syzbot


KASAN: slab-out-of-bounds Read in ovl_check_fb_len

Status: fixed on 2020/07/17 17:58
Subsystems: overlayfs
[Documentation on labels]
Reported-by: syzbot+61958888b1c60361a791@syzkaller.appspotmail.com
Fix commit: 522f6e6cba68 ovl: fix out of bounds access warning in ovl_check_fb_len()
First crash: 1406d, last: 1406d
Cause bisection: introduced by (bisect log) :
commit cbe7fba8edfc8cb8e621599e376f8ac5c224fa72
Author: Amir Goldstein <amir73il@gmail.com>
Date: Fri Nov 15 11:33:03 2019 +0000

  ovl: make sure that real fid is 32bit aligned in memory

Crash: KASAN: slab-out-of-bounds Read in ovl_check_fb_len (log)
Repro: syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 5.6 000/161] 5.6.19-rc1 review 164 (164) 2020/06/16 17:11
[PATCH 5.7 000/163] 5.7.3-rc1 review 164 (164) 2020/06/16 15:35
KASAN: slab-out-of-bounds Read in ovl_check_fb_len 1 (3) 2020/05/23 11:33
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/05/23 09:17 17m amir73il@gmail.com https://github.com/amir73il/linux.git ovl-fixes OK

Sample crash report:
==================================================================
BUG: KASAN: slab-out-of-bounds in ovl_check_fb_len+0x171/0x1a0 fs/overlayfs/namei.c:89
Read of size 1 at addr ffff88809727834d by task syz-executor.4/8488

CPU: 0 PID: 8488 Comm: syz-executor.4 Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0xd3/0x413 mm/kasan/report.c:382
 __kasan_report.cold+0x20/0x38 mm/kasan/report.c:511
 kasan_report+0x33/0x50 mm/kasan/common.c:625
 ovl_check_fb_len+0x171/0x1a0 fs/overlayfs/namei.c:89
 ovl_check_fh_len fs/overlayfs/overlayfs.h:358 [inline]
 ovl_fh_to_dentry+0x1ab/0x814 fs/overlayfs/export.c:812
 exportfs_decode_fh+0x11f/0x717 fs/exportfs/expfs.c:434

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/21 20:48 upstream b85051e755b0 1f30020f .config console log report syz ci-upstream-kasan-gce-root
2020/05/21 21:43 linux-next ac935d227366 1f30020f .config console log report syz ci-upstream-linux-next-kasan-gce-root
2020/05/21 20:21 upstream b85051e755b0 1f30020f .config console log report ci-upstream-kasan-gce-root
* Struck through repros no longer work on HEAD.