syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [1130] 🐞 Fixed [4212] 🐞 Invalid [9343] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2022/09/10 00:27 | 10m | retest repro | upstream | report log | |
| 2022/09/09 21:27 | 10m | retest repro | upstream | report log | |
| 2022/09/08 04:27 | 11m | retest repro | upstream | report log | |
| 2022/09/08 00:27 | 11m | retest repro | upstream | report log | |
| 2022/09/05 05:27 | 10m | retest repro | upstream | report log | |
| 2022/09/03 06:27 | 10m | retest repro | net-next | report log |
================================================================== BUG: KASAN: use-after-free in atomic_sub_return include/asm-generic/atomic-instrumented.h:159 [inline] BUG: KASAN: use-after-free in atomic_dec_return include/linux/atomic-fallback.h:455 [inline] BUG: KASAN: use-after-free in j1939_sock_pending_del+0x26/0x80 net/can/j1939/socket.c:73 Write of size 4 at addr ffff8880937f24c0 by task ksoftirqd/0/9 CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.4.0-rc6+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:634 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 __kasan_check_write+0x14/0x20 mm/kasan/common.c:98 atomic_sub_return include/asm-generic/atomic-instrumented.h:159 [inline] atomic_dec_return include/linux/atomic-fallback.h:455 [inline] j1939_sock_pending_del+0x26/0x80 net/can/j1939/socket.c:73 __j1939_session_drop net/can/j1939/transport.c:257 [inline] j1939_session_destroy net/can/j1939/transport.c:270 [inline] __j1939_session_release net/can/j1939/transport.c:280 [inline] kref_put include/linux/kref.h:65 [inline] j1939_session_put+0x107/0x180 net/can/j1939/transport.c:285 j1939_xtp_rx_abort_one+0xc7/0x100 net/can/j1939/transport.c:1261 j1939_xtp_rx_abort net/can/j1939/transport.c:1269 [inline] j1939_tp_cmd_recv net/can/j1939/transport.c:1940 [inline] j1939_tp_recv+0x783/0x9b0 net/can/j1939/transport.c:1973 j1939_can_recv+0x4bb/0x620 net/can/j1939/main.c:100 deliver net/can/af_can.c:568 [inline] can_rcv_filter+0x292/0x8e0 net/can/af_can.c:602 can_receive+0x2e7/0x530 net/can/af_can.c:659 can_rcv+0x133/0x1b0 net/can/af_can.c:685 __netif_receive_skb_one_core+0x113/0x1a0 net/core/dev.c:4929 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5043 process_backlog+0x206/0x750 net/core/dev.c:5874 napi_poll net/core/dev.c:6311 [inline] net_rx_action+0x508/0x1120 net/core/dev.c:6379 __do_softirq+0x262/0x98c kernel/softirq.c:292 run_ksoftirqd kernel/softirq.c:603 [inline] run_ksoftirqd+0x8e/0x110 kernel/softirq.c:595 smpboot_thread_fn+0x6a3/0xa40 kernel/smpboot.c:165 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 9288: save_stack+0x23/0x90 mm/kasan/common.c:69 set_track mm/kasan/common.c:77 [inline] __kasan_kmalloc mm/kasan/common.c:510 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:483 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:524 __do_kmalloc mm/slab.c:3655 [inline] __kmalloc+0x163/0x770 mm/slab.c:3664 kmalloc include/linux/slab.h:561 [inline] sk_prot_alloc+0x23a/0x310 net/core/sock.c:1605 sk_alloc+0x39/0xf70 net/core/sock.c:1659 can_create+0x1e7/0x4b0 net/can/af_can.c:157 __sock_create+0x3d8/0x730 net/socket.c:1418 sock_create net/socket.c:1469 [inline] __sys_socket+0x103/0x220 net/socket.c:1511 __do_sys_socket net/socket.c:1520 [inline] __se_sys_socket net/socket.c:1518 [inline] __x64_sys_socket+0x73/0xb0 net/socket.c:1518 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 9: save_stack+0x23/0x90 mm/kasan/common.c:69 set_track mm/kasan/common.c:77 [inline] kasan_set_free_info mm/kasan/common.c:332 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/common.c:471 kasan_slab_free+0xe/0x10 mm/kasan/common.c:480 __cache_free mm/slab.c:3425 [inline] kfree+0x10a/0x2c0 mm/slab.c:3756 sk_prot_free net/core/sock.c:1642 [inline] __sk_destruct+0x4aa/0x680 net/core/sock.c:1726 sk_destruct+0xd5/0x110 net/core/sock.c:1741 __sk_free+0xfb/0x360 net/core/sock.c:1752 sock_wfree+0xed/0x190 net/core/sock.c:1968 skb_release_head_state+0xeb/0x260 net/core/skbuff.c:652 skb_release_all+0x16/0x60 net/core/skbuff.c:663 __kfree_skb net/core/skbuff.c:679 [inline] kfree_skb net/core/skbuff.c:697 [inline] kfree_skb+0x101/0x3c0 net/core/skbuff.c:691 skb_queue_purge+0x19/0x40 net/core/skbuff.c:3078 j1939_session_destroy net/can/j1939/transport.c:269 [inline] __j1939_session_release net/can/j1939/transport.c:280 [inline] kref_put include/linux/kref.h:65 [inline] j1939_session_put+0x97/0x180 net/can/j1939/transport.c:285 j1939_xtp_rx_abort_one+0xc7/0x100 net/can/j1939/transport.c:1261 j1939_xtp_rx_abort net/can/j1939/transport.c:1269 [inline] j1939_tp_cmd_recv net/can/j1939/transport.c:1940 [inline] j1939_tp_recv+0x783/0x9b0 net/can/j1939/transport.c:1973 j1939_can_recv+0x4bb/0x620 net/can/j1939/main.c:100 deliver net/can/af_can.c:568 [inline] can_rcv_filter+0x292/0x8e0 net/can/af_can.c:602 can_receive+0x2e7/0x530 net/can/af_can.c:659 can_rcv+0x133/0x1b0 net/can/af_can.c:685 __netif_receive_skb_one_core+0x113/0x1a0 net/core/dev.c:4929 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5043 process_backlog+0x206/0x750 net/core/dev.c:5874 napi_poll net/core/dev.c:6311 [inline] net_rx_action+0x508/0x1120 net/core/dev.c:6379 __do_softirq+0x262/0x98c kernel/softirq.c:292 The buggy address belongs to the object at ffff8880937f2000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 1216 bytes inside of 2048-byte region [ffff8880937f2000, ffff8880937f2800) The buggy address belongs to the page: page:ffffea00024dfc80 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 flags: 0x1fffc0000000200(slab) raw: 01fffc0000000200 ffffea000248d788 ffff8880aa401948 ffff8880aa400e00 raw: 0000000000000000 ffff8880937f2000 0000000100000001 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880937f2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880937f2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880937f2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880937f2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880937f2580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
| Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|
| ci-upstream-kasan-gce-root | 2019/11/07 14:54 | upstream | 4dd58158254c | d797d201 | .config | log | report | syz | |||
| ci-upstream-kasan-gce-smack-root | 2019/11/07 10:18 | upstream | 4dd58158254c | d797d201 | .config | log | report | syz | |||
| ci-upstream-kasan-gce-root | 2019/11/06 01:27 | upstream | a99d8080aaf3 | 0f3ec414 | .config | log | report | syz | |||
| ci-upstream-kasan-gce | 2019/11/05 11:01 | upstream | a99d8080aaf3 | 76630fc9 | .config | log | report | syz | |||
| ci-upstream-kasan-gce-smack-root | 2019/11/05 03:13 | upstream | a99d8080aaf3 | 76630fc9 | .config | log | report | syz | |||
| ci-upstream-net-kasan-gce | 2019/11/05 03:46 | net-next | 1574cf83c7a0 | 76630fc9 | .config | log | report | syz | |||
| ci-upstream-kasan-gce-root | 2019/11/17 03:29 | upstream | 6c9594bdd474 | d5696d51 | .config | log | report | ||||
| ci-upstream-kasan-gce-root | 2019/11/15 15:52 | upstream | 96b95eff4a59 | cdac920b | .config | log | report | ||||
| ci-upstream-kasan-gce | 2019/11/12 06:59 | upstream | de620fb99ef2 | 048f2d49 | .config | log | report | ||||
| ci-upstream-kasan-gce-smack-root | 2019/11/11 19:25 | upstream | 31f4f5b495a6 | 048f2d49 | .config | log | report | ||||
| ci-upstream-kasan-gce-smack-root | 2019/11/11 11:29 | upstream | 9805a68371ce | dc438b91 | .config | log | report | ||||
| ci-upstream-kasan-gce-selinux-root | 2019/11/11 10:15 | upstream | 9805a68371ce | dc438b91 | .config | log | report | ||||
| ci-upstream-kasan-gce-root | 2019/11/06 03:50 | upstream | 26bc67213424 | bc2c6e45 | .config | log | report | ||||
| ci-upstream-kasan-gce-root | 2019/11/06 00:59 | upstream | a99d8080aaf3 | 0f3ec414 | .config | log | report | ||||
| ci-upstream-net-kasan-gce | 2019/11/16 16:55 | net-next | 20021578ba22 | d5696d51 | .config | log | report | ||||
| ci-upstream-net-kasan-gce | 2019/11/10 21:14 | net-next | 7941af9b38fa | dc438b91 | .config | log | report | ||||
| ci-upstream-linux-next-kasan-gce-root | 2019/11/09 01:13 | linux-next | 5591cf003452 | dc438b91 | .config | log | report |