syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [73]
🐞 Invalid [886]
Missing Backports [114]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress

Status: upstream: reported C repro on 2025/02/25 19:01
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+97e2bfc681254dbac9d6@syzkaller.appspotmail.com
First crash: 105d, last: 11h39m
Bug presence (2)
Date Name Commit Repro Result
2025/06/06 linux-5.15.y (ToT) 1c700860e8bc C [report] KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/06 upstream (ToT) e271ed52b344 C Didn't crash
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in z_erofs_lz4_decompress erofs 1 675d 675d 0/28 auto-obsoleted due to no activity on 2023/11/03 19:44
upstream KMSAN: uninit-value in z_erofs_lz4_decompress (3) erofs C 16 489d 496d 0/28 closed as dup on 2024/03/19 10:34
upstream KMSAN: uninit-value in z_erofs_lz4_decompress (2) erofs C 33 499d 532d 25/28 fixed on 2024/01/30 15:47
upstream KMSAN: kernel-infoleak in _copy_to_iter (7) net C 138977 838d 1190d 22/28 fixed on 2023/02/24 13:50
upstream KMSAN: kernel-infoleak in _copy_to_iter (8) mm C 21180 734d 828d 22/28 fixed on 2023/06/08 14:41

Sample crash report:
erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance @ nid 36
erofs: (device loop0): z_erofs_readahead: readahead error at page 46 @ nid 36
attempt to access beyond end of device
loop0: rw=524288, want=32, limit=16
erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -29 in[58, 4038] out[3537]
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in hex_dump_to_buffer+0x3c0/0xd50 lib/hexdump.c:193
Read of size 1 at addr ffffc90000e47000 by task syz-executor301/4166

CPU: 1 PID: 4166 Comm: syz-executor301 Not tainted 5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 print_address_description+0x60/0x2d0 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:434 [inline]
 kasan_report+0xdf/0x130 mm/kasan/report.c:451
 hex_dump_to_buffer+0x3c0/0xd50 lib/hexdump.c:193
 print_hex_dump+0x136/0x260 lib/hexdump.c:276
 z_erofs_lz4_decompress+0xc7f/0x1180 fs/erofs/decompressor.c:243
 z_erofs_decompress_generic fs/erofs/decompressor.c:332 [inline]
 z_erofs_decompress+0x767/0xde0 fs/erofs/decompressor.c:410
 z_erofs_decompress_pcluster fs/erofs/zdata.c:980 [inline]
 z_erofs_decompress_queue+0x11a6/0x1990 fs/erofs/zdata.c:1058
 z_erofs_runqueue+0x164c/0x1890 fs/erofs/zdata.c:1370
 z_erofs_readahead+0xb81/0x10c0 fs/erofs/zdata.c:1459
 read_pages+0x165/0x920 mm/readahead.c:130
 page_cache_ra_unbounded+0x830/0x930 mm/readahead.c:239
 do_page_cache_ra mm/readahead.c:269 [inline]
 force_page_cache_ra+0x3e5/0x440 mm/readahead.c:301
 force_page_cache_readahead mm/internal.h:78 [inline]
 generic_fadvise+0x520/0x7d0 mm/fadvise.c:107
 vfs_fadvise mm/fadvise.c:186 [inline]
 ksys_fadvise64_64 mm/fadvise.c:200 [inline]
 __do_sys_fadvise64 mm/fadvise.c:215 [inline]
 __se_sys_fadvise64 mm/fadvise.c:213 [inline]
 __x64_sys_fadvise64+0x139/0x180 mm/fadvise.c:213
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fec7c8406b9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd721e6068 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
RAX: ffffffffffffffda RBX: 00007ffd721e6238 RCX: 00007fec7c8406b9
RDX: 0000000000020000 RSI: 000000000000fcff RDI: 0000000000000004
RBP: 00007fec7c8b3610 R08: 0000000000000000 R09: 00007ffd721e6238
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffd721e6228 R14: 0000000000000001 R15: 0000000000000001
 </TASK>


Memory state around the buggy address:
 ffffc90000e46f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90000e46f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90000e47000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90000e47080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90000e47100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (388):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/06 01:31 linux-5.15.y 1c700860e8bc 6b6b5f21 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/02/25 19:59 linux-5.15.y c16c81c81336 d34966d1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/02/25 19:21 linux-5.15.y c16c81c81336 d34966d1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/10 07:46 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/10 06:07 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/10 06:07 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/08 16:11 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/08 01:08 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/06 18:58 linux-5.15.y 1c700860e8bc 9fa58bba .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/06 00:40 linux-5.15.y 1c700860e8bc 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/02 20:09 linux-5.15.y 98f47d0e9b8c b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/02 06:57 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/01 19:35 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/01 05:13 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/01 01:36 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/30 06:49 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/29 12:07 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/27 00:00 linux-5.15.y 98f47d0e9b8c 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/25 08:02 linux-5.15.y 98f47d0e9b8c ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/22 22:21 linux-5.15.y 98f47d0e9b8c 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/22 10:30 linux-5.15.y a68c15152131 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/21 19:11 linux-5.15.y a68c15152131 dc5d3808 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/21 18:08 linux-5.15.y a68c15152131 dc5d3808 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/20 23:40 linux-5.15.y a68c15152131 b47f9e02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/18 04:56 linux-5.15.y 3b8db0e4f263 f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/17 11:55 linux-5.15.y 3b8db0e4f263 f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/16 14:43 linux-5.15.y 3b8db0e4f263 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/15 14:44 linux-5.15.y 3b8db0e4f263 d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/15 14:44 linux-5.15.y 3b8db0e4f263 d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/11 03:32 linux-5.15.y 1c700860e8bc 5d7e17ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/08 14:54 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/08 00:08 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/06 17:25 linux-5.15.y 1c700860e8bc 9fa58bba .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/02 18:24 linux-5.15.y 98f47d0e9b8c b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/06/01 18:29 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/26 21:15 linux-5.15.y 98f47d0e9b8c 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/26 05:28 linux-5.15.y 98f47d0e9b8c 2d4582d0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/24 18:56 linux-5.15.y 98f47d0e9b8c ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/23 07:55 linux-5.15.y 98f47d0e9b8c fa44301a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/23 06:55 linux-5.15.y 98f47d0e9b8c fa44301a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/22 23:48 linux-5.15.y 98f47d0e9b8c 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/22 09:04 linux-5.15.y a68c15152131 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/21 18:01 linux-5.15.y a68c15152131 dc5d3808 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/21 06:42 linux-5.15.y a68c15152131 b47f9e02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/20 22:14 linux-5.15.y a68c15152131 b47f9e02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/20 19:57 linux-5.15.y a68c15152131 b47f9e02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/19 06:49 linux-5.15.y a68c15152131 f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/05/16 03:25 linux-5.15.y 3b8db0e4f263 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
2025/02/25 19:01 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: vmalloc-out-of-bounds Read in z_erofs_lz4_decompress
* Struck through repros no longer work on HEAD.