syzbot |
sign-in | mailing list | source | docs |
🐞 Open [1163] 🐞 Fixed [4299] 🐞 Invalid [9644] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes |
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) ================================================================== BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:143 [inline] BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:492 [inline] BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:534 [inline] BUG: KASAN: use-after-free in rhashtable_lookup_fast include/linux/rhashtable.h:560 [inline] BUG: KASAN: use-after-free in ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:133 [inline] BUG: KASAN: use-after-free in ila_xlat_addr net/ipv6/ila/ila_xlat.c:658 [inline] BUG: KASAN: use-after-free in ila_nf_input+0xcd7/0xe00 net/ipv6/ila/ila_xlat.c:191 Read of size 4 at addr ffff88805d2d12cc by task ksoftirqd/0/9 CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.0.0+ #6 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:134 rht_key_hashfn include/linux/rhashtable.h:143 [inline] __rhashtable_lookup include/linux/rhashtable.h:492 [inline] rhashtable_lookup include/linux/rhashtable.h:534 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:560 [inline] ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:133 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:658 [inline] ila_nf_input+0xcd7/0xe00 net/ipv6/ila/ila_xlat.c:191 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xbf/0x1f0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:244 [inline] NF_HOOK include/linux/netfilter.h:287 [inline] ipv6_rcv+0x25d/0x420 net/ipv6/ip6_input.c:272 __netif_receive_skb_one_core+0x115/0x1a0 net/core/dev.c:4973 __netif_receive_skb+0x2c/0x1c0 net/core/dev.c:5083 process_backlog+0x206/0x750 net/core/dev.c:5923 napi_poll net/core/dev.c:6346 [inline] net_rx_action+0x4fa/0x1070 net/core/dev.c:6412 __do_softirq+0x266/0x95a kernel/softirq.c:292 run_ksoftirqd kernel/softirq.c:654 [inline] run_ksoftirqd+0x8e/0x110 kernel/softirq.c:646 smpboot_thread_fn+0x6ab/0xa10 kernel/smpboot.c:164 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Allocated by task 7632: save_stack+0x45/0xd0 mm/kasan/common.c:73 set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc mm/kasan/common.c:495 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:468 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:509 __do_kmalloc_node mm/slab.c:3678 [inline] __kmalloc_node+0x4e/0x70 mm/slab.c:3685 kmalloc_node include/linux/slab.h:588 [inline] kvmalloc_node+0xbd/0x100 mm/util.c:416 kvmalloc include/linux/mm.h:604 [inline] kvzalloc include/linux/mm.h:612 [inline] bucket_table_alloc+0x3f/0x450 lib/rhashtable.c:176 rhashtable_init+0x489/0x8a0 lib/rhashtable.c:1065 ila_xlat_init_net+0x1df/0x2f0 net/ipv6/ila/ila_xlat.c:623 ila_init_net+0x16/0x20 net/ipv6/ila/ila_main.c:63 ops_init+0xb6/0x410 net/core/net_namespace.c:129 setup_net+0x2c5/0x730 net/core/net_namespace.c:314 copy_net_ns+0x1d9/0x340 net/core/net_namespace.c:437 create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:107 unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:206 ksys_unshare+0x440/0x980 kernel/fork.c:2550 __do_sys_unshare kernel/fork.c:2618 [inline] __se_sys_unshare kernel/fork.c:2616 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:2616 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 8191: save_stack+0x45/0xd0 mm/kasan/common.c:73 set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/common.c:457 kasan_slab_free+0xe/0x10 mm/kasan/common.c:465 __cache_free mm/slab.c:3494 [inline] kfree+0xcf/0x230 mm/slab.c:3811 kvfree+0x61/0x70 mm/util.c:445 bucket_table_free+0x93/0x180 lib/rhashtable.c:108 rhashtable_free_and_destroy+0x155/0x8f0 lib/rhashtable.c:1163 ila_xlat_exit_net+0x1a4/0x360 net/ipv6/ila/ila_xlat.c:632 ila_exit_net+0x16/0x20 net/ipv6/ila/ila_main.c:75 ops_exit_list.isra.0+0xb0/0x160 net/core/net_namespace.c:153 cleanup_net+0x3fb/0x960 net/core/net_namespace.c:551 process_one_work+0x98e/0x1790 kernel/workqueue.c:2173 worker_thread+0x98/0xe40 kernel/workqueue.c:2319 kthread+0x357/0x430 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 The buggy address belongs to the object at ffff88805d2d12c0 which belongs to the cache kmalloc-32k of size 32768 The buggy address is located 12 bytes inside of 32768-byte region [ffff88805d2d12c0, ffff88805d2d92c0) The buggy address belongs to the page: page:ffffea000174b400 count:1 mapcount:0 mapping:ffff88812c3f2380 index:0x0 compound_mapcount: 0 flags: 0x1fffc0000010200(slab|head) raw: 01fffc0000010200 ffffea0001746408 ffffea000173d408 ffff88812c3f2380 raw: 0000000000000000 ffff88805d2d12c0 0000000100000001 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88805d2d1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88805d2d1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88805d2d1280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ^ ffff88805d2d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88805d2d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
ci-upstream-kasan-gce-root | 2019/03/05 17:31 | upstream | cd2a3bf02625 | bb91cf81 | .config | console log | report | |||||
ci-upstream-bpf-kasan-gce | 2019/09/25 12:25 | bpf | 733ef7f056a5 | e38a6630 | .config | console log | report | |||||
ci-upstream-bpf-kasan-gce | 2019/06/07 14:06 | bpf | 4aeba328019a | ce9107d0 | .config | console log | report | |||||
ci-upstream-bpf-kasan-gce | 2019/04/13 10:28 | bpf | ad40ddd4cef4 | c402d8f1 | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/04/09 21:16 | net | e063f4598249 | 995065ff | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/04/09 16:32 | net | e063f4598249 | 995065ff | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/27 16:41 | net | 8c838f53e149 | 4e668495 | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/26 22:12 | net | d29f5aa0bc0c | 55684ce1 | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/22 12:15 | net | 33872d79f5d1 | dce6e62f | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/22 01:56 | net | 33872d79f5d1 | dce6e62f | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/17 13:20 | net | 517ccc2aa50d | ba18afea | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/14 16:37 | net | 9417d81f4f8a | d09a902e | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/12 20:42 | net | a3b1933d34d5 | a71bfb62 | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/12 05:56 | net | 41af8b3a097c | 12365b99 | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/10 00:11 | net | 1f5d861f7fef | 12365b99 | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/03/06 12:28 | net | 4177c5d94264 | 05cf83bf | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/02/27 19:18 | net | bfd07f3dd4f1 | 083cfd0e | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/02/14 23:00 | net | 8d6ea932856c | 76dd003f | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/02/03 18:28 | net | c14f07c6211c | c198d5dd | .config | console log | report | |||||
ci-upstream-net-this-kasan-gce | 2019/01/31 15:38 | net | 3aa9179b2dfe | 0e8ea0a3 | .config | console log | report | |||||
ci-upstream-bpf-next-kasan-gce | 2019/09/29 14:14 | bpf-next | b41dae061bbd | c1ad5441 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/08/11 18:17 | net-next | 2cc2743d8fee | acb51638 | .config | console log | report | |||||
ci-upstream-bpf-next-kasan-gce | 2019/07/23 04:23 | bpf-next | 192f0f8e9db7 | 55e0c077 | .config | console log | report | |||||
ci-upstream-bpf-next-kasan-gce | 2019/04/30 03:59 | bpf-next | 9076c49bdca2 | b617407b | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/04/02 07:32 | net-next | f5d547676ca0 | a9ca43d4 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/04/01 19:43 | net-next | f5d547676ca0 | a9ca43d4 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/26 16:24 | net-next | 68cc2999f692 | 55684ce1 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/17 13:39 | net-next | 3b319ee220a8 | ba18afea | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/16 09:33 | net-next | 3b319ee220a8 | bab43553 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/14 03:22 | net-next | d9862cfbe209 | 2881fc25 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/12 22:41 | net-next | d9862cfbe209 | a71bfb62 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/09 02:26 | net-next | d9862cfbe209 | 12365b99 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/08 21:12 | net-next | d9862cfbe209 | 12365b99 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/08 14:06 | net-next | d9862cfbe209 | 12365b99 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/08 07:27 | net-next | d9862cfbe209 | 4b69c3cb | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/07 23:48 | net-next | d9862cfbe209 | 4b69c3cb | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/06 06:11 | net-next | d9862cfbe209 | 16559f86 | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/04 06:01 | net-next | 41bc0ddb80e0 | 1c0e457a | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/03/01 08:11 | net-next | be9cefe796f3 | 8a4b3a6b | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/02/17 09:05 | net-next | f2281c245d60 | f42dee6d | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/02/16 16:58 | net-next | bb015f2216fe | f42dee6d | .config | console log | report | |||||
ci-upstream-net-kasan-gce | 2019/02/03 00:26 | net-next | a68a8481353a | c198d5dd | .config | console log | report | |||||
ci-upstream-bpf-next-kasan-gce | 2019/01/15 13:34 | bpf-next | b71acb0e3721 | ebacf5cb | .config | console log | report |