| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2023/09/28 | android13-5.15-lts (ToT) | ea586874d2f9 | C | [report] KASAN: invalid-free in anon_vma_name_free |
| 2023/09/28 | lts (merge base) | aff03380bda4 | C | Didn't crash |
| 2023/09/28 | upstream (ToT) | 633b47cb009d | C | Didn't crash |
syzbot |
sign-in | mailing list | source | docs |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2023/09/28 | android13-5.15-lts (ToT) | ea586874d2f9 | C | [report] KASAN: invalid-free in anon_vma_name_free |
| 2023/09/28 | lts (merge base) | aff03380bda4 | C | Didn't crash |
| 2023/09/28 | upstream (ToT) | 633b47cb009d | C | Didn't crash |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2025/12/02 10:54 | 33m | retest repro | android13-5.15-lts | report log | |
| 2025/11/18 00:23 | 8m | retest repro | android13-5.15-lts | report log | |
| 2025/11/18 00:23 | 8m | retest repro | android13-5.15-lts | report log | |
| 2025/11/18 00:23 | 10m | retest repro | android13-5.15-lts | report log | |
| 2025/11/16 02:12 | 16m | retest repro | android13-5.15-lts | report log | |
| 2025/11/16 02:12 | 8m | retest repro | android13-5.15-lts | report log | |
| 2025/11/01 21:03 | 14m | retest repro | android13-5.15-lts | report log | |
| 2025/11/01 21:03 | 14m | retest repro | android13-5.15-lts | report log | |
| 2025/11/01 21:03 | 14m | retest repro | android13-5.15-lts | report log | |
| 2025/11/01 21:03 | 7m | retest repro | android13-5.15-lts | report log | |
| 2023/04/06 08:26 | 27m | tudor.ambarus@linaro.org | git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git v5.15.80 | OK log | |
| 2023/04/04 10:50 | 11m | tudor.ambarus@linaro.org | android13-5.15-lts | report log | |
| 2022/12/12 17:34 | 7m | tudor.ambarus@linaro.org | android13-5.15-lts | report log | |
| 2022/12/09 16:05 | 15m | tudor.ambarus@linaro.org | git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y | OK log | |
| 2022/12/09 16:04 | 16m | tudor.ambarus@linaro.org | upstream | OK log |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2025/09/18 16:03 | 1h59m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2025/06/29 19:46 | 1h49m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2024/09/17 14:42 | 1h17m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2024/04/03 01:56 | 5h11m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2024/01/21 19:42 | 1h36m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2023/06/16 20:14 | 35m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2023/05/02 08:22 | 18m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2023/03/07 13:15 | 21m | bisect fix | android13-5.15-lts | OK (0) job log log | |
| 2022/11/12 08:31 | 19m | bisect fix | android13-5.15-lts | OK (0) job log log |
RBP: 00007f11f166a3c0 R08: 0000000000000000 R09: 0000000000003936 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11f166a3cc R13: 00007f11f159d210 R14: 0000000000000002 R15: 00007f11f163601d </TASK> ================================================================== BUG: KASAN: double-free or invalid-free in slab_free mm/slub.c:3519 [inline] BUG: KASAN: double-free or invalid-free in kfree+0xc8/0x220 mm/slub.c:4579 CPU: 0 PID: 565 Comm: syz-executor101 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1c0 lib/dump_stack.c:106 print_address_description+0x87/0x3b0 mm/kasan/report.c:248 kasan_report_invalid_free+0x6b/0xa0 mm/kasan/report.c:370 ____kasan_slab_free+0x13e/0x160 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:373 kasan_slab_free include/linux/kasan.h:193 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook+0xbd/0x190 mm/slub.c:1749 slab_free mm/slub.c:3519 [inline] kfree+0xc8/0x220 mm/slub.c:4579 anon_vma_name_free+0x15/0x20 mm/madvise.c:91 kref_put include/linux/kref.h:65 [inline] anon_vma_name_put include/linux/mm_inline.h:365 [inline] free_anon_vma_name include/linux/mm_inline.h:396 [inline] vm_area_free_no_check+0xa6/0x130 kernel/fork.c:405 vm_area_free kernel/fork.c:418 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1521 [inline] copy_mm+0xefb/0x13e0 kernel/fork.c:1573 copy_process+0x1149/0x3290 kernel/fork.c:2264 kernel_clone+0x21e/0x9e0 kernel/fork.c:2662 __do_sys_clone kernel/fork.c:2788 [inline] __se_sys_clone kernel/fork.c:2772 [inline] __x64_sys_clone+0x23f/0x290 kernel/fork.c:2772 x64_sys_call+0x1b0/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:57 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f11f15e60d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f11f159d208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f11f166a3c8 RCX: 00007f11f15e60d9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f11f166a3c0 R08: 0000000000000000 R09: 0000000000003936 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11f166a3cc R13: 00007f11f159d210 R14: 0000000000000002 R15: 00007f11f163601d </TASK> Allocated by task 400: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:433 [inline] __kasan_slab_alloc+0xb1/0xe0 mm/kasan/common.c:466 kasan_slab_alloc include/linux/kasan.h:217 [inline] slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:550 slab_alloc_node mm/slub.c:3240 [inline] slab_alloc mm/slub.c:3248 [inline] kmem_cache_alloc+0xf5/0x200 mm/slub.c:3253 vm_area_dup+0x26/0x230 kernel/fork.c:367 dup_mmap kernel/fork.c:601 [inline] dup_mm kernel/fork.c:1521 [inline] copy_mm+0x9a1/0x13e0 kernel/fork.c:1573 copy_process+0x1149/0x3290 kernel/fork.c:2264 kernel_clone+0x21e/0x9e0 kernel/fork.c:2662 __do_sys_clone kernel/fork.c:2788 [inline] __se_sys_clone kernel/fork.c:2772 [inline] __x64_sys_clone+0x23f/0x290 kernel/fork.c:2772 x64_sys_call+0x1b0/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:57 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 The buggy address belongs to the object at ffff88810d38aa68 which belongs to the cache vm_area_struct of size 232 The buggy address is located 88 bytes inside of 232-byte region [ffff88810d38aa68, ffff88810d38ab50) The buggy address belongs to the page: page:ffffea000434e280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d38a flags: 0x4000000000000200(slab|zone=1) raw: 4000000000000200 0000000000000000 dead000000000122 ffff88810018f800 raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 400, ts 131645012413, free_ts 125176374477 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook+0x1a3/0x1b0 mm/page_alloc.c:2605 prep_new_page+0x1b/0x110 mm/page_alloc.c:2611 get_page_from_freelist+0x3550/0x35d0 mm/page_alloc.c:4485 __alloc_pages+0x27e/0x8f0 mm/page_alloc.c:5779 allocate_slab mm/slub.c:1932 [inline] new_slab+0x9a/0x4e0 mm/slub.c:1995 ___slab_alloc+0x39e/0x830 mm/slub.c:3028 __slab_alloc+0x4a/0x90 mm/slub.c:3115 slab_alloc_node mm/slub.c:3206 [inline] slab_alloc mm/slub.c:3248 [inline] kmem_cache_alloc+0x134/0x200 mm/slub.c:3253 vm_area_dup+0x26/0x230 kernel/fork.c:367 dup_mmap kernel/fork.c:601 [inline] dup_mm kernel/fork.c:1521 [inline] copy_mm+0x9a1/0x13e0 kernel/fork.c:1573 copy_process+0x1149/0x3290 kernel/fork.c:2264 kernel_clone+0x21e/0x9e0 kernel/fork.c:2662 __do_sys_clone kernel/fork.c:2788 [inline] __se_sys_clone kernel/fork.c:2772 [inline] __x64_sys_clone+0x23f/0x290 kernel/fork.c:2772 x64_sys_call+0x1b0/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:57 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 page last free stack trace: reset_page_owner include/linux/page_owner.h:26 [inline] free_pages_prepare mm/page_alloc.c:1472 [inline] free_pcp_prepare mm/page_alloc.c:1544 [inline] free_unref_page_prepare+0x7c8/0x7d0 mm/page_alloc.c:3534 free_unref_page+0xe8/0x750 mm/page_alloc.c:3616 __put_single_page mm/swap.c:98 [inline] __put_page+0xb0/0xe0 mm/swap.c:129 put_page include/linux/mm.h:1295 [inline] anon_pipe_buf_release+0x187/0x200 fs/pipe.c:137 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_read+0x5a6/0x1040 fs/pipe.c:323 call_read_iter include/linux/fs.h:2198 [inline] new_sync_read fs/read_write.c:404 [inline] vfs_read+0xa81/0xd40 fs/read_write.c:485 ksys_read+0x199/0x2c0 fs/read_write.c:623 __do_sys_read fs/read_write.c:633 [inline] __se_sys_read fs/read_write.c:631 [inline] __x64_sys_read+0x7b/0x90 fs/read_write.c:631 x64_sys_call+0x28/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:1 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Memory state around the buggy address: ffff88810d38a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88810d38aa00: fb fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 >ffff88810d38aa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff88810d38ab00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ffff88810d38ab80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2024/10/27 10:14 | android13-5.15-lts | 5e4635681cf1 | 65e8686b | .config | strace log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2024/01/30 21:14 | android13-5.15-lts | 1c3a1f32bcbd | 7f400fcb | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2023/11/24 11:00 | android13-5.15-lts | 61cfd264993d | 5b429f39 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2023/11/23 22:22 | android13-5.15-lts | 61cfd264993d | 5b429f39 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2023/11/18 16:27 | android13-5.15-lts | 61cfd264993d | cb976f63 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2023/10/11 14:16 | android13-5.15-lts | ea586874d2f9 | 83165b57 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2023/10/11 13:57 | android13-5.15-lts | ea586874d2f9 | 83165b57 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2023/10/11 03:17 | android13-5.15-lts | ea586874d2f9 | 83165b57 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2023/10/11 02:38 | android13-5.15-lts | ea586874d2f9 | 83165b57 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2023/10/06 04:45 | android13-5.15-lts | ea586874d2f9 | db17ad9f | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2023/09/28 10:17 | android13-5.15-lts | ea586874d2f9 | c2ab1e5d | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2023/08/13 10:55 | android13-5.15-lts | 1463976ddc64 | 39990d51 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2023/06/22 23:23 | android13-5.15-lts | 565c3abfa129 | 79782afc | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2023/01/22 06:50 | android13-5.15-lts | 72d681a01da5 | cc0f9968 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | |
| 2023/01/22 02:27 | android13-5.15-lts | 72d681a01da5 | cc0f9968 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2022/12/27 21:56 | android13-5.15-lts | c73b4619ad86 | 44712fbc | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2022/10/13 08:07 | android13-5.15-lts | 43eb03f7ce81 | 3f6b40a1 | .config | strace log | report | syz | C | [disk image] [vmlinux] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | |
| 2024/02/18 13:15 | android13-5.15-lts | 993bed180178 | 578f7538 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2023/10/10 21:32 | android13-5.15-lts | ea586874d2f9 | c9be5398 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free | ||
| 2023/09/16 18:25 | android13-5.15-lts | ea586874d2f9 | 0b6a67ac | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2023/05/17 20:00 | android13-5.15-lts | 19c0ed55a470 | eaac4681 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2023/04/02 07:10 | android13-5.15-lts | 7364b7abbafb | f325deb0 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2023/02/05 10:53 | android13-5.15-lts | 7e0097918ff8 | be607b78 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2023/01/02 03:13 | android13-5.15-lts | c73b4619ad86 | ab32d508 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2022/12/22 18:43 | android13-5.15-lts | c73b4619ad86 | 9da18ae8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2022/12/04 23:18 | android13-5.15-lts | 92f701cae0bc | e080de16 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15-perf | KASAN: invalid-free in anon_vma_name_free | ||
| 2022/11/17 13:48 | android13-5.15-lts | 4ec71a9ec769 | 3a127a31 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: invalid-free in anon_vma_name_free |