From: Eric Biggers <ebiggers@kernel.org>
To: syzbot <syzbot+9f6d080dece587cfdd4c@syzkaller.appspotmail.com>
Cc: ardb@kernel.org, bp@alien8.de, chandan.babu@oracle.com,
dave.hansen@linux.intel.com, hpa@zytor.com,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-xfs@vger.kernel.org, mingo@redhat.com,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
x86@kernel.org
Subject: Re: [syzbot] [xfs?] KASAN: slab-out-of-bounds Read in xlog_cksum
Date: Tue, 4 Mar 2025 19:20:36 -0800 [thread overview]
Message-ID: <20250305032036.GD20133@sol.localdomain> (raw)
In-Reply-To: <67c72724.050a0220.38b91b.0244.GAE@google.com>
On Tue, Mar 04, 2025 at 08:15:32AM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 99fa936e8e4f Merge tag 'affs-6.14-rc5-tag' of git://git.ke..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=111c9464580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2040405600e83619
> dashboard link: https://syzkaller.appspot.com/bug?extid=9f6d080dece587cfdd4c
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=132f0078580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1483fc54580000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-99fa936e.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/ef04f83d96f6/vmlinux-99fa936e.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/583a7eea5c8e/bzImage-99fa936e.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/6232fcdbddfb/mount_1.gz
> fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=11d457a0580000)
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+9f6d080dece587cfdd4c@syzkaller.appspotmail.com
>
> =======================================================
> XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in crc32c_le_arch+0xc7/0x1b0 arch/x86/lib/crc32-glue.c:81
> Read of size 8 at addr ffff888040dfea00 by task syz-executor260/5304
>
> CPU: 0 UID: 0 PID: 5304 Comm: syz-executor260 Not tainted 6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
> print_address_description mm/kasan/report.c:408 [inline]
> print_report+0x16e/0x5b0 mm/kasan/report.c:521
> kasan_report+0x143/0x180 mm/kasan/report.c:634
> crc32c_le_arch+0xc7/0x1b0 arch/x86/lib/crc32-glue.c:81
> __crc32c_le include/linux/crc32.h:36 [inline]
> crc32c include/linux/crc32c.h:9 [inline]
> xlog_cksum+0x91/0xf0 fs/xfs/xfs_log.c:1588
> xlog_recover_process+0x78/0x1e0 fs/xfs/xfs_log_recover.c:2900
> xlog_do_recovery_pass+0xa01/0xdc0 fs/xfs/xfs_log_recover.c:3235
> xlog_verify_head+0x21f/0x5a0 fs/xfs/xfs_log_recover.c:1058
> xlog_find_tail+0xa04/0xdf0 fs/xfs/xfs_log_recover.c:1315
> xlog_recover+0xe1/0x540 fs/xfs/xfs_log_recover.c:3419
This got sent "To:" me because of crc32c in the call stack. The bug is in XFS,
though; it's passing an invalid buffer to crc32c().
- Eric
next prev parent reply other threads:[~2025-03-05 3:20 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 16:15 [syzbot] [xfs?] KASAN: slab-out-of-bounds Read in xlog_cksum syzbot
2025-03-05 1:53 ` Edward Adam Davis
2025-03-05 2:14 ` syzbot
2025-03-05 3:20 ` Eric Biggers [this message]
2025-03-05 12:08 ` Edward Adam Davis
2025-03-05 12:28 ` syzbot
2025-03-13 4:06 ` Julian Sun
2025-03-13 4:06 ` syzbot
2025-03-13 4:12 ` Julian Sun
2025-03-13 4:29 ` syzbot
2025-11-12 1:09 ` Forwarded: test fix syzbot
2025-11-12 16:38 ` syzbot
2025-11-12 17:27 ` syzbot
2025-11-13 3:49 ` syzbot
2025-11-19 1:45 ` syzbot
2025-11-24 0:39 ` syzbot
[not found] <aRPePxH1_OtOKcM3@rpthibeault-XPS-13-9305>
2025-11-12 1:39 ` [syzbot] [xfs?] KASAN: slab-out-of-bounds Read in xlog_cksum syzbot
[not found] <aRS3-Fgb94VD7Msl@rpthibeault-XPS-13-9305>
2025-11-12 17:16 ` syzbot
[not found] <aRTDbeqyL7YhIyKf@rpthibeault-XPS-13-9305>
2025-11-12 18:13 ` syzbot
[not found] <aRVVLrFguzGI0Kbq@rpthibeault-XPS-13-9305>
2025-11-13 4:20 ` syzbot
[not found] <aR0hHnmp2lT9dDxq@rpthibeault-XPS-13-9305>
2025-11-19 2:09 ` syzbot
[not found] <aSOpTDNf0Zn3FpSl@rpthibeault-XPS-13-9305>
2025-11-24 1:21 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250305032036.GD20133@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=chandan.babu@oracle.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=syzbot+9f6d080dece587cfdd4c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox