syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [990] ≡ Subsystems 🐞 Fixed [5238] 🐞 Invalid [12509] ⬇ Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KASAN: use-after-free Read in ntfs_attr_find ntfs3 | C | done | 74 | 443d | 609d | 22/26 | fixed on 2023/02/24 13:50 | |
| linux-4.14 | KASAN: slab-out-of-bounds Read in ntfs_attr_find | C | done | 10 | 1282d | 1310d | 1/1 | fixed on 2020/11/20 16:27 | |
| linux-5.15 | KASAN: slab-out-of-bounds Read in ntfs_attr_find | 1 | 368d | 368d | 0/3 | auto-obsoleted due to no activity on 2023/08/22 04:27 | |||
| linux-4.14 | KASAN: slab-out-of-bounds Read in ntfs_attr_find (2) | C | 31 | 424d | 609d | 0/1 | upstream: reported C repro on 2022/08/25 11:21 | ||
| linux-4.19 | KASAN: slab-out-of-bounds Read in ntfs_attr_find | C | done | 10 | 1250d | 1307d | 1/1 | fixed on 2020/12/23 11:20 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2020/07/26 14:13 | 21m | bisect fix | upstream | job log (0) log | |
| 2020/06/15 15:01 | 16m | bisect fix | upstream | job log (0) log | |
| 2020/05/16 13:54 | 15m | bisect fix | upstream | job log (0) log | |
| 2020/04/16 13:37 | 16m | bisect fix | upstream | job log (0) log | |
| 2020/03/16 22:52 | 17m | bisect fix | upstream | job log (0) log | |
| 2020/02/11 21:52 | 17m | bisect fix | upstream | job log (0) log | |
| 2020/01/12 21:32 | 16m | bisect fix | upstream | job log (0) log | |
| 2019/12/10 14:33 | 16m | bisect fix | upstream | job log (0) log | |
| 2019/08/01 03:31 | 17m | bisect fix | upstream | job log (0) log |
ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. ================================================================== BUG: KASAN: slab-out-of-bounds in ntfs_attr_find+0x99a/0xa00 fs/ntfs/attrib.c:613 Read of size 4 at addr ffff8801d96bfbb5 by task syzkaller786329/4469 CPU: 0 PID: 4469 Comm: syzkaller786329 Not tainted 4.16.0+ #10 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:443 ntfs_attr_find+0x99a/0xa00 fs/ntfs/attrib.c:613 ntfs_attr_lookup+0x10e1/0x22a0 fs/ntfs/attrib.c:1203 ntfs_read_inode_mount+0x6cd/0x20f0 fs/ntfs/inode.c:1858 ntfs_fill_super+0x13df/0x2fb0 fs/ntfs/super.c:2871 mount_bdev+0x2b7/0x370 fs/super.c:1119 ntfs_mount+0x34/0x40 fs/ntfs/super.c:3065 mount_fs+0x66/0x2d0 fs/super.c:1222 vfs_kern_mount.part.26+0xc6/0x4a0 fs/namespace.c:1037 vfs_kern_mount fs/namespace.c:2509 [inline] do_new_mount fs/namespace.c:2512 [inline] do_mount+0xea4/0x2bb0 fs/namespace.c:2842 SYSC_mount fs/namespace.c:3058 [inline] SyS_mount+0xab/0x120 fs/namespace.c:3035 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x442eca RSP: 002b:00007ffce22e1a98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442eca RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffce22e1aa0 RBP: 00000000006cb018 R08: 000000002007e200 R09: 000000000000000a R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 0000000000401dc0 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 2834: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 __do_kmalloc_node mm/slab.c:3670 [inline] __kmalloc_node+0x47/0x70 mm/slab.c:3677 kmalloc_node include/linux/slab.h:554 [inline] kvmalloc_node+0x99/0xd0 mm/util.c:419 kvmalloc include/linux/mm.h:541 [inline] seq_buf_alloc fs/seq_file.c:29 [inline] seq_read+0x7fc/0x1410 fs/seq_file.c:208 __vfs_read+0xef/0xa00 fs/read_write.c:411 vfs_read+0x11e/0x350 fs/read_write.c:447 SYSC_read fs/read_write.c:573 [inline] SyS_read+0xef/0x220 fs/read_write.c:566 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Freed by task 2834: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:520 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:527 __cache_free mm/slab.c:3486 [inline] kfree+0xd9/0x260 mm/slab.c:3801 kvfree+0x36/0x60 mm/util.c:438 seq_release fs/seq_file.c:368 [inline] single_release+0x78/0xb0 fs/seq_file.c:605 __fput+0x327/0x7e0 fs/file_table.c:209 ____fput+0x15/0x20 fs/file_table.c:243 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x275/0x2f0 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline] syscall_return_slowpath arch/x86/entry/common.c:265 [inline] do_syscall_64+0x6ec/0x940 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 The buggy address belongs to the object at ffff8801d96be180 which belongs to the cache kmalloc-4096 of size 4096 The buggy address is located 2613 bytes to the right of 4096-byte region [ffff8801d96be180, ffff8801d96bf180) The buggy address belongs to the page: page:ffffea000765af80 count:1 mapcount:0 mapping:ffff8801d96be180 index:0x0 compound_mapcount: 0 flags: 0x2fffc0000008100(slab|head) raw: 02fffc0000008100 ffff8801d96be180 0000000000000000 0000000100000001 raw: ffffea0006b1b820 ffffea0007622ba0 ffff8801dac00dc0 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801d96bfa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d96bfb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8801d96bfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8801d96bfc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801d96bfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018/04/02 08:04 | upstream | 0adb32858b0b | dc889257 | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
| 2020/10/14 07:35 | upstream | 029f56db6ac2 | fc7735a2 | .config | console log | report | info | ci-upstream-kasan-gce-root | ||||
| 2020/09/30 15:36 | upstream | 02de58b24d2e | 8516f6d3 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | ||||
| 2020/09/29 22:22 | upstream | ccc1d052eff9 | 5abc3f1a | .config | console log | report | info | ci-upstream-kasan-gce-root | ||||
| 2020/09/28 01:31 | upstream | a1bffa48745a | 5dd8aee8 | .config | console log | report | info | ci-upstream-kasan-gce-root | ||||
| 2020/09/27 15:15 | upstream | a1bffa48745a | 5dd8aee8 | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | ||||
| 2020/09/23 13:47 | upstream | 805c6d3c1921 | 287cd75a | .config | console log | report | info | ci-upstream-kasan-gce-root | ||||
| 2020/09/22 06:50 | upstream | 98477740630f | 9e1fa68e | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root | ||||
| 2020/09/21 12:01 | upstream | ba4f184e126b | 9e1fa68e | .config | console log | report | info | ci-upstream-kasan-gce-selinux-root |