syzbot


KASAN: stack-out-of-bounds Write in read_extent_buffer
Status: upstream: reported C repro on 2020/09/21 14:32
Reported-by: syzbot+1d393803acac53c985a0@syzkaller.appspotmail.com
First crash: 618d, last: 611d

Cause bisection: failed (bisect log)
Patch testing requests:
Created Duration User Patch Repo Result
2020/09/21 14:45 16m johannes.thumshirn@wdc.com git://github.com/kdave/btrfs-devel.git misc-5.9 OK

Sample crash report:
==================================================================
BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:399 [inline]
BUG: KASAN: stack-out-of-bounds in read_extent_buffer+0x114/0x150 fs/btrfs/extent_io.c:5674
Write of size 8 at addr ffffc90000dd79f0 by task kworker/u4:1/21

CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.9.0-rc5-next-20200917-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: btrfs-endio-meta btrfs_work_helper
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x198/0x1fb lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x497 mm/kasan/report.c:385
 __kasan_report mm/kasan/report.c:545 [inline]
 kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562
 check_memory_region_inline mm/kasan/generic.c:186 [inline]
 check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
 memcpy+0x39/0x60 mm/kasan/common.c:106
 memcpy include/linux/string.h:399 [inline]
 read_extent_buffer+0x114/0x150 fs/btrfs/extent_io.c:5674
 btree_readpage_end_io_hook+0x7de/0x950 fs/btrfs/disk-io.c:641
 end_bio_extent_readpage+0x4de/0x10c0 fs/btrfs/extent_io.c:2854
 bio_endio+0x3d3/0x7a0 block/bio.c:1449
 end_workqueue_fn+0x114/0x170 fs/btrfs/disk-io.c:1696
 btrfs_work_helper+0x20a/0xd20 fs/btrfs/async-thread.c:318
 process_one_work+0x933/0x15a0 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3af/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296


addr ffffc90000dd79f0 is located in stack of task kworker/u4:1/21 at offset 48 in frame:
 btree_readpage_end_io_hook+0x0/0x950 fs/btrfs/disk-io.c:201

this frame has 4 objects:
 [48, 52) 'val'
 [64, 80) 'fsid'
 [96, 128) 'result'
 [160, 192) 'found'

Memory state around the buggy address:
 ffffc90000dd7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90000dd7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90000dd7980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2
                                                             ^
 ffffc90000dd7a00: 00 00 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
 ffffc90000dd7a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (154):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2020/09/17 21:41 linux-next 860461e4fcaa 8247808b .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/09/24 16:08 linux-next dcf2427baa64 54289b08 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 14:57 linux-next dcf2427baa64 54289b08 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 13:38 linux-next dcf2427baa64 54289b08 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 10:22 linux-next dcf2427baa64 54289b08 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 08:17 linux-next dcf2427baa64 54289b08 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 07:04 linux-next dcf2427baa64 54289b08 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 06:44 linux-next dcf2427baa64 54289b08 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 02:34 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 01:17 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/24 00:13 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 22:51 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 19:13 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 18:01 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 15:51 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 14:50 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 14:45 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 13:45 linux-next dcf2427baa64 287cd75a .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 08:04 linux-next e64997027d5f 3e8f6c27 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 06:57 linux-next e64997027d5f 3e8f6c27 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 04:35 linux-next e64997027d5f 3e8f6c27 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/23 01:15 linux-next e64997027d5f 3e8f6c27 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 13:42 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 12:48 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 11:32 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 09:38 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 08:04 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 07:03 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 05:44 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 04:14 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 03:12 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 01:54 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/22 00:25 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 23:05 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 21:21 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 16:40 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 15:36 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 13:49 linux-next b10b8ad86211 9e1fa68e .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 09:57 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 08:10 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 06:33 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 05:27 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 04:21 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 02:24 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 00:51 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/21 00:51 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/20 20:31 linux-next b652d2a5f2a4 9564d2e9 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/17 15:44 linux-next 860461e4fcaa 8247808b .config log report info