syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in kmem_cache_free

Status: fixed on 2018/05/08 18:30
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com
Fix commit: eea0d3ea7546 crypto: drbg - set freed buffers to NULL
First crash: 2212d, last: 2212d
Discussions (5)
Title Replies (including bot) Last reply
[PATCH 4.16 000/113] 4.16.7-stable review 120 (120) 2018/05/01 19:26
[PATCH 4.9 00/61] 4.9.98-stable review 66 (66) 2018/05/01 19:07
[PATCH 4.14 00/91] 4.14.39-stable review 97 (97) 2018/05/01 19:06
[PATCH] crypto: DRBG - guard uninstantion by lock 14 (14) 2018/04/20 16:54
WARNING in kmem_cache_free 9 (10) 2018/04/08 15:41
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING in kmem_cache_free 33 1788d 1797d 0/1 auto-closed as invalid on 2019/10/25 08:40
upstream WARNING in kmem_cache_free (2) dccp syz 13 1805d 2103d 0/26 closed as dup on 2018/10/11 08:07

Sample crash report:
cache_from_obj: Wrong slab cache. names_cache but object is from kmalloc-96
WARNING: CPU: 0 PID: 11100 at mm/slab.h:378 cache_from_obj mm/slab.h:376 [inline]
WARNING: CPU: 0 PID: 11100 at mm/slab.h:378 kmem_cache_free+0x226/0x2a0 mm/slab.c:3736
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 11100 Comm: syz-executor3 Not tainted 4.16.0+ #288
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1a7/0x27d lib/dump_stack.c:53
 panic+0x1f8/0x42c kernel/panic.c:183
 __warn+0x1dc/0x200 kernel/panic.c:547
 report_bug+0x1f4/0x2b0 lib/bug.c:186
 fixup_bug.part.10+0x37/0x80 arch/x86/kernel/traps.c:178
 fixup_bug arch/x86/kernel/traps.c:247 [inline]
 do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:991
RIP: 0010:cache_from_obj mm/slab.h:376 [inline]
RIP: 0010:kmem_cache_free+0x226/0x2a0 mm/slab.c:3736
RSP: 0018:ffff8801933a7970 EFLAGS: 00010282
RAX: 000000000000004b RBX: ffff8801dad7e600 RCX: 0000000000000000
RDX: 000000000000004b RSI: ffffc90002a2d000 RDI: ffffed0032674f22
RBP: ffff8801933a7990 R08: ffffed003b604f99 R09: ffffed003b604f99
R10: 0000000000000000 R11: ffffed003b604f98 R12: ffff880199ec2000
R13: ffff8801dad7e600 R14: ffff8801d08585dc R15: 00000000ffffffd8
 putname+0xc8/0x130 fs/namei.c:255
 filename_lookup+0x315/0x500 fs/namei.c:2324
 user_path_at_empty+0x40/0x50 fs/namei.c:2569
 user_path include/linux/namei.h:62 [inline]
 do_mount+0x15f/0x2b90 fs/namespace.c:2787
 C_SYSC_mount fs/compat.c:195 [inline]
 compat_SyS_mount+0xd0/0x1070 fs/compat.c:160
 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f47c99
RSP: 002b:00000000f5f42c6c EFLAGS: 00000246 ORIG_RAX: 0000000000000015
RAX: ffffffffffffffda RBX: 00000000080eff11 RCX: 0000000020000000
RDX: 0000000000000000 RSI: 00000000080d6b6d RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/06 10:47 upstream f2d285669aae 4f1152d4 .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.