| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-49 | KASAN: use-after-free Read in ip6t_do_table | C | 18 | 1606d | 1651d | 0/3 | public: reported C repro on 2019/10/12 03:56 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
================================================================== BUG: KASAN: use-after-free in ifname_compare_aligned include/linux/netfilter/x_tables.h:362 [inline] BUG: KASAN: use-after-free in ip6_packet_match net/ipv6/netfilter/ip6_tables.c:124 [inline] BUG: KASAN: use-after-free in ip6t_do_table+0x1545/0x1860 net/ipv6/netfilter/ip6_tables.c:382 Read of size 8 at addr ffff8800b34d8000 by task syz-executor989/21047 CPU: 0 PID: 21047 Comm: syz-executor989 Not tainted 4.4.174+ #4 0000000000000000 adfb16523933f3e9 ffff8801d0cd70a8 ffffffff81aad1a1 0000000000000000 ffffea0002cd3600 ffff8800b34d8000 0000000000000008 dffffc0000000000 ffff8801d0cd70e0 ffffffff81490120 0000000000000000 Call Trace: [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<ffffffff81490120>] print_address_description+0x6f/0x21b mm/kasan/report.c:252 [<ffffffff81490358>] kasan_report_error mm/kasan/report.c:351 [inline] [<ffffffff81490358>] kasan_report mm/kasan/report.c:408 [inline] [<ffffffff81490358>] kasan_report.cold+0x8c/0x2be mm/kasan/report.c:393 [<ffffffff81484ed4>] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429 [<ffffffff82685b15>] ifname_compare_aligned include/linux/netfilter/x_tables.h:362 [inline] [<ffffffff82685b15>] ip6_packet_match net/ipv6/netfilter/ip6_tables.c:124 [inline] [<ffffffff82685b15>] ip6t_do_table+0x1545/0x1860 net/ipv6/netfilter/ip6_tables.c:382 [<ffffffff8268e316>] ip6t_mangle_out net/ipv6/netfilter/ip6table_mangle.c:60 [inline] [<ffffffff8268e316>] ip6table_mangle_hook+0x2d6/0x710 net/ipv6/netfilter/ip6table_mangle.c:82 [<ffffffff822f84a6>] nf_iterate+0x186/0x220 net/netfilter/core.c:274 [<ffffffff822f86f6>] nf_hook_slow+0x1b6/0x340 net/netfilter/core.c:306 [<ffffffff826bf429>] nf_hook_thresh include/linux/netfilter.h:187 [inline] [<ffffffff826bf429>] nf_hook include/linux/netfilter.h:197 [inline] [<ffffffff826bf429>] __ip6_local_out+0x309/0x4b0 net/ipv6/output_core.c:157 [<ffffffff826bf5f9>] ip6_local_out+0x29/0x180 net/ipv6/output_core.c:167 [<ffffffff825b28c2>] ip6_send_skb+0xa2/0x340 net/ipv6/ip6_output.c:1725 [<ffffffff82611618>] udp_v6_send_skb+0x438/0xe90 net/ipv6/udp.c:1066 [<ffffffff826122b5>] udp_v6_push_pending_frames+0x245/0x360 net/ipv6/udp.c:1098 [<ffffffff82613ee7>] udpv6_sendmsg+0x1a37/0x24f0 net/ipv6/udp.c:1358 [<ffffffff824a8b42>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline] [<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648 [<ffffffff821d9e69>] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [<ffffffff821dd2e0>] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [<ffffffff821dd4c5>] SYSC_sendmmsg net/socket.c:2090 [inline] [<ffffffff821dd4c5>] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a The buggy address belongs to the page: page:ffffea0002cd3600 count:0 mapcount:-127 mapping: (null) index:0x0 flags: 0x0() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8800b34d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800b34d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8800b34d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8800b34d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8800b34d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/11/22 06:31 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8098ea0f | .config | console log | report | syz | C | ci-android-44-kasan-gce | |||
| 2019/10/14 01:55 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 2f661ec4 | .config | console log | report | syz | C | ci-android-44-kasan-gce | |||
| 2019/11/22 06:45 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8098ea0f | .config | console log | report | syz | C | ci-android-44-kasan-gce-386 | |||
| 2019/10/30 19:56 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 5ea87a66 | .config | console log | report | syz | C | ci-android-44-kasan-gce-386 | |||
| 2019/10/30 17:09 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 5ea87a66 | .config | console log | report | syz | ci-android-44-kasan-gce | ||||
| 2019/10/13 23:20 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 2f661ec4 | .config | console log | report | syz | ci-android-44-kasan-gce-386 | ||||
| 2019/11/22 14:43 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 598ca6c8 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/11/20 01:08 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 5bc70212 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/11/17 15:14 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | d5696d51 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/10/21 09:05 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8c88c9c1 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/10/21 08:05 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8c88c9c1 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/10/20 09:22 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8c88c9c1 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/10/16 19:48 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8c88c9c1 | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/10/16 12:45 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | d4ea592f | .config | console log | report | ci-android-44-kasan-gce | |||||
| 2019/11/05 13:49 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 0f3ec414 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/11/04 05:47 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | b35fad31 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/10/25 22:04 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | c2e837da | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/10/19 17:35 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8c88c9c1 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/10/17 05:47 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 8c88c9c1 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/10/14 19:42 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 05ad7292 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/10/13 22:50 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 2f661ec4 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2019/07/15 23:28 | https://android.googlesource.com/kernel/common android-4.4 | 62872f952d6b | 139ac68a | .config | console log | report | ci-android-44-kasan-gce-386 |