syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [PATCH 4.19 000/131] 4.19.131-rc1 review | 148 (148) | 2020/07/05 13:30 |
| [PATCH 5.7 000/265] 5.7.7-rc1 review | 280 (280) | 2020/07/01 15:34 |
| [PATCH 4.9 000/191] 4.9.229-rc1 review | 199 (199) | 2020/07/01 06:45 |
| [PATCH 5.4 000/178] 5.4.50-rc1 review | 182 (182) | 2020/06/30 17:22 |
| [PATCH 4.14 00/78] 4.14.186-rc1 review | 83 (83) | 2020/06/30 17:21 |
| [PATCH net] rxrpc: Fix notification call on completion of discarded calls | 2 (2) | 2020/06/21 04:32 |
| net-next test error: KASAN: use-after-free Write in afs_wake_up_async_call | 2 (4) | 2020/06/19 22:22 |
tipc: TX() has been purged, node left! ================================================================== BUG: KASAN: use-after-free in afs_wake_up_async_call+0x430/0x4a0 fs/afs/rxrpc.c:707 Write of size 1 at addr ffff8880938241e4 by task kworker/u4:1/21 CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xae/0x436 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 afs_wake_up_async_call+0x430/0x4a0 fs/afs/rxrpc.c:707 rxrpc_notify_socket+0x1db/0x5d0 net/rxrpc/recvmsg.c:40 __rxrpc_set_call_completion.part.0+0x172/0x410 net/rxrpc/recvmsg.c:76 __rxrpc_set_call_completion net/rxrpc/recvmsg.c:112 [inline] __rxrpc_call_completed net/rxrpc/recvmsg.c:102 [inline] __rxrpc_call_completed net/rxrpc/recvmsg.c:100 [inline] rxrpc_call_completed+0xd0/0xf0 net/rxrpc/recvmsg.c:111 rxrpc_discard_prealloc+0x777/0xab0 net/rxrpc/call_accept.c:233 rxrpc_listen+0x11c/0x330 net/rxrpc/af_rxrpc.c:245 afs_close_socket+0x95/0x320 fs/afs/rxrpc.c:110 afs_net_exit+0x1bc/0x310 fs/afs/main.c:155 ops_exit_list+0xb0/0x160 net/core/net_namespace.c:186 cleanup_net+0x4ea/0xa00 net/core/net_namespace.c:603 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:291 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Allocated by task 6823: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:494 kmem_cache_alloc_trace+0x14f/0x2d0 mm/slab.c:3551 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] afs_alloc_call+0x4f/0x360 fs/afs/rxrpc.c:141 afs_charge_preallocation+0xe9/0x2d0 fs/afs/rxrpc.c:757 afs_open_socket+0x294/0x360 fs/afs/rxrpc.c:92 afs_net_init+0xa6c/0xe30 fs/afs/main.c:125 ops_init+0xaf/0x470 net/core/net_namespace.c:151 setup_net+0x2d8/0x850 net/core/net_namespace.c:341 copy_net_ns+0x2cf/0x5e0 net/core/net_namespace.c:482 create_new_namespaces+0x3f6/0xb10 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:231 ksys_unshare+0x36c/0x9a0 kernel/fork.c:2983 __do_sys_unshare kernel/fork.c:3051 [inline] __se_sys_unshare kernel/fork.c:3049 [inline] __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3049 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 21: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0xf5/0x140 mm/kasan/common.c:455 __cache_free mm/slab.c:3426 [inline] kfree+0x103/0x2c0 mm/slab.c:3757 afs_put_call+0x345/0x440 fs/afs/rxrpc.c:190 rxrpc_discard_prealloc+0x75a/0xab0 net/rxrpc/call_accept.c:230 rxrpc_listen+0x11c/0x330 net/rxrpc/af_rxrpc.c:245 afs_close_socket+0x95/0x320 fs/afs/rxrpc.c:110 afs_net_exit+0x1bc/0x310 fs/afs/main.c:155 ops_exit_list+0xb0/0x160 net/core/net_namespace.c:186 cleanup_net+0x4ea/0xa00 net/core/net_namespace.c:603 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:291 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 The buggy address belongs to the object at ffff888093824000 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 484 bytes inside of 1024-byte region [ffff888093824000, ffff888093824400) The buggy address belongs to the page: page:ffffea00024e0900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea00027d41c8 ffffea00028a0388 ffff8880aa000c40 raw: 0000000000000000 ffff888093824000 0000000100000002 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888093824080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888093824100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888093824180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888093824200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888093824280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020/06/26 00:31 | net-next-old | b8392808eb3f | aea82c00 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 21:19 | net-next-old | 6d2930265258 | f9147b08 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 20:15 | net-next-old | 4b88b9ce722f | f9147b08 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 18:48 | net-next-old | d621d7703d51 | adb7d9e6 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 16:07 | net-next-old | d621d7703d51 | c7b4497a | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 16:07 | net-next-old | d621d7703d51 | c7b4497a | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 14:58 | net-next-old | 13fdc4193c2f | 54566aff | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 14:58 | net-next-old | 13fdc4193c2f | 54566aff | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/25 14:58 | net-next-old | 13fdc4193c2f | 54566aff | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 18:03 | net-next-old | 0fb9fbab4053 | 81abc331 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 18:03 | net-next-old | 0fb9fbab4053 | 81abc331 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 18:03 | net-next-old | 0fb9fbab4053 | 81abc331 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 08:21 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 08:21 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 08:21 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 06:29 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 06:29 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 06:29 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 05:10 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 05:10 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 05:10 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 04:22 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 04:22 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 04:22 | net-next-old | 0fb9fbab4053 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 03:49 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 03:49 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 03:49 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 01:55 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 01:55 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 01:55 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 00:46 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 00:46 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/19 00:46 | net-next-old | 69119673bd50 | bc258b50 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/18 08:34 | net-next-old | 69119673bd50 | d45a4d69 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/18 08:34 | net-next-old | 69119673bd50 | d45a4d69 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/18 08:34 | net-next-old | 69119673bd50 | d45a4d69 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/18 06:15 | net-next-old | 69119673bd50 | d45a4d69 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/18 06:15 | net-next-old | 69119673bd50 | d45a4d69 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/18 06:15 | net-next-old | 69119673bd50 | d45a4d69 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/17 05:28 | net-next-old | 69119673bd50 | b9f3810b | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/17 05:28 | net-next-old | 69119673bd50 | b9f3810b | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/17 05:28 | net-next-old | 69119673bd50 | b9f3810b | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/17 04:31 | net-next-old | 69119673bd50 | 559fbe2d | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/17 04:31 | net-next-old | 69119673bd50 | 559fbe2d | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2020/06/17 04:31 | net-next-old | 69119673bd50 | 559fbe2d | .config | console log | report | ci-upstream-net-kasan-gce |