Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported |
---|---|---|---|---|---|---|
KASAN: stack-out-of-bounds Write in sha3_update crypto | C | 5 | 2576d | 2572d |
syzbot |
sign-in | mailing list | source | docs |
================================================================== BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:341 [inline] BUG: KASAN: slab-out-of-bounds in sha3_update+0xdf/0x2e0 crypto/sha3_generic.c:161 Write of size 192 at addr ffff8801cb8888bc by task syzkaller326690/3087 CPU: 0 PID: 3087 Comm: syzkaller326690 Not tainted 4.15.0-rc2+ #208 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report+0x25b/0x340 mm/kasan/report.c:409 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x137/0x190 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 memcpy include/linux/string.h:341 [inline] sha3_update+0xdf/0x2e0 crypto/sha3_generic.c:161 crypto_shash_update+0xcb/0x220 crypto/shash.c:109 hmac_update+0x7e/0xa0 crypto/hmac.c:122 crypto_shash_update+0xcb/0x220 crypto/shash.c:109 kdf_ctr security/keys/dh.c:181 [inline] keyctl_dh_compute_kdf security/keys/dh.c:226 [inline] __keyctl_dh_compute+0x16d8/0x1a00 security/keys/dh.c:398 keyctl_dh_compute+0xac/0xf3 security/keys/dh.c:434 SYSC_keyctl security/keys/keyctl.c:1745 [inline] SyS_keyctl+0x72/0x2c0 security/keys/keyctl.c:1641 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x43fe89 RSP: 002b:00007ffc460c3578 EFLAGS: 00000207 ORIG_RAX: 00000000000000fa RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe89 RDX: 00000000205cd000 RSI: 00000000204c8ff4 RDI: 0000000000000017 RBP: 00000000006ca018 R08: 0000000020550000 R09: 0000000000000000 R10: 0000000000000030 R11: 0000000000000207 R12: 00000000004017f0 R13: 0000000000401880 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 3087: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551 __do_kmalloc mm/slab.c:3711 [inline] __kmalloc+0x162/0x760 mm/slab.c:3720 kmalloc include/linux/slab.h:504 [inline] kdf_alloc security/keys/dh.c:111 [inline] __keyctl_dh_compute+0x2a1/0x1a00 security/keys/dh.c:288 keyctl_dh_compute+0xac/0xf3 security/keys/dh.c:434 SYSC_keyctl security/keys/keyctl.c:1745 [inline] SyS_keyctl+0x72/0x2c0 security/keys/keyctl.c:1641 entry_SYSCALL_64_fastpath+0x1f/0x96 Freed by task 1627: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_slab_free+0x71/0xc0 mm/kasan/kasan.c:524 __cache_free mm/slab.c:3491 [inline] kfree+0xca/0x250 mm/slab.c:3806 kernfs_fop_release+0x13f/0x180 fs/kernfs/file.c:783 __fput+0x333/0x7f0 fs/file_table.c:210 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x199/0x270 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264 entry_SYSCALL_64_fastpath+0x94/0x96 The buggy address belongs to the object at ffff8801cb8887c0 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 252 bytes inside of 512-byte region [ffff8801cb8887c0, ffff8801cb8889c0) The buggy address belongs to the page: page:00000000e263033c count:1 mapcount:0 mapping:00000000d07273f0 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801cb888040 0000000000000000 0000000100000006 raw: ffffea00072ee260 ffffea00072d1d60 ffff8801db000940 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801cb888800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801cb888880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8801cb888900: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc ^ ffff8801cb888980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801cb888a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2017/12/05 17:59 | upstream | fd6d2e506ce6 | de212f1a | .config | console log | report | syz | C | ci-upstream-kasan-gce | |||
2017/12/03 06:16 | upstream | 2db767d9889c | 48359b97 | .config | console log | report | syz | C | ci-upstream-kasan-gce-386 | |||
2017/12/09 01:47 | mmots | 82bcf1def3b5 | 5ad0ce95 | .config | console log | report | syz | C | ci-upstream-mmots-kasan-gce | |||
2017/12/20 08:07 | upstream | 10a7e9d84915 | 2d836b1d | .config | console log | report | ci-upstream-kasan-gce | |||||
2017/12/19 10:37 | upstream | ace52288edf0 | 25793abb | .config | console log | report | ci-upstream-kasan-gce | |||||
2017/12/19 09:35 | upstream | ace52288edf0 | 1c4160ef | .config | console log | report | ci-upstream-kasan-gce | |||||
2017/12/13 02:07 | upstream | d39a01eff9af | 414a185f | .config | console log | report | ci-upstream-kasan-gce | |||||
2017/12/12 03:39 | upstream | a638349bf6c2 | da131727 | .config | console log | report | ci-upstream-kasan-gce | |||||
2017/12/11 03:04 | upstream | 51090c5d6de0 | 5ad0ce95 | .config | console log | report | ci-upstream-kasan-gce | |||||
2017/12/20 10:32 | upstream | 10a7e9d84915 | 2d836b1d | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2017/12/20 09:33 | upstream | 10a7e9d84915 | 2d836b1d | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2017/12/13 00:25 | upstream | a638349bf6c2 | 414a185f | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2017/12/10 04:34 | upstream | 4ded3bec65a0 | 5ad0ce95 | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2017/11/29 05:17 | upstream | 43570f0383d6 | 34f2c233 | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2017/11/28 06:53 | upstream | 4fbd8d194f06 | ac93d7e1 | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2017/12/06 03:11 | net-next-old | 81da3bf6e3f8 | 0796857b | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2017/12/03 11:06 | net-next-old | 75d0de8c7e70 | 48359b97 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2017/12/21 04:28 | linux-next | 7dc9f647127d | 90a46995 | .config | console log | report | ci-upstream-next-kasan-gce |