syzbot |
sign-in | mailing list | source | docs |
🐞 Open [976] 🐞 Fixed [3872] 🐞 Invalid [8354] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
upstream | KASAN: use-after-free Read in decode_session6 | C | done | 152 | 525d | 733d | 21/22 | fixed on 2021/03/10 01:48 |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2021/04/15 14:11 | 15m | alaaemadhossney.ae@gmail.com | upstream | OK |
================================================================== BUG: KASAN: slab-out-of-bounds in decode_session6+0xe7c/0x1580 net/xfrm/xfrm_policy.c:3393 Read of size 1 at addr ffff8880247cb8af by task syz-executor222/8528 CPU: 0 PID: 8528 Comm: syz-executor222 Not tainted 5.10.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xae/0x4c8 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562 decode_session6+0xe7c/0x1580 net/xfrm/xfrm_policy.c:3393 __xfrm_decode_session net/xfrm/xfrm_policy.c:3485 [inline] __xfrm_policy_check+0x2fa/0x2850 net/xfrm/xfrm_policy.c:3540 __xfrm_policy_check2 include/net/xfrm.h:1097 [inline] xfrm_policy_check include/net/xfrm.h:1106 [inline] sctp_rcv+0x12b0/0x2e30 net/sctp/input.c:202 sctp6_rcv+0x22/0x40 net/sctp/ipv6.c:1078 ip6_protocol_deliver_rcu+0x2e8/0x1680 net/ipv6/ip6_input.c:433 ip6_input_finish+0x7f/0x160 net/ipv6/ip6_input.c:474 NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:483 dst_input include/net/dst.h:449 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ipv6_rcv+0x28e/0x3c0 net/ipv6/ip6_input.c:307 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5315 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5429 process_backlog+0x232/0x6c0 net/core/dev.c:6319 napi_poll net/core/dev.c:6763 [inline] net_rx_action+0x4dc/0x1100 net/core/dev.c:6833 __do_softirq+0x2a0/0x9f6 kernel/softirq.c:298 asm_call_irq_on_stack+0xf/0x20 </IRQ> __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 do_softirq kernel/softirq.c:343 [inline] do_softirq+0xb5/0xe0 kernel/softirq.c:330 __local_bh_enable_ip+0xf0/0x110 kernel/softirq.c:195 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline] ip6_finish_output2+0x71f/0x16c0 net/ipv6/ip6_output.c:118 __ip6_finish_output net/ipv6/ip6_output.c:143 [inline] __ip6_finish_output+0x447/0xab0 net/ipv6/ip6_output.c:128 ip6_finish_output+0x34/0x1f0 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_xmit+0x1258/0x1e80 net/ipv6/ip6_output.c:280 sctp_v6_xmit+0xbf3/0xfe0 net/sctp/ipv6.c:223 sctp_packet_transmit+0x1f44/0x32f0 net/sctp/output.c:627 sctp_packet_singleton net/sctp/outqueue.c:773 [inline] sctp_outq_flush_ctrl.constprop.0+0x6d3/0xc40 net/sctp/outqueue.c:904 sctp_outq_flush+0xf3/0x2580 net/sctp/outqueue.c:1186 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1801 [inline] sctp_side_effects net/sctp/sm_sideeffect.c:1185 [inline] sctp_do_sm+0x74e/0x5130 net/sctp/sm_sideeffect.c:1156 sctp_primitive_ASSOCIATE+0x98/0xc0 net/sctp/primitive.c:73 sctp_sendmsg_to_asoc+0xb5b/0x2140 net/sctp/socket.c:1823 sctp_sendmsg+0x103b/0x1d30 net/sctp/socket.c:2013 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:817 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 __sys_sendto+0x21c/0x320 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto net/socket.c:2000 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:2000 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x441759 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffc188919d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007ffc188919f0 RCX: 0000000000441759 RDX: 0000000000034000 RSI: 0000000020847fff RDI: 0000000000000004 RBP: 0000000000000000 R08: 000000002005ffe4 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402f60 R13: 0000000000402ff0 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 1: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:461 kmalloc include/linux/slab.h:557 [inline] tomoyo_realpath_from_path+0xc3/0x620 security/tomoyo/realpath.c:254 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x21b/0x400 security/tomoyo/file.c:822 security_inode_getattr+0xcf/0x140 security/security.c:1279 vfs_getattr fs/stat.c:121 [inline] vfs_statx+0x164/0x390 fs/stat.c:189 vfs_fstatat fs/stat.c:207 [inline] vfs_lstat include/linux/fs.h:3109 [inline] __do_sys_newlstat+0x91/0x110 fs/stat.c:362 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 1: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x102/0x140 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1544 [inline] slab_free_freelist_hook+0x5d/0x150 mm/slub.c:1577 slab_free mm/slub.c:3142 [inline] kfree+0xdb/0x360 mm/slub.c:4124 tomoyo_realpath_from_path+0x191/0x620 security/tomoyo/realpath.c:291 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x21b/0x400 security/tomoyo/file.c:822 security_inode_getattr+0xcf/0x140 security/security.c:1279 vfs_getattr fs/stat.c:121 [inline] vfs_statx+0x164/0x390 fs/stat.c:189 vfs_fstatat fs/stat.c:207 [inline] vfs_lstat include/linux/fs.h:3109 [inline] __do_sys_newlstat+0x91/0x110 fs/stat.c:362 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at ffff8880247ca000 which belongs to the cache kmalloc-4k of size 4096 The buggy address is located 2223 bytes to the right of 4096-byte region [ffff8880247ca000, ffff8880247cb000) The buggy address belongs to the page: page:00000000ecac6d17 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x247c8 head:00000000ecac6d17 order:3 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head) raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010042140 raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880247cb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8880247cb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8880247cb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880247cb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8880247cb980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================
Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Title |
---|---|---|---|---|---|---|---|---|---|---|---|
ci-upstream-net-kasan-gce | 2020/11/01 14:29 | net-next | c43fd36f7fec | 8bc4594f | .config | log | report | syz | C | ||
ci-upstream-kasan-gce-root | 2022/02/25 14:54 | upstream | 53ab78cd6d5a | 7c337266 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-kasan-gce-root | 2021/10/24 18:40 | upstream | 6c62666d8879 | 282f03fb | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-kasan-gce-selinux-root | 2021/10/19 01:12 | upstream | 519d81956ee2 | 24dc29db | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-kasan-gce | 2021/09/11 18:53 | upstream | c605c39677b9 | 5ae8508a | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-kasan-gce | 2021/09/08 12:33 | upstream | ac08b1c68d1b | e2776ee4 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-kasan-gce-selinux-root | 2021/07/23 03:32 | upstream | 9bead1b58c4c | bc5f1d88 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-qemu-upstream-386 | 2021/11/04 22:41 | upstream | 7ddb58cb0eca | 4c1be0be | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-kasan-gce-386 | 2021/08/30 14:12 | upstream | 7d2a07b76933 | 8f58a0ef | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2022/01/19 02:01 | net | 2836615aa22d | 731a2d23 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/26 15:14 | net | 49573ff7830b | 63eeac02 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/25 09:07 | net | ac132852147a | 545ab074 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/22 10:29 | net | f9390b249c90 | 4eb20a4e | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/11 07:44 | net | 0315a075f134 | 75b04091 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/04 06:38 | net | 92f62485b371 | 4c1be0be | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/10/20 15:08 | net | ba69fd9101f2 | 418a00eb | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/10/09 08:45 | net | be0499369d63 | efe0f24d | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/07/31 06:26 | net | 8d67041228ac | 6c236867 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/12/03 08:53 | net-next | fc993be36f9e | 61f86278 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/11/22 00:20 | net-next | 89f971182417 | 4eb20a4e | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/11/05 14:15 | net-next | cc0356d6a02e | 4c1be0be | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/11/03 08:03 | net-next | cc0356d6a02e | 17f3edd2 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/09/29 00:17 | net-next | b69c99463d41 | d82cb927 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/09/28 17:47 | net-next | b69c99463d41 | d82cb927 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/09/12 09:31 | net-next | 626bf91a292e | 5ae8508a | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/08/24 16:37 | net-next | faf482ca196a | b599f2fc | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/08/09 01:51 | net-next | 82564f6c706a | 6972b106 | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/07/20 08:33 | net-next | 0d6835ffe50c | bc48c9ab | .config | log | report | info | KASAN: slab-out-of-bounds Read in decode_session6 | ||
ci-qemu-upstream | 2022/06/23 08:12 | upstream | de5c208d533a | 912f5df7 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-kasan-gce-root | 2022/03/29 16:08 | upstream | 1930a6e739c4 | 6bdac766 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-kasan-gce-root | 2022/03/28 00:23 | upstream | f82da161ea75 | 89bc8608 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-kasan-gce-root | 2021/11/05 06:13 | upstream | d4439a1189f9 | 4c1be0be | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-kasan-gce | 2021/08/05 09:43 | upstream | 251a1524293d | 7f7bb950 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-kasan-gce-selinux-root | 2020/12/14 00:06 | upstream | 6bff9bb8a292 | b22a7ec3 | .config | log | report | info | |||
ci-upstream-kasan-gce-386 | 2021/11/12 03:06 | upstream | ca2ef2d9f2aa | 75b04091 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2022/01/06 05:04 | net | 502a2ce9cdf4 | 6acc789a | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/29 08:34 | net | c5c17547b778 | 63eeac02 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/18 21:43 | net | c7521d3aa2fa | 31a30fc0 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/11/03 14:04 | net | db2434343b2c | 4c1be0be | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/10/31 06:45 | net | 6de6e46d27ef | 098b5d53 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/10/27 14:52 | net | 440ffcdd9db4 | 373bf66b | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/10/05 23:44 | net | a56d447f196f | 0a63fd36 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/09/01 11:40 | net | 57f780f1c433 | 7eb7e152 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/08/29 09:22 | net | 2619835e31cb | be2c130d | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2021/08/20 20:11 | net | a8f89fa27773 | b599f2fc | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-this-kasan-gce | 2020/06/24 22:18 | net | b835a71ef64a | 54566aff | .config | log | report | ||||
ci-upstream-net-kasan-gce | 2022/06/03 13:29 | net-next | 58f9d52ff689 | eee80d3c | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2022/01/12 21:23 | net-next | fe8152b38d3a | 44d1319a | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/12/01 00:28 | net-next | 72a2ff567fc3 | 80270552 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/11/29 21:33 | net-next | 2f7ed29f2c54 | d0830353 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/11/02 01:02 | net-next | c07c6e8eb4b3 | 098b5d53 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/10/28 13:15 | net-next | 911e3a46fb38 | be531bb4 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/10/04 00:24 | net-next | 0693b27644f0 | db0f5787 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/08/28 11:44 | net-next | 4baf0e0b3298 | d5a29e53 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/08/20 07:56 | net-next | 5c8a2bb48159 | b599f2fc | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-net-kasan-gce | 2021/08/14 08:04 | net-next | b697d9d38a5a | 2489ab88 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 | ||
ci-upstream-linux-next-kasan-gce-root | 2021/09/08 14:09 | linux-next | 999569d59a0a | e2776ee4 | .config | log | report | info | KASAN: use-after-free Read in decode_session6 |