Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
android-44 | KASAN: slab-out-of-bounds Read in __lock_acquire | 3 | 2508d | 2548d | 0/2 | auto-closed as invalid on 2019/02/22 13:29 |
syzbot |
sign-in | mailing list | source | docs |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
android-44 | KASAN: slab-out-of-bounds Read in __lock_acquire | 3 | 2508d | 2548d | 0/2 | auto-closed as invalid on 2019/02/22 13:29 |
BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x2eff/0x3640 kernel/locking/lockdep.c:3224 at addr ffff8801d5f9e078 Read of size 8 by task syzkaller453905/3282 CPU: 1 PID: 3282 Comm: syzkaller453905 Not tainted 4.9.60-gdfe0a9b #81 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d67cf710 ffffffff81d91389 ffff8801d77fe500 ffff8801d5f9e000 ffff8801d5f9e060 ffffed003abf3c0f ffff8801d5f9e078 ffff8801d67cf738 ffffffff8153c1bc ffffed003abf3c0f ffff8801d77fe500 0000000000000000 Call Trace: [<ffffffff81d91389>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d91389>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline] [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline] [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309 [<ffffffff8153c819>] kasan_report mm/kasan/report.c:330 [inline] [<ffffffff8153c819>] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330 [<ffffffff8123e9ef>] __lock_acquire+0x2eff/0x3640 kernel/locking/lockdep.c:3224 [<ffffffff8123fb6e>] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756 [<ffffffff838aa25e>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:186 [inline] [<ffffffff838aa25e>] _raw_write_lock_irqsave+0x4e/0x62 kernel/locking/spinlock.c:303 [<ffffffff8265f840>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff8265fe55>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 [<ffffffff82661b8c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527 [<ffffffff8156ab91>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [<ffffffff8156e950>] do_loop_readv_writev fs/read_write.c:880 [inline] [<ffffffff8156e950>] do_readv_writev+0x520/0x750 fs/read_write.c:874 [<ffffffff8156ec04>] vfs_readv+0x84/0xc0 fs/read_write.c:898 [<ffffffff8156ed26>] do_readv+0xe6/0x250 fs/read_write.c:924 [<ffffffff815721a7>] SYSC_readv fs/read_write.c:1011 [inline] [<ffffffff815721a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008 [<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801d5f9e000, in cache fasync_cache size: 96 Allocated: PID = 3287 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537 slab_post_alloc_hook mm/slab.h:417 [inline] slab_alloc_node mm/slub.c:2715 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0xba/0x290 mm/slub.c:2728 fasync_alloc fs/fcntl.c:604 [inline] fasync_add_entry fs/fcntl.c:662 [inline] fasync_helper+0x37/0xb0 fs/fcntl.c:691 sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1203 setfl fs/fcntl.c:70 [inline] do_fcntl fs/fcntl.c:267 [inline] SYSC_fcntl fs/fcntl.c:372 [inline] SyS_fcntl+0x658/0xc70 fs/fcntl.c:357 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 0 (stack is not available) Memory state around the buggy address: ffff8801d5f9df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801d5f9df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8801d5f9e000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ^ ffff8801d5f9e080: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ffff8801d5f9e100: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc ================================================================== kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 3282 Comm: syzkaller453905 Tainted: G B 4.9.60-gdfe0a9b #81 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801c823c800 task.stack: ffff8801d67c8000 RIP: 0010:[<ffffffff8123bc84>] [<ffffffff8123bc84>] __lock_acquire+0x194/0x3640 kernel/locking/lockdep.c:3234 RSP: 0018:ffff8801d67cf7e0 EFLAGS: 00010086 RAX: dead4ead00000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 1ffff1003abf3c10 RSI: 0000000000000000 RDI: ffff8801d5f9e080 RBP: ffff8801d67cf9a0 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: ffff8801c823c800 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801d5f9e078 FS: 00007f514fc85700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000208f4f80 CR3: 00000001d07e8000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 00000000024000c0 ffff8801cc1ffb68 ffff8801da0018c0 ffff8801d67cfa28 ffffffff8153b503 000000400000000b ffff8801d67cf820 ffffffff00000000 ffffffff8107c6a6 ffffffff8153b4a3 ffffffff8153b72d ffffffff815377eb Call Trace: [<ffffffff8123fb6e>] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756 [<ffffffff838aa25e>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:186 [inline] [<ffffffff838aa25e>] _raw_write_lock_irqsave+0x4e/0x62 kernel/locking/spinlock.c:303 [<ffffffff8265f840>] sg_remove_request+0x70/0x120 drivers/scsi/sg.c:2122 [<ffffffff8265fe55>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1838 [<ffffffff82661b8c>] sg_read+0x91c/0x1400 drivers/scsi/sg.c:527 [<ffffffff8156ab91>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714 [<ffffffff8156e950>] do_loop_readv_writev fs/read_write.c:880 [inline] [<ffffffff8156e950>] do_readv_writev+0x520/0x750 fs/read_write.c:874 [<ffffffff8156ec04>] vfs_readv+0x84/0xc0 fs/read_write.c:898 [<ffffffff8156ed26>] do_readv+0xe6/0x250 fs/read_write.c:924 [<ffffffff815721a7>] SYSC_readv fs/read_write.c:1011 [inline] [<ffffffff815721a7>] SyS_readv+0x27/0x30 fs/read_write.c:1008 [<ffffffff838aa305>] entry_SYSCALL_64_fastpath+0x23/0xc6 Code: 9e ff ff 44 8b 94 24 98 00 00 00 48 85 c0 8b 8c 24 90 00 00 00 44 8b 8c 24 88 00 00 00 4c 8b 9c 24 80 00 00 00 0f 84 ff 07 00 00 <f0> ff 80 98 01 00 00 49 8d b3 a8 08 00 00 48 ba 00 00 00 00 00 RIP [<ffffffff8123bc84>] __lock_acquire+0x194/0x3640 kernel/locking/lockdep.c:3234 RSP <ffff8801d67cf7e0> ---[ end trace 6d0fef6a3029bbea ]---
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2017/11/04 21:54 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | syz | C | ci-android-49-kasan-gce | |||
2018/02/02 01:41 | https://android.googlesource.com/kernel/common android-4.9 | 71f146972231 | 67bd3383 | .config | console log | report | ci-android-49-kasan-gce | |||||
2018/01/21 04:00 | https://android.googlesource.com/kernel/common android-4.9 | e12a9c4458ff | fbbdcd92 | .config | console log | report | ci-android-49-kasan-gce | |||||
2018/01/21 02:01 | https://android.googlesource.com/kernel/common android-4.9 | e12a9c4458ff | fbbdcd92 | .config | console log | report | ci-android-49-kasan-gce | |||||
2018/01/19 06:05 | https://android.googlesource.com/kernel/common android-4.9 | 87883134eb71 | 161c1d64 | .config | console log | report | ci-android-49-kasan-gce | |||||
2018/01/16 06:00 | https://android.googlesource.com/kernel/common android-4.9 | 8dec074e888a | e17f4a5d | .config | console log | report | ci-android-49-kasan-gce | |||||
2018/01/10 07:09 | https://android.googlesource.com/kernel/common android-4.9 | 8910fa508811 | 1f60c828 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2018/01/07 03:39 | https://android.googlesource.com/kernel/common android-4.9 | 5f5e5d4041e3 | 19c05fff | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/12/22 07:13 | https://android.googlesource.com/kernel/common android-4.9 | 250637879165 | 81fe66b4 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/12/20 14:34 | https://android.googlesource.com/kernel/common android-4.9 | 319c8e1bc7a1 | 90a46995 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/19 14:08 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | af9163c7 | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/18 22:32 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | 1c4160ef | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/18 11:20 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | d5beb42a | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/17 12:50 | https://android.googlesource.com/kernel/common android-4.9 | 3f1d77ca5f8f | d5beb42a | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/16 10:57 | https://android.googlesource.com/kernel/common android-4.9 | 3f1d77ca5f8f | b6f0c91b | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/14 11:36 | https://android.googlesource.com/kernel/common android-4.9 | 3f1d77ca5f8f | ac20b98c | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/12 16:43 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 414a185f | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/12 15:36 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 414a185f | .config | console log | report | ci-android-49-kasan-gce-386 | |||||
2017/12/12 05:30 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | da131727 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/12/10 17:57 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/12/09 06:01 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/12/06 21:06 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/29 08:40 | https://android.googlesource.com/kernel/common android-4.9 | 8ae26d17330c | 34f2c233 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/27 02:46 | https://android.googlesource.com/kernel/common android-4.9 | ea83e4a902ba | deb5f6ae | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/16 14:15 | https://android.googlesource.com/kernel/common android-4.9 | f09daf140e6e | bf820689 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/16 06:53 | https://android.googlesource.com/kernel/common android-4.9 | a6d71ba67910 | 4121c7b5 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/14 06:37 | https://android.googlesource.com/kernel/common android-4.9 | d55e63001fc4 | cf38de00 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/11 11:00 | https://android.googlesource.com/kernel/common android-4.9 | 904c79c425ab | e0a2b195 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/10 20:05 | https://android.googlesource.com/kernel/common android-4.9 | 904c79c425ab | e0a2b195 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/10 12:30 | https://android.googlesource.com/kernel/common android-4.9 | a93e3124db19 | e0a2b195 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/08 08:52 | https://android.googlesource.com/kernel/common android-4.9 | 4ca16e66434d | 699e0a68 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 15:31 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 15:20 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 10:33 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 08:14 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 05:38 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 04:15 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 00:13 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/04 00:03 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/03 23:48 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce | |||||
2017/11/03 22:21 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | ci-android-49-kasan-gce |