syzbot

 sign-in | mailing list | source | docs
🐞 Open [743]
🐞 Fixed [120]
🐞 Invalid [765]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: use-after-free Read in reiserfs_release_objectid (2)

Status: upstream: reported C repro on 2025/01/08 08:59
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+8b37105f98b0cda6bbcd@syzkaller.appspotmail.com
First crash: 150d, last: 34d
Bug presence (2)
Date Name Commit Repro Result
2025/01/08 linux-6.1.y (ToT) 7dc732d24ff7 C [report] KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 upstream (ToT) eea6e4b4dfb8 C Didn't crash
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Read in reiserfs_release_objectid C 1 828d 916d 0/1 upstream: reported C repro on 2022/12/04 21:28
linux-6.1 KASAN: use-after-free Read in reiserfs_release_objectid 1 790d 790d 0/3 auto-obsoleted due to no activity on 2023/08/07 07:31
upstream KASAN: use-after-free Read in reiserfs_release_objectid reiserfs C error done 6 520d 921d 0/28 auto-obsoleted due to no activity on 2024/05/25 08:15
linux-5.15 KASAN: use-after-free Read in reiserfs_release_objectid origin:upstream missing-backport C error 81 5d23h 318d 0/3 upstream: reported C repro on 2024/07/24 14:44
linux-4.19 KASAN: use-after-free Read in reiserfs_release_objectid reiserfs C error 2 846d 922d 0/1 upstream: reported C repro on 2022/11/28 17:34
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/03/23 11:07 17m fix candidate upstream error job log

Sample crash report:
REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP
==================================================================
BUG: KASAN: use-after-free in reiserfs_release_objectid+0x430/0x614 fs/reiserfs/objectid.c:165
Read of size 8188 at addr ffff0000d4baf050 by task syz-executor163/4294

CPU: 0 PID: 4294 Comm: syz-executor163 Not tainted 6.1.135-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 print_address_description+0x88/0x220 mm/kasan/report.c:316
 print_report+0x50/0x68 mm/kasan/report.c:427
 kasan_report+0xa8/0x100 mm/kasan/report.c:531
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x260/0x2a0 mm/kasan/generic.c:189
 memmove+0x48/0x90 mm/kasan/shadow.c:54
 reiserfs_release_objectid+0x430/0x614 fs/reiserfs/objectid.c:165
 remove_save_link+0x21c/0x320 fs/reiserfs/super.c:542
 reiserfs_evict_inode+0x2fc/0x3e8 fs/reiserfs/inode.c:91
 evict+0x3c8/0x810 fs/inode.c:705
 iput_final fs/inode.c:1834 [inline]
 iput+0x764/0x7f4 fs/inode.c:1860
 do_unlinkat+0x360/0x4e8 fs/namei.c:4397
 __do_sys_unlinkat fs/namei.c:4433 [inline]
 __se_sys_unlinkat fs/namei.c:4426 [inline]
 __arm64_sys_unlinkat+0xe0/0xfc fs/namei.c:4426
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

The buggy address belongs to the physical page:
page:000000008c20dc2e refcount:2 mapcount:0 mapping:000000007a1c2416 index:0x10 pfn:0x114baf
memcg:ffff0000c0940000
aops:def_blk_aops ino:700002
flags: 0x5ffd60000022056(referenced|uptodate|lru|workingset|private|mappedtodisk|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffd60000022056 fffffc0003423388 fffffc000326eac8 ffff0000c0493410
raw: 0000000000000010 ffff0000e16ab740 00000002ffffffff ffff0000c0940000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000d4baff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff0000d4baff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000d4bb0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff0000d4bb0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000d4bb0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

Crashes (50):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/28 06:40 linux-6.1.y 535ec20c5027 c6b4fb39 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 14:11 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 12:52 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 11:45 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 10:11 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/05/04 16:49 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/04/28 18:18 linux-6.1.y 535ec20c5027 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/04/14 12:13 linux-6.1.y 420102835862 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/04/01 00:14 linux-6.1.y 8e60a714ba3b d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/03/22 16:43 linux-6.1.y 344a09659766 c6512ef7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/03/16 14:43 linux-6.1.y 344a09659766 e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/03/07 00:51 linux-6.1.y 3a8358583626 831e3629 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/02/16 05:33 linux-6.1.y 0cbb5f65e52f 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/02/16 01:12 linux-6.1.y 0cbb5f65e52f 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/02/16 01:12 linux-6.1.y 0cbb5f65e52f 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/02/16 01:09 linux-6.1.y 0cbb5f65e52f 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/21 08:18 linux-6.1.y f4f677285b38 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/19 04:03 linux-6.1.y 60ceadf9247e f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/18 03:41 linux-6.1.y 60ceadf9247e f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/18 03:41 linux-6.1.y 60ceadf9247e f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/16 16:11 linux-6.1.y c63962be84ef f9e07a6e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/16 01:06 linux-6.1.y c63962be84ef 968edaf4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/16 01:04 linux-6.1.y c63962be84ef 968edaf4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/14 17:29 linux-6.1.y c63962be84ef f310a27d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/14 04:49 linux-6.1.y c63962be84ef b1f1cd88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/14 04:49 linux-6.1.y c63962be84ef b1f1cd88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/13 14:26 linux-6.1.y c63962be84ef 249ceea9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/13 04:21 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/12 04:42 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/12 04:41 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/12 04:40 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/12 04:38 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/12 04:38 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/11 20:38 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/11 15:39 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/10 05:07 linux-6.1.y c63962be84ef 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/10 05:05 linux-6.1.y c63962be84ef 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/09 23:20 linux-6.1.y c63962be84ef 9220929f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/09 01:09 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 18:30 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 09:09 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 09:08 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 09:00 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/01/08 08:58 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: use-after-free Read in reiserfs_release_objectid
2025/04/28 02:54 linux-6.1.y 535ec20c5027 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: slab-out-of-bounds Read in reiserfs_release_objectid
2025/04/14 09:31 linux-6.1.y 420102835862 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: slab-out-of-bounds Read in reiserfs_release_objectid
2025/04/03 13:51 linux-6.1.y 8e60a714ba3b 996a9618 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: slab-out-of-bounds Read in reiserfs_release_objectid
2025/01/19 11:41 linux-6.1.y f4f677285b38 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: out-of-bounds Read in reiserfs_release_objectid
2025/01/10 05:06 linux-6.1.y c63962be84ef 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 KASAN: slab-out-of-bounds Read in reiserfs_release_objectid
* Struck through repros no longer work on HEAD.