KASAN: invalid-free in anon_vma_name

Date	Name	Commit	Repro	Result
2023/09/28	android13-5.15-lts (ToT)	ea586874d2f9	C	[report] KASAN: invalid-free in anon_vma_name_free
2023/09/28	lts (merge base)	aff03380bda4	C	Didn't crash
2023/09/28	upstream (ToT)	633b47cb009d	C	Didn't crash

Date

Name

Commit

Repro

Result

2023/09/28

android13-5.15-lts (ToT)

ea586874d2f9

[report] KASAN: invalid-free in anon_vma_name_free

2023/09/28

lts (merge base)

aff03380bda4

Didn't crash

2023/09/28

upstream (ToT)

633b47cb009d

Didn't crash


Created	Duration	User	Repo	Result
2024/11/11 11:47	15m	retest repro	android13-5.15-lts	report log
2024/11/11 11:47	5m	retest repro	android13-5.15-lts	report log
2024/11/11 11:47	20m	retest repro	android13-5.15-lts	report log
2024/11/11 11:47	13m	retest repro	android13-5.15-lts	report log
2024/11/11 11:47	7m	retest repro	android13-5.15-lts	report log
2024/10/19 05:30	13m	retest repro	android13-5.15-lts	report log
2024/10/19 05:30	13m	retest repro	android13-5.15-lts	report log
2024/10/19 05:30	13m	retest repro	android13-5.15-lts	report log
2024/10/19 05:30	12m	retest repro	android13-5.15-lts	report log
2024/10/05 04:07	7m	retest repro	android13-5.15-lts	report log
2023/04/06 08:26	27m	tudor.ambarus@linaro.org	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git v5.15.80	OK log
2023/04/04 10:50	11m	tudor.ambarus@linaro.org	android13-5.15-lts	report log
2022/12/12 17:34	7m	tudor.ambarus@linaro.org	android13-5.15-lts	report log
2022/12/09 16:05	15m	tudor.ambarus@linaro.org	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y	OK log
2022/12/09 16:04	16m	tudor.ambarus@linaro.org	upstream	OK log

Created	Duration	User	Repo	Result
2024/09/17 14:42	1h17m	bisect fix	android13-5.15-lts	OK (0) job log log
2024/04/03 01:56	5h11m	bisect fix	android13-5.15-lts	OK (0) job log log
2024/01/21 19:42	1h36m	bisect fix	android13-5.15-lts	OK (0) job log log
2023/06/16 20:14	35m	bisect fix	android13-5.15-lts	OK (0) job log log
2023/05/02 08:22	18m	bisect fix	android13-5.15-lts	OK (0) job log log
2023/03/07 13:15	21m	bisect fix	android13-5.15-lts	OK (0) job log log
2022/11/12 08:31	19m	bisect fix	android13-5.15-lts	OK (0) job log log

Created

Duration

User

Patch

Repo

Result

2024/09/17 14:42

1h17m

bisect fix

android13-5.15-lts

OK (0) job log log

2024/04/03 01:56

5h11m

bisect fix

android13-5.15-lts

OK (0) job log log

2024/01/21 19:42

1h36m

bisect fix

android13-5.15-lts

OK (0) job log log

2023/06/16 20:14

35m

bisect fix

android13-5.15-lts

OK (0) job log log

2023/05/02 08:22

18m

bisect fix

android13-5.15-lts

OK (0) job log log

2023/03/07 13:15

21m

bisect fix

android13-5.15-lts

OK (0) job log log

2022/11/12 08:31

19m

bisect fix

android13-5.15-lts

OK (0) job log log

RBP: 00007f11f166a3c0 R08: 0000000000000000 R09: 0000000000003936 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11f166a3cc R13: 00007f11f159d210 R14: 0000000000000002 R15: 00007f11f163601d </TASK> ================================================================== BUG: KASAN: double-free or invalid-free in slab_free mm/slub.c:3519 [inline] BUG: KASAN: double-free or invalid-free in kfree+0xc8/0x220 mm/slub.c:4579 CPU: 0 PID: 565 Comm: syz-executor101 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1c0 lib/dump_stack.c:106 print_address_description+0x87/0x3b0 mm/kasan/report.c:248 kasan_report_invalid_free+0x6b/0xa0 mm/kasan/report.c:370 ____kasan_slab_free+0x13e/0x160 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:373 kasan_slab_free include/linux/kasan.h:193 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook+0xbd/0x190 mm/slub.c:1749 slab_free mm/slub.c:3519 [inline] kfree+0xc8/0x220 mm/slub.c:4579 anon_vma_name_free+0x15/0x20 mm/madvise.c:91 kref_put include/linux/kref.h:65 [inline] anon_vma_name_put include/linux/mm_inline.h:365 [inline] free_anon_vma_name include/linux/mm_inline.h:396 [inline] vm_area_free_no_check+0xa6/0x130 kernel/fork.c:405 vm_area_free kernel/fork.c:418 [inline] dup_mmap kernel/fork.c:681 [inline] dup_mm kernel/fork.c:1521 [inline] copy_mm+0xefb/0x13e0 kernel/fork.c:1573 copy_process+0x1149/0x3290 kernel/fork.c:2264 kernel_clone+0x21e/0x9e0 kernel/fork.c:2662 __do_sys_clone kernel/fork.c:2788 [inline] __se_sys_clone kernel/fork.c:2772 [inline] __x64_sys_clone+0x23f/0x290 kernel/fork.c:2772 x64_sys_call+0x1b0/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:57 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f11f15e60d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 1f 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f11f159d208 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f11f166a3c8 RCX: 00007f11f15e60d9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007f11f166a3c0 R08: 0000000000000000 R09: 0000000000003936 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11f166a3cc R13: 00007f11f159d210 R14: 0000000000000002 R15: 00007f11f163601d </TASK> Allocated by task 400: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:433 [inline] __kasan_slab_alloc+0xb1/0xe0 mm/kasan/common.c:466 kasan_slab_alloc include/linux/kasan.h:217 [inline] slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:550 slab_alloc_node mm/slub.c:3240 [inline] slab_alloc mm/slub.c:3248 [inline] kmem_cache_alloc+0xf5/0x200 mm/slub.c:3253 vm_area_dup+0x26/0x230 kernel/fork.c:367 dup_mmap kernel/fork.c:601 [inline] dup_mm kernel/fork.c:1521 [inline] copy_mm+0x9a1/0x13e0 kernel/fork.c:1573 copy_process+0x1149/0x3290 kernel/fork.c:2264 kernel_clone+0x21e/0x9e0 kernel/fork.c:2662 __do_sys_clone kernel/fork.c:2788 [inline] __se_sys_clone kernel/fork.c:2772 [inline] __x64_sys_clone+0x23f/0x290 kernel/fork.c:2772 x64_sys_call+0x1b0/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:57 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 The buggy address belongs to the object at ffff88810d38aa68 which belongs to the cache vm_area_struct of size 232 The buggy address is located 88 bytes inside of 232-byte region [ffff88810d38aa68, ffff88810d38ab50) The buggy address belongs to the page: page:ffffea000434e280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d38a flags: 0x4000000000000200(slab|zone=1) raw: 4000000000000200 0000000000000000 dead000000000122 ffff88810018f800 raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 400, ts 131645012413, free_ts 125176374477 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook+0x1a3/0x1b0 mm/page_alloc.c:2605 prep_new_page+0x1b/0x110 mm/page_alloc.c:2611 get_page_from_freelist+0x3550/0x35d0 mm/page_alloc.c:4485 __alloc_pages+0x27e/0x8f0 mm/page_alloc.c:5779 allocate_slab mm/slub.c:1932 [inline] new_slab+0x9a/0x4e0 mm/slub.c:1995 ___slab_alloc+0x39e/0x830 mm/slub.c:3028 __slab_alloc+0x4a/0x90 mm/slub.c:3115 slab_alloc_node mm/slub.c:3206 [inline] slab_alloc mm/slub.c:3248 [inline] kmem_cache_alloc+0x134/0x200 mm/slub.c:3253 vm_area_dup+0x26/0x230 kernel/fork.c:367 dup_mmap kernel/fork.c:601 [inline] dup_mm kernel/fork.c:1521 [inline] copy_mm+0x9a1/0x13e0 kernel/fork.c:1573 copy_process+0x1149/0x3290 kernel/fork.c:2264 kernel_clone+0x21e/0x9e0 kernel/fork.c:2662 __do_sys_clone kernel/fork.c:2788 [inline] __se_sys_clone kernel/fork.c:2772 [inline] __x64_sys_clone+0x23f/0x290 kernel/fork.c:2772 x64_sys_call+0x1b0/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:57 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 page last free stack trace: reset_page_owner include/linux/page_owner.h:26 [inline] free_pages_prepare mm/page_alloc.c:1472 [inline] free_pcp_prepare mm/page_alloc.c:1544 [inline] free_unref_page_prepare+0x7c8/0x7d0 mm/page_alloc.c:3534 free_unref_page+0xe8/0x750 mm/page_alloc.c:3616 __put_single_page mm/swap.c:98 [inline] __put_page+0xb0/0xe0 mm/swap.c:129 put_page include/linux/mm.h:1295 [inline] anon_pipe_buf_release+0x187/0x200 fs/pipe.c:137 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_read+0x5a6/0x1040 fs/pipe.c:323 call_read_iter include/linux/fs.h:2198 [inline] new_sync_read fs/read_write.c:404 [inline] vfs_read+0xa81/0xd40 fs/read_write.c:485 ksys_read+0x199/0x2c0 fs/read_write.c:623 __do_sys_read fs/read_write.c:633 [inline] __se_sys_read fs/read_write.c:631 [inline] __x64_sys_read+0x7b/0x90 fs/read_write.c:631 x64_sys_call+0x28/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:1 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Memory state around the buggy address: ffff88810d38a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88810d38aa00: fb fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 >ffff88810d38aa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff88810d38ab00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ffff88810d38ab80: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================

Crashes (27):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/10/27 10:14	android13-5.15-lts	5e4635681cf1	65e8686b	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2024/01/30 21:14	android13-5.15-lts	1c3a1f32bcbd	7f400fcb	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/11/24 11:00	android13-5.15-lts	61cfd264993d	5b429f39	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2023/11/23 22:22	android13-5.15-lts	61cfd264993d	5b429f39	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/11/18 16:27	android13-5.15-lts	61cfd264993d	cb976f63	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/10/11 14:16	android13-5.15-lts	ea586874d2f9	83165b57	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2023/10/11 13:57	android13-5.15-lts	ea586874d2f9	83165b57	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2023/10/11 03:17	android13-5.15-lts	ea586874d2f9	83165b57	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/10/11 02:38	android13-5.15-lts	ea586874d2f9	83165b57	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/10/06 04:45	android13-5.15-lts	ea586874d2f9	db17ad9f	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/09/28 10:17	android13-5.15-lts	ea586874d2f9	c2ab1e5d	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2023/08/13 10:55	android13-5.15-lts	1463976ddc64	39990d51	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2023/06/22 23:23	android13-5.15-lts	565c3abfa129	79782afc	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2023/01/22 06:50	android13-5.15-lts	72d681a01da5	cc0f9968	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/01/22 02:27	android13-5.15-lts	72d681a01da5	cc0f9968	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2022/12/27 21:56	android13-5.15-lts	c73b4619ad86	44712fbc	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2022/10/13 08:07	android13-5.15-lts	43eb03f7ce81	3f6b40a1	.config	strace log	report	syz	C		[disk image] [vmlinux]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2024/02/18 13:15	android13-5.15-lts	993bed180178	578f7538	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/10/10 21:32	android13-5.15-lts	ea586874d2f9	c9be5398	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free
2023/09/16 18:25	android13-5.15-lts	ea586874d2f9	0b6a67ac	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/05/17 20:00	android13-5.15-lts	19c0ed55a470	eaac4681	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/04/02 07:10	android13-5.15-lts	7364b7abbafb	f325deb0	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/02/05 10:53	android13-5.15-lts	7e0097918ff8	be607b78	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2023/01/02 03:13	android13-5.15-lts	c73b4619ad86	ab32d508	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2022/12/22 18:43	android13-5.15-lts	c73b4619ad86	9da18ae8	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2022/12/04 23:18	android13-5.15-lts	92f701cae0bc	e080de16	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15-perf	KASAN: invalid-free in anon_vma_name_free
2022/11/17 13:48	android13-5.15-lts	4ec71a9ec769	3a127a31	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-15	KASAN: invalid-free in anon_vma_name_free

Crashes (27):

Assets (help?)

2024/10/27 10:14

android13-5.15-lts