syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-54 | KASAN: stack-out-of-bounds Read in update_stack_state | 2 | 1394d | 1402d | 0/2 | auto-closed as invalid on 2020/06/10 22:34 | |||
| upstream | KASAN: stack-out-of-bounds Read in update_stack_state kernel | C | unreliable | done | 388 | 1420d | 2114d | 17/25 | fixed on 2020/08/18 12:30 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2023/01/26 08:32 | 10m | retest repro | linux-4.14.y | report log | |
| 2022/09/08 05:27 | 10m | retest repro | linux-4.14.y | report log |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2020/07/15 11:26 | 33m | bisect fix | linux-4.14.y | job log (2) | |
| 2020/06/15 11:02 | 24m | bisect fix | linux-4.14.y | job log (0) log | |
| 2020/05/16 10:36 | 26m | bisect fix | linux-4.14.y | job log (0) log | |
| 2020/04/16 10:11 | 24m | bisect fix | linux-4.14.y | job log (0) log | |
| 2020/03/17 09:45 | 26m | bisect fix | linux-4.14.y | job log (0) log |
audit: type=1400 audit(1579294528.541:36): avc: denied { map } for pid=7324 comm="syz-executor374" path="/root/syz-executor374653520" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
==================================================================
BUG: KASAN: stack-out-of-bounds in __read_once_size include/linux/compiler.h:183 [inline]
BUG: KASAN: stack-out-of-bounds in update_stack_state+0x522/0x590 arch/x86/kernel/unwind_frame.c:270
Read of size 8 at addr ffff88808e487380 by task syz-executor374/7329
CPU: 0 PID: 7329 Comm: syz-executor374 Not tainted 4.14.166-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_address_description.cold+0x7c/0x1dc mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0xa9/0x2af mm/kasan/report.c:393
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:430
__read_once_size include/linux/compiler.h:183 [inline]
update_stack_state+0x522/0x590 arch/x86/kernel/unwind_frame.c:270
__unwind_start+0x189/0x3d0 arch/x86/kernel/unwind_frame.c:423
unwind_start arch/x86/include/asm/unwind.h:60 [inline]
perf_callchain_kernel+0x26e/0x510 arch/x86/events/core.c:2342
get_perf_callchain+0x30a/0x7c0 kernel/events/callchain.c:217
perf_callchain+0x14e/0x1a0 kernel/events/callchain.c:190
perf_prepare_sample+0x77c/0x1350 kernel/events/core.c:6143
__perf_event_output kernel/events/core.c:6259 [inline]
perf_event_output_forward+0xe7/0x200 kernel/events/core.c:6277
__perf_event_overflow+0x11e/0x330 kernel/events/core.c:7515
perf_swevent_overflow+0x17c/0x210 kernel/events/core.c:7591
perf_swevent_event+0x1ac/0x280 kernel/events/core.c:7624
do_perf_sw_event kernel/events/core.c:7732 [inline]
___perf_sw_event+0x295/0x470 kernel/events/core.c:7763
perf_sw_event_sched include/linux/perf_event.h:1063 [inline]
perf_event_task_sched_out include/linux/perf_event.h:1101 [inline]
prepare_task_switch kernel/sched/core.c:2601 [inline]
context_switch kernel/sched/core.c:2773 [inline]
__schedule+0xcc0/0x1cd0 kernel/sched/core.c:3384
schedule+0x92/0x1c0 kernel/sched/core.c:3428
freezable_schedule include/linux/freezer.h:172 [inline]
futex_wait_queue_me+0x2ec/0x5a0 kernel/futex.c:2705
futex_wait+0x1f9/0x580 kernel/futex.c:2820
do_futex+0x14a/0x19e0 kernel/futex.c:3903
SYSC_futex kernel/futex.c:3963 [inline]
SyS_futex+0x215/0x310 kernel/futex.c:3931
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x446849
RSP: 002b:00007f7db89fadb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446849
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc28
RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007ffd4d4a0cdf R14: 00007f7db89fb9c0 R15: 20c49ba5e353f7cf
The buggy address belongs to the page:
page:ffffea00023921c0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0xfffe0000000000()
raw: 00fffe0000000000 0000000000000000 0000000000000000 00000000ffffffff
raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88808e487280: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
ffff88808e487300: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3
>ffff88808e487380: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
^
ffff88808e487400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
ffff88808e487480: 00 f3 f3 f3 00 00 00 00 00 00 00 00 f1 f1 f1 f1
==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/01/17 20:58 | linux-4.14.y | c1141b3aab36 | 3de7aabb | .config | console log | report | syz | C | ci2-linux-4-14 | |||
| 2020/02/16 09:44 | linux-4.14.y | 98db2bf27b9e | 5d7b90f1 | .config | console log | report | ci2-linux-4-14 | |||||
| 2020/02/06 08:50 | linux-4.14.y | e0f8b8a65a47 | 662cf49a | .config | console log | report | ci2-linux-4-14 | |||||
| 2020/01/21 18:16 | linux-4.14.y | c1141b3aab36 | 8eda0b95 | .config | console log | report | ci2-linux-4-14 | |||||
| 2020/01/20 20:35 | linux-4.14.y | c1141b3aab36 | c40da18c | .config | console log | report | ci2-linux-4-14 | |||||
| 2020/01/17 19:49 | linux-4.14.y | c1141b3aab36 | 3de7aabb | .config | console log | report | ci2-linux-4-14 | |||||
| 2019/11/18 21:35 | linux-4.14.y | 775d01b65b5d | d5696d51 | .config | console log | report | ci2-linux-4-14 | |||||
| 2019/10/10 05:01 | linux-4.14.y | 42327896f194 | c4b9981b | .config | console log | report | ci2-linux-4-14 | |||||
| 2019/10/02 03:37 | linux-4.14.y | f6e27dbb1afa | b7a87a83 | .config | console log | report | ci2-linux-4-14 | |||||
| 2019/09/30 05:13 | linux-4.14.y | f6e27dbb1afa | c1ad5441 | .config | console log | report | ci2-linux-4-14 | |||||
| 2019/08/27 11:46 | linux-4.14.y | b5260801526c | d21c5d9d | .config | console log | report | ci2-linux-4-14 |