syzbot |
sign-in | mailing list | source | docs |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2021/06/20 20:09 | 5h38m | bisect fix | linux-4.19.y | OK (5) job log | |
| 2021/05/04 19:00 | 23m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/04/04 18:35 | 25m | bisect fix | linux-4.19.y | OK (0) job log log |
audit: type=1400 audit(1602976135.984:8): avc: denied { execmem } for pid=6489 comm="syz-executor322" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:674 [inline]
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/fbdev/core/bitblit.c:96 [inline]
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xbe2/0xd35 drivers/video/fbdev/core/bitblit.c:185
Read of size 1 at addr ffff8880898b123e by task syz-executor322/6489
CPU: 1 PID: 6489 Comm: syz-executor322 Not tainted 4.19.152-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
print_address_description.cold+0x56/0x25c mm/kasan/report.c:256
kasan_report_error.cold+0x66/0xb9 mm/kasan/report.c:354
kasan_report mm/kasan/report.c:412 [inline]
__asan_report_load1_noabort+0x88/0x90 mm/kasan/report.c:430
__fb_pad_aligned_buffer include/linux/fb.h:674 [inline]
bit_putcs_aligned drivers/video/fbdev/core/bitblit.c:96 [inline]
bit_putcs+0xbe2/0xd35 drivers/video/fbdev/core/bitblit.c:185
fbcon_putcs+0x389/0x5d0 drivers/video/fbdev/core/fbcon.c:1269
con_flush drivers/tty/vt/vt.c:2559 [inline]
do_con_write+0x671/0x1f40 drivers/tty/vt/vt.c:2809
con_write+0x22/0xb0 drivers/tty/vt/vt.c:3145
process_output_block drivers/tty/n_tty.c:593 [inline]
n_tty_write+0x3c0/0xff0 drivers/tty/n_tty.c:2331
do_tty_write drivers/tty/tty_io.c:960 [inline]
tty_write+0x496/0x890 drivers/tty/tty_io.c:1044
__vfs_write+0xf7/0x770 fs/read_write.c:485
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4403c9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff5d8fd448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403c9
RDX: 0000000000001006 RSI: 0000000020000180 RDI: 0000000000000006
RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 000000000000000d R11: 0000000000000246 R12: 0000000000401c30
R13: 0000000000401cc0 R14: 0000000000000000 R15: 0000000000000000
Allocated by task 6471:
__do_kmalloc_node mm/slab.c:3689 [inline]
__kmalloc_node_track_caller+0x4c/0x70 mm/slab.c:3703
__kmalloc_reserve net/core/skbuff.c:137 [inline]
__alloc_skb+0xae/0x580 net/core/skbuff.c:205
alloc_skb include/linux/skbuff.h:995 [inline]
__tcp_send_ack+0xb3/0x610 net/ipv4/tcp_output.c:3619
tcp_delack_timer_handler+0x339/0x760 net/ipv4/tcp_timer.c:303
tcp_delack_timer+0x95/0x270 net/ipv4/tcp_timer.c:330
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
Freed by task 0:
__cache_free mm/slab.c:3503 [inline]
kfree+0xcc/0x250 mm/slab.c:3822
skb_free_head net/core/skbuff.c:554 [inline]
skb_release_data+0x6ea/0x930 net/core/skbuff.c:574
skb_release_all net/core/skbuff.c:631 [inline]
__kfree_skb net/core/skbuff.c:645 [inline]
consume_skb+0x113/0x3e0 net/core/skbuff.c:705
__dev_kfree_skb_any+0x9c/0xd0 net/core/dev.c:2796
dev_consume_skb_any include/linux/netdevice.h:3557 [inline]
napi_consume_skb+0x4a8/0x650 net/core/skbuff.c:769
free_old_xmit_skbs+0xdb/0x240 drivers/net/virtio_net.c:1379
start_xmit+0x156/0x17c0 drivers/net/virtio_net.c:1575
__netdev_start_xmit include/linux/netdevice.h:4333 [inline]
netdev_start_xmit include/linux/netdevice.h:4347 [inline]
xmit_one net/core/dev.c:3256 [inline]
dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272
sch_direct_xmit+0x2cf/0xf70 net/sched/sch_generic.c:332
qdisc_restart net/sched/sch_generic.c:395 [inline]
__qdisc_run+0x4fc/0x1680 net/sched/sch_generic.c:403
qdisc_run include/net/pkt_sched.h:120 [inline]
__dev_xmit_skb net/core/dev.c:3451 [inline]
__dev_queue_xmit+0x21fe/0x2ec0 net/core/dev.c:3807
neigh_hh_output include/net/neighbour.h:491 [inline]
neigh_output include/net/neighbour.h:499 [inline]
ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230
ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x650 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
__ip_queue_xmit+0x8a0/0x1bd0 net/ipv4/ip_output.c:506
__tcp_transmit_skb+0x1c72/0x36c0 net/ipv4/tcp_output.c:1148
tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline]
tcp_write_xmit+0x839/0x5050 net/ipv4/tcp_output.c:2389
__tcp_push_pending_frames+0xae/0x280 net/ipv4/tcp_output.c:2568
tcp_push_pending_frames include/net/tcp.h:1772 [inline]
tcp_data_snd_check net/ipv4/tcp_input.c:5179 [inline]
tcp_rcv_established+0x1359/0x1d10 net/ipv4/tcp_input.c:5588
tcp_v4_do_rcv+0x5d6/0x870 net/ipv4/tcp_ipv4.c:1544
tcp_v4_rcv+0x2c1d/0x3bd0 net/ipv4/tcp_ipv4.c:1829
ip_local_deliver_finish+0x4cb/0xc80 net/ipv4/ip_input.c:215
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_local_deliver+0x188/0x560 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
NF_HOOK include/linux/netfilter.h:289 [inline]
ip_rcv+0xca/0x420 net/ipv4/ip_input.c:524
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
__netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
netif_receive_skb_internal+0x110/0x450 net/core/dev.c:5156
napi_skb_finish net/core/dev.c:5600 [inline]
napi_gro_receive+0x303/0x460 net/core/dev.c:5631
receive_buf+0x1045/0x6250 drivers/net/virtio_net.c:1072
virtnet_receive drivers/net/virtio_net.c:1336 [inline]
virtnet_poll+0x52f/0xda0 drivers/net/virtio_net.c:1441
napi_poll net/core/dev.c:6272 [inline]
net_rx_action+0x4e5/0x10d0 net/core/dev.c:6338
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
The buggy address belongs to the object at ffff8880898b0dc0
which belongs to the cache kmalloc-1024 of size 1024
The buggy address is located 126 bytes to the right of
1024-byte region [ffff8880898b0dc0, ffff8880898b11c0)
The buggy address belongs to the page:
page:ffffea0002262c00 count:1 mapcount:0 mapping:ffff88812c3f6ac0 index:0x0 compound_mapcount: 0
flags: 0xfffe0000008100(slab|head)
raw: 00fffe0000008100 ffffea0002931388 ffffea0002267b08 ffff88812c3f6ac0
raw: 0000000000000000 ffff8880898b0040 0000000100000007 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880898b1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880898b1180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff8880898b1200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
^
ffff8880898b1280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8880898b1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/10/17 23:10 | linux-4.19.y | ad326970d25c | fea47c01 | .config | console log | report | syz | C | ci2-linux-4-19 | |||
| 2020/07/12 10:40 | linux-4.19.y | dce0f88600e4 | 115e1930 | .config | console log | report | syz | C | ci2-linux-4-19 | |||
| 2020/04/14 17:44 | linux-4.19.y | 6dd0e32665e5 | 3f3c5574 | .config | console log | report | syz | C | ci2-linux-4-19 | |||
| 2019/12/08 09:46 | linux-4.19.y | fb683b5e3f53 | 1508f453 | .config | console log | report | syz | C | ci2-linux-4-19 | |||
| 2019/12/03 11:46 | linux-4.19.y | 174651bdf802 | ab342da3 | .config | console log | report | syz | C | ci2-linux-4-19 | |||
| 2021/05/21 06:53 | linux-4.19.y | 3c8c23092588 | 3c7fef33 | .config | console log | report | info | ci2-linux-4-19 | KASAN: slab-out-of-bounds Read in bit_putcs | |||
| 2021/05/07 22:25 | linux-4.19.y | 3c8c23092588 | bc5434be | .config | console log | report | info | ci2-linux-4-19 | KASAN: slab-out-of-bounds Read in bit_putcs | |||
| 2021/03/05 18:22 | linux-4.19.y | dfb571610ba3 | 4a024a9b | .config | console log | report | info | ci2-linux-4-19 | KASAN: slab-out-of-bounds Read in bit_putcs | |||
| 2021/02/04 09:41 | linux-4.19.y | 811218eceeaa | 624dad51 | .config | console log | report | info | ci2-linux-4-19 | KASAN: slab-out-of-bounds Read in bit_putcs | |||
| 2021/01/21 12:53 | linux-4.19.y | 43d555d83c3f | d4f4eca5 | .config | console log | report | info | ci2-linux-4-19 | KASAN: slab-out-of-bounds Read in bit_putcs | |||
| 2021/01/04 21:06 | linux-4.19.y | 3207316b3bee | 2a28ff1f | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/12/17 21:24 | linux-4.19.y | 13d2ce42de8c | 04201c06 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/11/30 00:09 | linux-4.19.y | 0c88e405c97e | a0092f9d | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/11/25 20:41 | linux-4.19.y | 0c88e405c97e | 3f581b43 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/11/03 22:35 | linux-4.19.y | f5d8eef067ac | cba33199 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/11/03 11:51 | linux-4.19.y | f5d8eef067ac | cba33199 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/10/21 03:07 | linux-4.19.y | ad326970d25c | ff4a3345 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/10/09 12:44 | linux-4.19.y | a1b977b49b66 | fa79ed2a | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/10/03 00:42 | linux-4.19.y | b09c34517e1a | 062c9832 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/09/16 21:16 | linux-4.19.y | a87f96283793 | 77507d02 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/09/16 17:38 | linux-4.19.y | a87f96283793 | 77507d02 | .config | console log | report | info | ci2-linux-4-19 | ||||
| 2020/09/08 20:54 | linux-4.19.y | c37da90efff5 | abf9ba4f | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/08/31 06:39 | linux-4.19.y | f6d5cb9e2c06 | d5a3ae1f | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/08/22 19:51 | linux-4.19.y | d18b78abc0c6 | 6436ce4b | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/08/15 20:51 | linux-4.19.y | c14d30dc9987 | 5ce13532 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/08/14 00:16 | linux-4.19.y | c14d30dc9987 | 54ce1ed6 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/08/12 23:54 | linux-4.19.y | c14d30dc9987 | bc15f7db | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/08/11 03:07 | linux-4.19.y | 961f830af065 | d3694ffb | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/08/05 16:49 | linux-4.19.y | c076c79e03c6 | b7129355 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/22 02:43 | linux-4.19.y | 17a87580a885 | 21f1765e | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/19 20:25 | linux-4.19.y | 17a87580a885 | 9c812472 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/16 12:49 | linux-4.19.y | 17a87580a885 | b090c643 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/15 22:22 | linux-4.19.y | dce0f88600e4 | ada108d0 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/07 19:20 | linux-4.19.y | 399849e4654e | 08fc4ef1 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/05 12:39 | linux-4.19.y | 399849e4654e | 22f87567 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/04 17:34 | linux-4.19.y | 399849e4654e | 4f739670 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/01 11:12 | linux-4.19.y | 399849e4654e | 090d8f7b | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/07/01 08:03 | linux-4.19.y | a39e75458e1c | c0383ebe | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/27 09:30 | linux-4.19.y | a39e75458e1c | 032b4239 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/27 05:39 | linux-4.19.y | a39e75458e1c | ffec44b5 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/26 12:02 | linux-4.19.y | a39e75458e1c | b202c7a8 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/24 18:50 | linux-4.19.y | b3a99fd385fa | 41694dbf | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/24 16:03 | linux-4.19.y | b3a99fd385fa | 41694dbf | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/24 09:23 | linux-4.19.y | b3a99fd385fa | bbad15ae | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/22 17:06 | linux-4.19.y | b3a99fd385fa | 1afe1535 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/21 15:12 | linux-4.19.y | 3fc898571b97 | 4f2acff9 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/19 15:04 | linux-4.19.y | 3fc898571b97 | 123cf502 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/18 16:37 | linux-4.19.y | 3fc898571b97 | 3ea11d3f | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/13 22:34 | linux-4.19.y | 3fc898571b97 | dbce178a | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/12 17:31 | linux-4.19.y | 3fc898571b97 | 3036d6fd | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/08 16:00 | linux-4.19.y | 106fa147d3da | 7604bb03 | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/06 14:10 | linux-4.19.y | 4707d8e57273 | e6b89e4e | .config | console log | report | ci2-linux-4-19 | |||||
| 2020/06/05 13:53 | linux-4.19.y | 4707d8e57273 | d36418e9 | .config | console log | report | ci2-linux-4-19 |