syzbot |
sign-in | mailing list | source | docs |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2021/11/08 09:22 | 11m | bisect fix | linux-4.19.y | error job log | |
2021/10/09 08:54 | 27m | bisect fix | linux-4.19.y | OK (0) job log log |
bond4647: The slave device specified does not support setting the MAC address ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 netlink: 'syz-executor804': attribute type 1 has an invalid length. ================================================================== BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:263 [inline] BUG: KASAN: use-after-free in __dev_queue_xmit+0x2a94/0x2e00 net/core/dev.c:3803 Read of size 8 at addr ffff88803fa96848 by task aoe_tx0/3133 CPU: 0 PID: 3133 Comm: aoe_tx0 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354 kasan_report mm/kasan/report.c:412 [inline] __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433 __read_once_size include/linux/compiler.h:263 [inline] __dev_queue_xmit+0x2a94/0x2e00 net/core/dev.c:3803 tx+0x68/0xb0 drivers/block/aoe/aoenet.c:63 kthread+0x1d9/0x390 drivers/block/aoe/aoecmd.c:1241 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Allocated by task 32231: __do_kmalloc_node mm/slab.c:3689 [inline] __kmalloc_node+0x4c/0x70 mm/slab.c:3696 kmalloc_node include/linux/slab.h:557 [inline] kvmalloc_node+0x61/0xf0 mm/util.c:423 kvmalloc include/linux/mm.h:577 [inline] kvzalloc include/linux/mm.h:585 [inline] netif_alloc_netdev_queues net/core/dev.c:8594 [inline] alloc_netdev_mqs+0x69f/0xd50 net/core/dev.c:9197 rtnl_create_link+0x1d4/0xa40 net/core/rtnetlink.c:2869 rtnl_newlink+0xf45/0x15c0 net/core/rtnetlink.c:3131 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 32231: __cache_free mm/slab.c:3503 [inline] kfree+0xcc/0x210 mm/slab.c:3822 kvfree+0x59/0x60 mm/util.c:452 netif_free_tx_queues net/core/dev.c:8582 [inline] free_netdev+0x57/0x410 net/core/dev.c:9241 netdev_run_todo+0x89b/0xab0 net/core/dev.c:9002 rtnl_unlock net/core/rtnetlink.c:117 [inline] rtnetlink_rcv_msg+0x460/0xb80 net/core/rtnetlink.c:4783 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff88803fa96840 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 8 bytes inside of 512-byte region [ffff88803fa96840, ffff88803fa96a40) The buggy address belongs to the page: page:ffffea0000fea580 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0 flags: 0xfff00000000100(slab) raw: 00fff00000000100 ffffea0001465e88 ffffea0000fea988 ffff88813bff0940 raw: 0000000000000000 ffff88803fa960c0 0000000100000006 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88803fa96700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88803fa96780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc >ffff88803fa96800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ^ ffff88803fa96880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88803fa96900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2023/03/02 16:58 | linux-4.19.y | 3f8a27f9e27b | f8902b57 | .config | console log | report | syz | C | [disk image] [vmlinux] | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |
2022/10/10 09:52 | linux-4.19.y | 3f8a27f9e27b | aea5da89 | .config | console log | report | syz | C | [disk image] [vmlinux] | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |
2022/10/09 06:47 | linux-4.19.y | 3f8a27f9e27b | aea5da89 | .config | console log | report | syz | C | [disk image] [vmlinux] | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |
2022/09/14 20:50 | linux-4.19.y | 3f8a27f9e27b | b884348d | .config | console log | report | syz | C | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | ||
2022/05/13 20:23 | linux-4.19.y | 3f8a27f9e27b | 7ce5a022 | .config | console log | report | syz | C | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | ||
2022/01/24 13:07 | linux-4.19.y | 3f8a27f9e27b | 214351e1 | .config | console log | report | syz | C | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | ||
2021/12/30 06:02 | linux-4.19.y | 3f8a27f9e27b | 6cc879d4 | .config | console log | report | syz | C | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | ||
2021/12/22 10:32 | linux-4.19.y | 3f8a27f9e27b | 6caa12e4 | .config | console log | report | syz | C | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | ||
2021/09/09 08:05 | linux-4.19.y | b172b44fcb17 | e2776ee4 | .config | console log | report | syz | C | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | ||
2022/02/01 18:12 | linux-4.19.y | 3f8a27f9e27b | c1c1631d | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |||
2022/02/01 17:02 | linux-4.19.y | 3f8a27f9e27b | c1c1631d | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |||
2022/01/11 18:49 | linux-4.19.y | 3f8a27f9e27b | 1884f55a | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |||
2021/08/26 03:11 | linux-4.19.y | 59456c9cc40c | b599f2fc | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |||
2021/08/01 09:18 | linux-4.19.y | 53bd76690e27 | 6c236867 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit | |||
2021/04/30 04:07 | linux-4.19.y | 97a8651cadce | 77e2b668 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in __dev_queue_xmit |