| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-49 | BUG: Double free or freeing an invalid pointer (2) | C | 1 | 2332d | 2332d | 2/3 | fixed on 2018/02/20 22:33 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-49 | BUG: Double free or freeing an invalid pointer (2) | C | 1 | 2332d | 2332d | 2/3 | fixed on 2018/02/20 22:33 |
keychord: using input dev AT Translated Set 2 keyboard for fevent keychord: using input dev AT Translated Set 2 keyboard for fevent ================================================================== BUG: Double free or freeing an invalid pointer Unexpected shadow byte: 0xFB CPU: 1 PID: 3477 Comm: syz-executor0 Not tainted 4.9.41-gc6b2ed3 #21 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c780fb70 ffffffff81d92609 ffff8801da001b40 ffff8801d1b4f980 ffff8801d1b4f990 ffffffff82a73968 0000000000000282 ffff8801c780fb98 ffffffff8153c1bc 00000000fffffffb ffff8801da001b40 ffff8801d1b4f980 Call Trace: [<ffffffff81d92609>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d92609>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [<ffffffff8153c9f3>] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181 [<ffffffff8153bdad>] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562 [<ffffffff81538930>] slab_free_hook mm/slub.c:1355 [inline] [<ffffffff81538930>] slab_free_freelist_hook mm/slub.c:1377 [inline] [<ffffffff81538930>] slab_free mm/slub.c:2958 [inline] [<ffffffff81538930>] kfree+0xf0/0x2f0 mm/slub.c:3878 [<ffffffff82a73968>] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319 [<ffffffff8156a133>] __vfs_write+0x103/0x680 fs/read_write.c:510 [<ffffffff8156e260>] vfs_write+0x170/0x4e0 fs/read_write.c:560 [<ffffffff81571c59>] SYSC_write fs/read_write.c:607 [inline] [<ffffffff81571c59>] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801d1b4f980, in cache kmalloc-16 size: 16 Allocated: PID = 3477 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 __kmalloc+0x11d/0x310 mm/slub.c:3741 kmalloc include/linux/slab.h:495 [inline] kzalloc include/linux/slab.h:636 [inline] keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 3493 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kfree+0xf0/0x2f0 mm/slub.c:3878 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== ================================================================== BUG: Double free or freeing an invalid pointer Unexpected shadow byte: 0xFB CPU: 0 PID: 3524 Comm: syz-executor0 Tainted: G B 4.9.41-gc6b2ed3 #21 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801d0ccfb70 ffffffff81d92609 ffff8801da001b40 ffff8801d851dd00 ffff8801d851dd10 ffffffff82a73968 0000000000000282 ffff8801d0ccfb98 ffffffff8153c1bc 00000000fffffffb ffff8801da001b40 ffff8801d851dd00 Call Trace: [<ffffffff81d92609>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d92609>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [<ffffffff8153c9f3>] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181 [<ffffffff8153bdad>] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562 [<ffffffff81538930>] slab_free_hook mm/slub.c:1355 [inline] [<ffffffff81538930>] slab_free_freelist_hook mm/slub.c:1377 [inline] [<ffffffff81538930>] slab_free mm/slub.c:2958 [inline] [<ffffffff81538930>] kfree+0xf0/0x2f0 mm/slub.c:3878 [<ffffffff82a73968>] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319 [<ffffffff8156a133>] __vfs_write+0x103/0x680 fs/read_write.c:510 [<ffffffff8156e260>] vfs_write+0x170/0x4e0 fs/read_write.c:560 [<ffffffff81571c59>] SYSC_write fs/read_write.c:607 [inline] [<ffffffff81571c59>] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801d851dd00, in cache kmalloc-16 size: 16 Allocated: PID = 3524 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 __kmalloc+0x11d/0x310 mm/slub.c:3741 kmalloc include/linux/slab.h:495 [inline] kzalloc include/linux/slab.h:636 [inline] keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 3565 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kfree+0xf0/0x2f0 mm/slub.c:3878 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 ================================================================== ================================================================== BUG: Double free or freeing an invalid pointer Unexpected shadow byte: 0xFB CPU: 1 PID: 3608 Comm: syz-executor2 Tainted: G B 4.9.41-gc6b2ed3 #21 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801ccd6fb70 ffffffff81d92609 ffff8801da001b40 ffff8801d851d760 ffff8801d851d770 ffffffff82a73968 0000000000000282 ffff8801ccd6fb98 ffffffff8153c1bc 00000000fffffffb ffff8801da001b40 ffff8801d851d760 Call Trace: [<ffffffff81d92609>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d92609>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160 [<ffffffff8153c9f3>] kasan_report_double_free+0x53/0x80 mm/kasan/report.c:181 [<ffffffff8153bdad>] kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:562 [<ffffffff81538930>] slab_free_hook mm/slub.c:1355 [inline] [<ffffffff81538930>] slab_free_freelist_hook mm/slub.c:1377 [inline] [<ffffffff81538930>] slab_free mm/slub.c:2958 [inline] [<ffffffff81538930>] kfree+0xf0/0x2f0 mm/slub.c:3878 [<ffffffff82a73968>] keychord_write+0x628/0x820 drivers/input/misc/keychord.c:319 [<ffffffff8156a133>] __vfs_write+0x103/0x680 fs/read_write.c:510 [<ffffffff8156e260>] vfs_write+0x170/0x4e0 fs/read_write.c:560 [<ffffffff81571c59>] SYSC_write fs/read_write.c:607 [inline] [<ffffffff81571c59>] SyS_write+0xd9/0x1b0 fs/read_write.c:599 [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6 Object at ffff8801d851d760, in cache kmalloc-16 size: 16 Allocated: PID = 3608 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598 __kmalloc+0x11d/0x310 mm/slub.c:3741 kmalloc include/linux/slab.h:495 [inline] kzalloc include/linux/slab.h:636 [inline] keychord_write+0x6d/0x820 drivers/input/misc/keychord.c:243 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 3631 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:495 set_track mm/kasan/kasan.c:507 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2958 [inline] kfree+0xf0/0x2f0 mm/slub.c:3878 keychord_write+0x15d/0x820 drivers/input/misc/keychord.c:261 __vfs_write+0x103/0x680 fs/read_write.c:510 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xd9/0x1b0 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x23/0xc6
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2017/08/10 23:45 | https://android.googlesource.com/kernel/common android-4.9 | c6b2ed395f12 | 125de3e4 | .config | console log | report | syz | ci-android-49-kasan-gce | ||||
| 2017/07/28 01:15 | https://android.googlesource.com/kernel/common android-4.9 | a1e4c795e1b6 | b0d23a5c | .config | console log | report | syz | ci-android-49-kasan-gce | ||||
| 2017/07/22 06:20 | https://android.googlesource.com/kernel/common android-4.9 | 5b07c2d25292 | b59a95bc | .config | console log | report | syz | ci-android-49-kasan-gce | ||||
| 2017/08/11 02:49 | https://android.googlesource.com/kernel/common android-4.9 | c6b2ed395f12 | 125de3e4 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/10 22:00 | https://android.googlesource.com/kernel/common android-4.9 | c6b2ed395f12 | 125de3e4 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/10 19:14 | https://android.googlesource.com/kernel/common android-4.9 | c6b2ed395f12 | 125de3e4 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/10 13:36 | https://android.googlesource.com/kernel/common android-4.9 | db0248427f18 | 7e288c05 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/10 11:12 | https://android.googlesource.com/kernel/common android-4.9 | db0248427f18 | 7e288c05 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/10 03:47 | https://android.googlesource.com/kernel/common android-4.9 | db0248427f18 | 7e288c05 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/10 02:22 | https://android.googlesource.com/kernel/common android-4.9 | db0248427f18 | 7e288c05 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/09 17:01 | https://android.googlesource.com/kernel/common android-4.9 | db0248427f18 | 7e288c05 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/09 11:22 | https://android.googlesource.com/kernel/common android-4.9 | db0248427f18 | 7e288c05 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/08 03:37 | https://android.googlesource.com/kernel/common android-4.9 | 7b2727c68878 | 77a9ec9b | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/06 00:59 | https://android.googlesource.com/kernel/common android-4.9 | 682c1e364674 | a8561e92 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/04 05:39 | https://android.googlesource.com/kernel/common android-4.9 | 682c1e364674 | a8561e92 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/03 22:38 | https://android.googlesource.com/kernel/common android-4.9 | 682c1e364674 | a8561e92 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/01 13:17 | https://android.googlesource.com/kernel/common android-4.9 | ed323354ecec | f5040a63 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/08/01 01:33 | https://android.googlesource.com/kernel/common android-4.9 | ed323354ecec | f5040a63 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/07/30 23:26 | https://android.googlesource.com/kernel/common android-4.9 | ed323354ecec | f5040a63 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/07/30 13:54 | https://android.googlesource.com/kernel/common android-4.9 | ed323354ecec | f5040a63 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/07/29 06:32 | https://android.googlesource.com/kernel/common android-4.9 | ed323354ecec | 078d5f87 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/07/28 10:15 | https://android.googlesource.com/kernel/common android-4.9 | ed323354ecec | b0d23a5c | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/07/28 08:31 | https://android.googlesource.com/kernel/common android-4.9 | a1e4c795e1b6 | b0d23a5c | .config | console log | report | ci-android-49-kasan-gce |