syzbot

 sign-in | mailing list | source | docs
🐞 Open [978] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12492] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: use-after-free Write in __unwind_start

Status: closed as invalid on 2018/02/01 12:06
Subsystems: hardening
[Documentation on labels]
Reported-by: syzbot+196d940ec1e07591e4e4ca2e7e7af4c0d2534345@syzkaller.appspotmail.com
First crash: 2328d, last: 2328d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Write in __unwind_start (2) hardening C 1 2244d 2244d 0/26 closed as invalid on 2018/03/02 10:58
upstream KASAN: use-after-free Write in __unwind_start (3) selinux 1 2220d 2216d 0/26 closed as invalid on 2018/07/17 14:22

Sample crash report:
print_req_error: I/O error, dev loop0, sector 0
print_req_error: I/O error, dev loop0, sector 0
print_req_error: I/O error, dev loop0, sector 0
print_req_error: I/O error, dev loop0, sector 0
==================================================================
BUG: KASAN: use-after-free in memset include/linux/string.h:326 [inline]
BUG: KASAN: use-after-free in __unwind_start+0x2d/0x330 arch/x86/kernel/unwind_frame.c:389
Write of size 88 at addr ffff8801cd04fe98 by task loop0/26991

CPU: 1 PID: 26991 Comm: loop0 Not tainted 4.15.0-rc2-next-20171208+ #63
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

Allocated by task 0:
(stack is not available)

Freed by task 0:
(stack is not available)

The buggy address belongs to the object at ffff8801cd04fe80
 which belongs to the cache kmalloc-96 of size 96
The buggy address is located 24 bytes inside of
 96-byte region [ffff8801cd04fe80, ffff8801cd04fee0)
The buggy address belongs to the page:
page:0000000038bb6d4b count:1 mapcount:0 mapping:000000000e839e90 index:0x0
flags: 0x2fffc0000000100(slab)
raw: 02fffc0000000100 ffff8801cd04f000 0000000000000000 0000000100000020
raw: ffffea00073bfba0 ffffea00076330e0 ffff8801dac004c0 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801cd04fd80: fb fb fb fb 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801cd04fe00: 00 00 00 00 00 00 00 00 fb fb fb fb fc fc fc fc
>ffff8801cd04fe80: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00
                            ^
 ffff8801cd04ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801cd04ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 26991 Comm: loop0 Tainted: G    B            4.15.0-rc2-next-20171208+ #63
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/08 08:35 linux-next ad4dac17f9d5 5d643f8e .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.