| Title | Replies (including bot) | Last reply |
|---|---|---|
| Reminder: 4 open syzbot bugs in "net/rds" subsystem | 1 (1) | 2019/07/24 02:34 |
| KASAN: slab-out-of-bounds Read in rds_cong_queue_updates (2) | 1 (2) | 2018/07/11 21:00 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| Reminder: 4 open syzbot bugs in "net/rds" subsystem | 1 (1) | 2019/07/24 02:34 |
| KASAN: slab-out-of-bounds Read in rds_cong_queue_updates (2) | 1 (2) | 2018/07/11 21:00 |
================================================================== BUG: KASAN: slab-out-of-bounds in atomic_read include/asm-generic/atomic-instrumented.h:26 [inline] BUG: KASAN: slab-out-of-bounds in refcount_read include/linux/refcount.h:43 [inline] BUG: KASAN: slab-out-of-bounds in check_net include/net/net_namespace.h:254 [inline] BUG: KASAN: slab-out-of-bounds in rds_destroy_pending net/rds/rds.h:951 [inline] BUG: KASAN: slab-out-of-bounds in rds_cong_queue_updates+0x209/0x4d0 net/rds/cong.c:229 Read of size 4 at addr ffff888081e24044 by task syz-executor.2/1803 CPU: 1 PID: 1803 Comm: syz-executor.2 Not tainted 5.1.0-rc3+ #51 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x123/0x190 mm/kasan/generic.c:191 kasan_check_read+0x11/0x20 mm/kasan/common.c:102 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline] refcount_read include/linux/refcount.h:43 [inline] check_net include/net/net_namespace.h:254 [inline] rds_destroy_pending net/rds/rds.h:951 [inline] rds_cong_queue_updates+0x209/0x4d0 net/rds/cong.c:229 rds_recv_rcvbuf_delta.part.0+0x34f/0x3f0 net/rds/recv.c:118 rds_recv_rcvbuf_delta net/rds/recv.c:379 [inline] rds_recv_incoming+0x789/0x11f0 net/rds/recv.c:379 rds_loop_xmit+0xf3/0x2a0 net/rds/loop.c:96 rds_send_xmit+0x1113/0x2560 net/rds/send.c:355 rds_sendmsg+0x3017/0x3550 net/rds/send.c:1369 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:661 __sys_sendto+0x262/0x380 net/socket.c:1932 __do_sys_sendto net/socket.c:1944 [inline] __se_sys_sendto net/socket.c:1940 [inline] __x64_sys_sendto+0xe1/0x1a0 net/socket.c:1940 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4582b9 Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007eff0a64dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9 RDX: 0000000000000480 RSI: 0000000020000a00 RDI: 0000000000000003 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff0a64e6d4 R13: 00000000004c59aa R14: 00000000004d9cf8 R15: 00000000ffffffff Allocated by task 28778: save_stack+0x45/0xd0 mm/kasan/common.c:75 set_track mm/kasan/common.c:87 [inline] __kasan_kmalloc mm/kasan/common.c:497 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:470 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:505 slab_post_alloc_hook mm/slab.h:437 [inline] slab_alloc_node mm/slab.c:3337 [inline] kmem_cache_alloc_node+0x131/0x710 mm/slab.c:3647 alloc_task_struct_node kernel/fork.c:157 [inline] dup_task_struct kernel/fork.c:844 [inline] copy_process.part.0+0x1d08/0x7980 kernel/fork.c:1752 copy_process kernel/fork.c:1709 [inline] _do_fork+0x257/0xfd0 kernel/fork.c:2226 __do_sys_clone kernel/fork.c:2333 [inline] __se_sys_clone kernel/fork.c:2327 [inline] __x64_sys_clone+0xbf/0x150 kernel/fork.c:2327 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 28778: save_stack+0x45/0xd0 mm/kasan/common.c:75 set_track mm/kasan/common.c:87 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/common.c:459 kasan_slab_free+0xe/0x10 mm/kasan/common.c:467 __cache_free mm/slab.c:3500 [inline] kmem_cache_free+0x86/0x260 mm/slab.c:3766 free_task_struct kernel/fork.c:162 [inline] free_task+0xdd/0x120 kernel/fork.c:457 copy_process.part.0+0x1a3a/0x7980 kernel/fork.c:2158 copy_process kernel/fork.c:1709 [inline] _do_fork+0x257/0xfd0 kernel/fork.c:2226 __do_sys_clone kernel/fork.c:2333 [inline] __se_sys_clone kernel/fork.c:2327 [inline] __x64_sys_clone+0xbf/0x150 kernel/fork.c:2327 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff888081e24200 which belongs to the cache task_struct(33:syz1) of size 6080 The buggy address is located 444 bytes to the left of 6080-byte region [ffff888081e24200, ffff888081e259c0) The buggy address belongs to the page: page:ffffea0002078900 count:1 mapcount:0 mapping:ffff88808a633cc0 index:0x0 compound_mapcount: 0 flags: 0x1fffc0000010200(slab|head) raw: 01fffc0000010200 ffffea000285b608 ffffea000258a908 ffff88808a633cc0 raw: 0000000000000000 ffff888081e24200 0000000100000001 ffff888091414480 page dumped because: kasan: bad access detected page->mem_cgroup:ffff888091414480 Memory state around the buggy address: ffff888081e23f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888081e23f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888081e24000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888081e24080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888081e24100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/04/04 11:53 | upstream | 145f47c7381d | 6a475fff | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/04/03 21:17 | upstream | 8ed86627f715 | dfd3394d | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
| 2019/03/26 13:13 | upstream | a3ac7917b730 | 55684ce1 | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/25 19:41 | upstream | 8c2ffd917477 | 2c86e0a5 | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/25 15:53 | upstream | 8c2ffd917477 | 2c86e0a5 | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/24 23:12 | upstream | 1bdd3dbfff7a | acbc5b7d | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/24 05:27 | upstream | a5ed1e96cafd | a2cef203 | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/22 20:19 | upstream | fd1f297b794c | 3361bde5 | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/22 15:36 | upstream | 0939221e6468 | dce6e62f | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/22 12:33 | upstream | 0939221e6468 | dce6e62f | .config | console log | report | ci-upstream-kasan-gce | |||||
| 2019/03/21 04:59 | upstream | 54c490164523 | 427ea487 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/03/19 00:40 | upstream | 9e98c678c2d6 | 46264c32 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/03/18 14:10 | upstream | 9e98c678c2d6 | 4656beca | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/03/15 23:35 | upstream | 6c83d0d5eb62 | bab43553 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/03/15 13:05 | upstream | f261c4e529da | bab43553 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/03/11 21:53 | upstream | a089e4fed5c5 | 12365b99 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/03/06 22:06 | upstream | afe6fe7036c6 | 18215b8d | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
| 2019/01/30 03:09 | upstream | 62967898789d | aa432daf | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2019/02/25 09:13 | upstream | 5908e6b738e3 | a70141bf | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
| 2019/03/24 07:02 | net-old | c8248c6c1a3d | a2cef203 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2019/03/19 13:52 | net-old | ffa91253739c | e4549234 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2019/03/18 13:28 | net-old | ea239314fe42 | 4656beca | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2018/07/11 04:20 | net-old | 0026129c8629 | 2e0e3130 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
| 2019/04/02 05:57 | net-next-old | f5d547676ca0 | a9ca43d4 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/04/01 14:32 | net-next-old | 6578229d4efb | ccf2355a | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/31 12:21 | net-next-old | 35f861e3c58e | 0c624d4d | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/31 05:46 | net-next-old | 35f861e3c58e | 0c624d4d | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/30 22:48 | net-next-old | 35f861e3c58e | 0c624d4d | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/30 20:28 | net-next-old | 35f861e3c58e | c35ee0ea | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/30 11:50 | net-next-old | 35f861e3c58e | c35ee0ea | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/30 09:32 | net-next-old | 35f861e3c58e | c35ee0ea | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/29 23:35 | net-next-old | 35f861e3c58e | c35ee0ea | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/29 20:37 | net-next-old | 113e59d09fbc | 98c1bf1c | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/28 19:44 | net-next-old | 356d71e00d27 | 14c58f8d | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/28 10:44 | net-next-old | 356d71e00d27 | f94f56fe | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/27 01:30 | net-next-old | be67101fbf27 | 55684ce1 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/26 08:17 | net-next-old | 68cc2999f692 | 55684ce1 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/25 11:10 | net-next-old | 68cc2999f692 | 2c86e0a5 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/22 01:43 | net-next-old | 0b03a5ca8b14 | dce6e62f | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/16 20:24 | net-next-old | 3b319ee220a8 | bab43553 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/16 18:46 | net-next-old | 3b319ee220a8 | bab43553 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/16 14:09 | net-next-old | 3b319ee220a8 | bab43553 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/16 12:28 | net-next-old | 3b319ee220a8 | bab43553 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/16 06:38 | net-next-old | 3b319ee220a8 | bab43553 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/15 21:06 | net-next-old | 3b319ee220a8 | bab43553 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/15 19:27 | net-next-old | 3b319ee220a8 | bab43553 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/15 05:59 | net-next-old | 3b319ee220a8 | d72db19b | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/14 18:08 | net-next-old | d9862cfbe209 | d09a902e | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/12 11:33 | net-next-old | d9862cfbe209 | 12365b99 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/03/11 16:24 | net-next-old | d9862cfbe209 | 12365b99 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2019/02/16 10:38 | linux-next | 7a92eb7cc1dc | f42dee6d | .config | console log | report | ci-upstream-linux-next-kasan-gce-root |