-bounds Write in end_buffer_read_sync (log)
Repro: C syz .config
Last patch testing requests:
Created Duration User Patch Repo Result
2022/07/02 04:28 22m gautammenghani201@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 03c765b0e3b4cb5063276b086c76f7a612856a9a report log

Sample crash report:
==================================================================
BUG: KASAN: out-of-bounds in instrument_atomic_read_write include/linux/instrumented.h:102 [inline]
BUG: KASAN: out-of-bounds in atomic_dec include/linux/atomic/atomic-instrumented.h:257 [inline]
BUG: KASAN: out-of-bounds in put_bh include/linux/buffer_head.h:320 [inline]
BUG: KASAN: out-of-bounds in end_buffer_read_sync+0x8f/0xe0 fs/buffer.c:160
Write of size 4 at addr ffffc90003dbf250 by task ksoftirqd/0/15

CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:306 [inline]
 print_report+0x15e/0x45d mm/kasan/report.c:417
 kasan_report+0xbf/0x1f0 mm/kasan/report.c:517
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0x141/0x190 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:102 [inline]
 atomic_dec include/linux/atomic/atomic-instrumented.h:257 [inline]
 put_bh include/linux/buffer_head.h:320 [inline]
 end_buffer_read_sync+0x8f/0xe0 fs/buffer.c:160
 end_bio_bh_io_sync+0xde/0x130 fs/buffer.c:2655
 bio_endio+0x651/0x7f0 block/bio.c:1615
 req_bio_endio block/blk-mq.c:794 [inline]
 blk_update_request+0x436/0x1380 block/blk-mq.c:926
 blk_mq_end_request+0x4f/0x80 block/blk-mq.c:1053
 lo_complete_rq+0x1c6/0x280 drivers/block/loop.c:370
 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1131
 __do_softirq+0x1fb/0xadc kernel/softirq.c:571
 run_ksoftirqd kernel/softirq.c:934 [inline]
 run_ksoftirqd+0x31/0x60 kernel/softirq.c:926
 smpboot_thread_fn+0x659/0xa20 kernel/smpboot.c:164
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

The buggy address belongs to the virtual mapping at
 [ffffc90003db8000, ffffc90003dc1000) created by:
 kernel_clone+0xeb/0x990 kernel/fork.c:2681

The buggy address belongs to the physical page:
page:ffffea0000a1c700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2871c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5060, tgid 5060 (syz-executor304), ts 52107498178, free_ts 52087450409
 prep_new_page mm/page_alloc.c:2531 [inline]
 get_page_from_freelist+0x119c/0x2ce0 mm/page_alloc.c:4283
 __alloc_pages+0x1cb/0x5b0 mm/page_alloc.c:5549
 alloc_pages+0x1aa/0x270 mm/mempolicy.c:2286
 vm_area_alloc_pages mm/vmalloc.c:2989 [inline]
 __vmalloc_area_node mm/vmalloc.c:3057 [inline]
 __vmalloc_node_range+0x978/0x13c0 mm/vmalloc.c:3227
 alloc_thread_stack_node kernel/fork.c:311 [inline]
 dup_task_struct kernel/fork.c:987 [inline]
 copy_process+0x12d2/0x7520 kernel/fork.c:2097
 kernel_clone+0xeb/0x990 kernel/fork.c:2681
 __do_sys_clone+0xba/0x100 kernel/fork.c:2822
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1446 [inline]
 free_pcp_prepare+0x65c/0xc00 mm/page_alloc.c:1496
 free_unref_page_prepare mm/page_alloc.c:3369 [inline]
 free_unref_page_list+0x176/0xcd0 mm/page_alloc.c:3510
 release_pages+0xcb1/0x1330 mm/swap.c:1076
 __pagevec_release+0x77/0xe0 mm/swap.c:1096
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2ec/0xec0 mm/truncate.c:372
 kill_bdev block/bdev.c:76 [inline]
 blkdev_flush_mapping+0x140/0x2f0 block/bdev.c:662
 blkdev_put_whole+0xd1/0xf0 block/bdev.c:693
 blkdev_put+0x22a/0x770 block/bdev.c:953
 deactivate_locked_super+0x98/0x160 fs/super.c:332
 deactivate_super+0xb1/0xd0 fs/super.c:363
 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1291
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 ptrace_notify+0x118/0x140 kernel/signal.c:2354
 ptrace_report_syscall include/linux/ptrace.h:411 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]
 syscall_exit_work kernel/entry/common.c:251 [inline]
 syscall_exit_to_user_mode_prepare+0x129/0x280 kernel/entry/common.c:278
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0xd/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86

Memory state around the buggy address:
 ffffc90003dbf100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90003dbf180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90003dbf200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                    ^
 ffffc90003dbf280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90003dbf300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (743):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-root 2023/01/26 18:52 upstream 7c46948a6e9c 9dfcf09c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2023/01/01 19:26 upstream e4cf7c25bae5 ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/31 02:45 upstream bff687b3dad6 ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/30 14:06 upstream 2258c2dc850b 44712fbc .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-root 2022/12/25 13:00 upstream 72a85e2b0a1e 9da18ae8 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/25 09:32 upstream 72a85e2b0a1e 9da18ae8 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/24 11:57 upstream 51094a24b85e 9da18ae8 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/22 17:18 upstream 0a924817d2ed 9da18ae8 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/22 09:05 upstream b6bb9676f216 4067838e .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/20 21:16 upstream 6feb57c2fd7c d3e76707 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/18 09:34 upstream f9ff5644bcc0 05494336 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/17 20:37 upstream 77856d911a8c 05494336 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/17 17:35 upstream 77856d911a8c 05494336 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/17 16:42 upstream 77856d911a8c 05494336 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-root 2022/10/06 09:02 upstream 833477fce7a1 2c6543ad .config console log report syz C [disk image] [vmlinux] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-root 2022/08/06 12:04 upstream 200e340f2196 e853abd9 .config strace log report syz C KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2022/05/20 12:22 upstream b015dcd62b86 cb1ac2e7 .config console log report syz C KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2022/05/07 13:26 upstream 4b97bac0756a e60b1103 .config console log report syz C KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/12/22 06:37 upstream b6bb9676f216 4067838e .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2022/10/28 23:35 upstream b229b6ca5abb 8168b69e .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-root 2023/01/24 15:49 upstream 7bf70dbb1882 9dfcf09c .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-upstream-linux-next-kasan-gce-root 2022/11/12 13:09 linux-next f8f60f322f06 3ead01ad .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-upstream-linux-next-kasan-gce-root 2022/11/06 22:57 linux-next 0cdb3579f1ee 6d752409 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-upstream-linux-next-kasan-gce-root 2022/11/06 20:00 linux-next 0cdb3579f1ee 6d752409 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-upstream-linux-next-kasan-gce-root 2022/11/04 20:14 linux-next 0cdb3579f1ee 6d752409 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/08 05:36 upstream 0983f6bf2bfc 15c3d445 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/05 21:46 upstream 837c07cf68fe be607b78 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-smack-root 2023/02/04 11:45 upstream 0136d86b7852 1b2f701a .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-smack-root 2023/02/04 05:37 upstream 7b753a909f42 1b2f701a .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/04 01:47 upstream 0136d86b7852 1b2f701a .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/03 15:26 upstream 66a87fff1a87 64e439a6 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2023/02/03 11:59 upstream e7368fd30165 1b2f701a .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2023/02/02 14:35 upstream 9f266ccaa2f5 16d19e30 .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2023/02/02 09:25 upstream 9f266ccaa2f5 9a6f477c .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/01 19:00 upstream c0b67534c95c 7374c4e5 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/31 20:20 upstream 22b8077d0fce 7374c4e5 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2023/01/30 05:45 upstream ab072681eabe 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-smack-root 2023/01/29 22:59 upstream ab072681eabe 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/29 21:02 upstream ab072681eabe 7374c4e5 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/27 22:11 upstream 83abd4d4c4be 7374c4e5 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2023/01/27 02:29 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci2-upstream-fs 2023/01/26 13:08 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2022/04/24 09:06 upstream 22da5264abf4 131df97d .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2022/04/21 03:05 upstream b253435746d9 d4befee1 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/07 14:08 upstream 05ecb680708a b68d0e75 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/05 00:28 upstream db27c22251e7 be607b78 .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/04 01:36 upstream 0136d86b7852 1b2f701a .config console log report info KASAN: out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/07 16:27 upstream 05ecb680708a b68d0e75 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/06 16:11 upstream d2d11f342b17 0a9c11b6 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/05 09:53 upstream db27c22251e7 be607b78 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/04 19:21 upstream 0136d86b7852 be607b78 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/04 13:35 upstream 0136d86b7852 be607b78 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/01 10:15 upstream 58706f7fb045 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/01 04:26 upstream 58706f7fb045 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/02/01 03:06 upstream 58706f7fb045 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/31 23:21 upstream 58706f7fb045 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/29 10:51 upstream c96618275234 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/29 08:10 upstream c96618275234 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/29 03:28 upstream c96618275234 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/28 20:07 upstream 5af6ce704936 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/28 00:07 upstream 83abd4d4c4be 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream 2023/01/26 07:20 upstream 7c46948a6e9c 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-upstream-kasan-gce-selinux-root 2023/01/20 12:46 upstream d368967cb103 559a440a .config console log report info [disk image] [vmlinux] [kernel image] KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/08 03:29 upstream 0983f6bf2bfc 15c3d445 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/08 02:39 upstream 0983f6bf2bfc 15c3d445 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/07 21:37 upstream 513c1a3d3f19 b68d0e75 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/07 08:13 upstream 05ecb680708a 5bc3be51 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/06 20:28 upstream d2d11f342b17 0a9c11b6 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/06 18:27 upstream d2d11f342b17 0a9c11b6 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/05 15:04 upstream 837c07cf68fe be607b78 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/03 03:59 upstream 66a87fff1a87 33fc5c09 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/02/02 17:11 upstream 9f266ccaa2f5 33fc5c09 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/01/29 10:56 upstream c96618275234 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/01/28 12:19 upstream 5af6ce704936 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-qemu-upstream-386 2023/01/28 11:00 upstream 83abd4d4c4be 7374c4e5 .config console log report info KASAN: stack-out-of-bounds Write in end_buffer_read_sync
ci-upstream-linux-next-kasan-gce-root 2023/01/03 09:14 linux-next c76083fac3ba ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] KASAN: stack-out-of-bounds Write in end_buffer_read_sync
* Struck through repros no longer work on HEAD.