syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [975] ≡ Subsystems 🐞 Fixed [5216] 🐞 Invalid [12469] ⬇ Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
===================================================== BUG: KMSAN: use-after-free in slab_alloc_node mm/slub.c:2762 [inline] BUG: KMSAN: use-after-free in kmem_cache_alloc_node+0x5a9/0xe60 mm/slub.c:2836 CPU: 0 PID: 23455 Comm: syz-executor.3 Not tainted 5.4.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x191/0x1f0 lib/dump_stack.c:113 kmsan_report+0x128/0x220 mm/kmsan/kmsan_report.c:108 __msan_warning+0x64/0xc0 mm/kmsan/kmsan_instr.c:245 slab_alloc_node mm/slub.c:2762 [inline] kmem_cache_alloc_node+0x5a9/0xe60 mm/slub.c:2836 __alloc_skb+0x215/0xa10 net/core/skbuff.c:197 alloc_skb include/linux/skbuff.h:1049 [inline] _sctp_make_chunk+0xee/0x8c0 net/sctp/sm_make_chunk.c:1394 sctp_make_control net/sctp/sm_make_chunk.c:1441 [inline] sctp_make_heartbeat+0xb8/0x9e0 net/sctp/sm_make_chunk.c:1148 sctp_sf_heartbeat net/sctp/sm_statefuns.c:990 [inline] sctp_sf_do_prm_requestheartbeat+0x8f/0x4b0 net/sctp/sm_statefuns.c:5329 sctp_do_sm+0x2b2/0x9720 net/sctp/sm_sideeffect.c:1152 sctp_primitive_REQUESTHEARTBEAT+0x175/0x1a0 net/sctp/primitive.c:185 sctp_apply_peer_addr_params+0x212/0x1d40 net/sctp/socket.c:2433 sctp_setsockopt_peer_addr_params net/sctp/socket.c:2686 [inline] sctp_setsockopt+0x189bb/0x19090 net/sctp/socket.c:4672 sock_common_setsockopt+0x13b/0x170 net/core/sock.c:3151 __sys_setsockopt+0x7c3/0xa30 net/socket.c:2084 __do_sys_setsockopt net/socket.c:2100 [inline] __se_sys_setsockopt+0xdd/0x100 net/socket.c:2097 __x64_sys_setsockopt+0x62/0x80 net/socket.c:2097 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f06fbcc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a639 RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000007 RBP: 000000000075bf20 R08: 0000000000000098 R09: 0000000000000000 R10: 0000000020000280 R11: 0000000000000246 R12: 00007f06fbcc56d4 R13: 00000000004d1a88 R14: 00000000004e08f0 R15: 00000000ffffffff Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:149 [inline] kmsan_internal_chain_origin+0xbd/0x180 mm/kmsan/kmsan.c:317 __msan_chain_origin+0x5c/0xc0 mm/kmsan/kmsan_instr.c:179 ___slab_alloc+0x1dbc/0x1fb0 mm/slub.c:2636 __slab_alloc mm/slub.c:2689 [inline] slab_alloc_node mm/slub.c:2763 [inline] kmem_cache_alloc_node+0xaf4/0xe60 mm/slub.c:2836 __alloc_skb+0x215/0xa10 net/core/skbuff.c:197 alloc_skb include/linux/skbuff.h:1049 [inline] sctp_packet_transmit+0x417/0x4250 net/sctp/output.c:572 sctp_outq_flush_transports net/sctp/outqueue.c:1146 [inline] sctp_outq_flush+0x1823/0x5d80 net/sctp/outqueue.c:1194 sctp_outq_uncork+0xd0/0xf0 net/sctp/outqueue.c:757 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1781 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline] sctp_do_sm+0x8fe1/0x9720 net/sctp/sm_sideeffect.c:1155 sctp_primitive_REQUESTHEARTBEAT+0x175/0x1a0 net/sctp/primitive.c:185 sctp_apply_peer_addr_params+0x212/0x1d40 net/sctp/socket.c:2433 sctp_setsockopt_peer_addr_params net/sctp/socket.c:2686 [inline] sctp_setsockopt+0x189bb/0x19090 net/sctp/socket.c:4672 sock_common_setsockopt+0x13b/0x170 net/core/sock.c:3151 __sys_setsockopt+0x7c3/0xa30 net/socket.c:2084 __do_sys_setsockopt net/socket.c:2100 [inline] __se_sys_setsockopt+0xdd/0x100 net/socket.c:2097 __x64_sys_setsockopt+0x62/0x80 net/socket.c:2097 do_syscall_64+0xb6/0x160 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:149 [inline] kmsan_internal_poison_shadow+0x60/0x120 mm/kmsan/kmsan.c:132 kmsan_slab_free+0x7a/0xe0 mm/kmsan/kmsan_hooks.c:107 slab_free_freelist_hook mm/slub.c:1473 [inline] slab_free mm/slub.c:3046 [inline] kmem_cache_free_bulk+0x3bcb/0x3f40 mm/slub.c:3171 __kfree_skb_flush+0xb0/0x100 net/core/skbuff.c:862 net_rx_action+0x1a5e/0x1aa0 net/core/dev.c:6483 __do_softirq+0x4a1/0x83a kernel/softirq.c:293 run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 smpboot_thread_fn+0x4a3/0x990 kernel/smpboot.c:165 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 =====================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/11/22 08:21 | https://github.com/google/kmsan.git master | b7a871998d3e | 8098ea0f | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/19 13:09 | https://github.com/google/kmsan.git master | 9c6a71628ab9 | 5bc70212 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/18 12:58 | https://github.com/google/kmsan.git master | 9c6a71628ab9 | 1daed50a | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/17 16:30 | https://github.com/google/kmsan.git master | 9c6a71628ab9 | d5696d51 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/17 06:39 | https://github.com/google/kmsan.git master | 9c6a71628ab9 | d5696d51 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/16 06:07 | https://github.com/google/kmsan.git master | 9c6a71628ab9 | cdac920b | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/15 20:44 | https://github.com/google/kmsan.git master | 9c6a71628ab9 | cdac920b | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/12 17:52 | https://github.com/google/kmsan.git master | e741088f2efa | 048f2d49 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/08 23:33 | https://github.com/google/kmsan.git master | e741088f2efa | dc438b91 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/11/01 00:24 | https://github.com/google/kmsan.git master | 6f88939b3fa3 | a41ca8fa | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/27 21:43 | https://github.com/google/kmsan.git master | d86c15562d02 | 25bb509e | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/18 14:58 | https://github.com/google/kmsan.git master | 3c8ca70889aa | 8c88c9c1 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/18 13:22 | https://github.com/google/kmsan.git master | 3c8ca70889aa | 8c88c9c1 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/17 10:52 | https://github.com/google/kmsan.git master | 18ccb5c7d3f4 | 8c88c9c1 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/15 07:24 | https://github.com/google/kmsan.git master | c24534505750 | 05ad7292 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/14 11:45 | https://github.com/google/kmsan.git master | a1a7d049fdec | a6aef847 | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/10 07:56 | https://github.com/google/kmsan.git master | dc327ecad3b0 | c4b9981b | .config | console log | report | ci-upstream-kmsan-gce | |||||
| 2019/10/09 06:53 | https://github.com/google/kmsan.git master | cebb918b7474 | b1ebbfef | .config | console log | report | ci-upstream-kmsan-gce |