Title | Replies (including bot) | Last reply |
---|---|---|
KASAN: use-after-free Read in path_init (2) | 0 (2) | 2020/08/12 21:28 |
[PATCH] Re: KASAN: use-after-free Read in path_init (2) | 4 (4) | 2020/08/12 17:23 |
syzbot |
sign-in | mailing list | source | docs |
Title | Replies (including bot) | Last reply |
---|---|---|
KASAN: use-after-free Read in path_init (2) | 0 (2) | 2020/08/12 21:28 |
[PATCH] Re: KASAN: use-after-free Read in path_init (2) | 4 (4) | 2020/08/12 17:23 |
================================================================== BUG: KASAN: use-after-free in path_init+0x116b/0x13c0 fs/namei.c:2207 Read of size 8 at addr ffff8880a0508700 by task syz-executor159/6828 CPU: 1 PID: 6828 Comm: syz-executor159 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xae/0x497 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 path_init+0x116b/0x13c0 fs/namei.c:2207 path_parentat+0x22/0x1b0 fs/namei.c:2384 filename_parentat+0x188/0x560 fs/namei.c:2407 do_rmdir+0xa8/0x440 fs/namei.c:3732 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x4403e9 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fff37be5c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 RAX: ffffffffffffffda RBX: 69662f7375622f2e RCX: 00000000004403e9 RDX: 00000000004403e9 RSI: 00000000004403e9 RDI: 0000000020000080 RBP: 2f31656c69662f2e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401bf0 R13: 0000000000401c80 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 6828: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:461 slab_post_alloc_hook mm/slab.h:518 [inline] slab_alloc mm/slab.c:3312 [inline] kmem_cache_alloc+0x138/0x3a0 mm/slab.c:3482 getname_flags.part.0+0x50/0x4f0 fs/namei.c:138 getname_flags include/linux/audit.h:320 [inline] getname fs/namei.c:209 [inline] __do_sys_rmdir fs/namei.c:3783 [inline] __se_sys_rmdir fs/namei.c:3781 [inline] __x64_sys_rmdir+0xb1/0x100 fs/namei.c:3781 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 6828: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0xd8/0x120 mm/kasan/common.c:422 __cache_free mm/slab.c:3418 [inline] kmem_cache_free.part.0+0x67/0x1f0 mm/slab.c:3693 putname+0xe1/0x120 fs/namei.c:259 do_rmdir+0x145/0x440 fs/namei.c:3773 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at ffff8880a0508700 which belongs to the cache names_cache of size 4096 The buggy address is located 0 bytes inside of 4096-byte region [ffff8880a0508700, ffff8880a0509700) The buggy address belongs to the page: page:00000000585345a4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa0508 head:00000000585345a4 order:1 compound_mapcount:0 flags: 0xfffe0000010200(slab|head) raw: 00fffe0000010200 ffffea0002832d88 ffff8880aa247150 ffff8880aa241900 raw: 0000000000000000 ffff8880a0508700 0000000100000001 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a0508600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8880a0508680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8880a0508700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880a0508780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880a0508800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2020/08/12 21:35 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | C | ci-upstream-kasan-gce-selinux-root | |||
2020/08/12 21:30 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | C | ci-upstream-kasan-gce-smack-root | |||
2020/08/12 21:27 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | C | ci-upstream-kasan-gce-root | |||
2020/08/12 21:34 | linux-next | bc09acc9f224 | bc15f7db | .config | console log | report | syz | C | ci-upstream-linux-next-kasan-gce-root | |||
2020/08/13 14:02 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | ci-upstream-kasan-gce-selinux-root | ||||
2020/08/13 13:33 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | ci-upstream-kasan-gce-selinux-root | ||||
2020/08/13 13:03 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | ci-upstream-kasan-gce-selinux-root | ||||
2020/08/12 23:45 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | ci-upstream-kasan-gce-smack-root | ||||
2020/08/12 23:26 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | ci-upstream-kasan-gce-smack-root | ||||
2020/08/12 23:07 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | syz | ci-upstream-kasan-gce-smack-root | ||||
2020/08/11 06:51 | upstream | fc80c51fd4b2 | 7adc7b65 | .config | console log | report | syz | ci-upstream-kasan-gce-selinux-root | ||||
2020/08/10 08:05 | upstream | 9420f1ce0186 | 70301872 | .config | console log | report | syz | ci-upstream-kasan-gce-smack-root | ||||
2020/08/09 22:52 | upstream | 06a81c1c7db9 | 70301872 | .config | console log | report | syz | ci-upstream-kasan-gce-root | ||||
2020/08/09 22:48 | upstream | 06a81c1c7db9 | 70301872 | .config | console log | report | syz | ci-upstream-kasan-gce-smack-root | ||||
2020/08/09 11:24 | upstream | 06a81c1c7db9 | f721e4a0 | .config | console log | report | syz | ci-upstream-kasan-gce-smack-root | ||||
2020/08/08 05:02 | upstream | 5631c5e0eb90 | ff51e522 | .config | console log | report | syz | ci-upstream-kasan-gce-selinux-root | ||||
2020/08/13 05:28 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/08/12 21:47 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/08/12 21:10 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2020/08/12 21:08 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/08/12 21:08 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/08/12 21:03 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2020/08/09 22:29 | upstream | 06a81c1c7db9 | 70301872 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2020/08/09 22:27 | upstream | 06a81c1c7db9 | 70301872 | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2020/08/08 03:13 | upstream | 5631c5e0eb90 | ff51e522 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2020/08/13 06:29 | linux-next | bc09acc9f224 | bc15f7db | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2020/08/13 05:27 | linux-next | bc09acc9f224 | bc15f7db | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2020/08/12 21:47 | linux-next | bc09acc9f224 | bc15f7db | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2020/08/12 21:10 | linux-next | bc09acc9f224 | bc15f7db | .config | console log | report | ci-upstream-linux-next-kasan-gce-root |