Title | Replies (including bot) | Last reply |
---|---|---|
KASAN: use-after-free Read in nr_release (2) | 0 (1) | 2019/08/29 11:28 |
syzbot |
sign-in | mailing list | source | docs |
Title | Replies (including bot) | Last reply |
---|---|---|
KASAN: use-after-free Read in nr_release (2) | 0 (1) | 2019/08/29 11:28 |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
linux-4.19 | KASAN: use-after-free Read in nr_release | C | 327 | 580d | 1882d | 0/1 | upstream: reported C repro on 2019/08/10 01:07 | ||
upstream | KASAN: use-after-free Read in nr_release hams | C | done | 25 | 1866d | 1945d | 12/28 | fixed on 2019/08/27 17:15 | |
linux-4.14 | KASAN: use-after-free Read in nr_release | C | 117 | 581d | 1879d | 0/1 | upstream: reported C repro on 2019/08/13 12:20 |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2023/04/12 22:11 | 19m | retest repro | linux-next | OK log | |
2023/04/12 19:11 | 19m | retest repro | linux-next | OK log | |
2023/04/12 17:11 | 19m | retest repro | linux-next | OK log | |
2023/04/02 02:32 | 27m | retest repro | upstream | OK log | |
2022/12/23 00:31 | 14m | retest repro | upstream | report log | |
2022/12/22 17:31 | 19m | retest repro | upstream | OK log | |
2022/12/17 17:31 | 20m | retest repro | linux-next | report log | |
2022/12/17 13:31 | 19m | retest repro | linux-next | report log | |
2022/12/17 09:31 | 20m | retest repro | linux-next | report log | |
2022/09/13 20:27 | 16m | retest repro | upstream | report log |
================================================================== BUG: KASAN: use-after-free in atomic_read include/asm-generic/atomic-instrumented.h:26 [inline] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x81/0x200 lib/refcount.c:123 Read of size 4 at addr ffff8880a9ba4500 by task syz-executor.4/10058 CPU: 0 PID: 10058 Comm: syz-executor.4 Not tainted 5.3.0+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:634 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 __kasan_check_read+0x11/0x20 mm/kasan/common.c:92 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline] refcount_inc_not_zero_checked+0x81/0x200 lib/refcount.c:123 refcount_inc_checked+0x17/0x70 lib/refcount.c:156 sock_hold include/net/sock.h:649 [inline] nr_release+0x62/0x3e0 net/netrom/af_netrom.c:520 __sock_release+0xce/0x280 net/socket.c:590 sock_close+0x1e/0x30 net/socket.c:1268 __fput+0x2ff/0x890 fs/file_table.c:280 ____fput+0x16/0x20 fs/file_table.c:313 task_work_run+0x145/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:274 [inline] do_syscall_64+0x65f/0x760 arch/x86/entry/common.c:300 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x413711 Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007fff0a69fe80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000413711 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff R10: 00007fff0a69ff60 R11: 0000000000000293 R12: 000000000075c9a0 R13: 000000000075c9a0 R14: 0000000000760c38 R15: 000000000075c124 Allocated by task 10059: save_stack+0x23/0x90 mm/kasan/common.c:69 set_track mm/kasan/common.c:77 [inline] __kasan_kmalloc mm/kasan/common.c:510 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:483 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:524 __do_kmalloc mm/slab.c:3655 [inline] __kmalloc+0x163/0x770 mm/slab.c:3664 kmalloc include/linux/slab.h:557 [inline] sk_prot_alloc+0x23a/0x310 net/core/sock.c:1603 sk_alloc+0x39/0xf70 net/core/sock.c:1657 nr_create+0xb9/0x5e0 net/netrom/af_netrom.c:433 __sock_create+0x3d8/0x730 net/socket.c:1418 sock_create net/socket.c:1469 [inline] __sys_socket+0x103/0x220 net/socket.c:1511 __do_sys_socket net/socket.c:1520 [inline] __se_sys_socket net/socket.c:1518 [inline] __x64_sys_socket+0x73/0xb0 net/socket.c:1518 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 10058: save_stack+0x23/0x90 mm/kasan/common.c:69 set_track mm/kasan/common.c:77 [inline] kasan_set_free_info mm/kasan/common.c:332 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/common.c:471 kasan_slab_free+0xe/0x10 mm/kasan/common.c:480 __cache_free mm/slab.c:3425 [inline] kfree+0x10a/0x2c0 mm/slab.c:3756 sk_prot_free net/core/sock.c:1640 [inline] __sk_destruct+0x4f7/0x6e0 net/core/sock.c:1726 sk_destruct+0x86/0xa0 net/core/sock.c:1734 __sk_free+0xfb/0x360 net/core/sock.c:1745 sk_free+0x42/0x50 net/core/sock.c:1756 sock_put include/net/sock.h:1725 [inline] nr_release+0x356/0x3e0 net/netrom/af_netrom.c:554 __sock_release+0xce/0x280 net/socket.c:590 sock_close+0x1e/0x30 net/socket.c:1268 __fput+0x2ff/0x890 fs/file_table.c:280 ____fput+0x16/0x20 fs/file_table.c:313 task_work_run+0x145/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:274 [inline] do_syscall_64+0x65f/0x760 arch/x86/entry/common.c:300 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8880a9ba4480 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 128 bytes inside of 2048-byte region [ffff8880a9ba4480, ffff8880a9ba4c80) The buggy address belongs to the page: page:ffffea0002a6e900 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0 flags: 0x1fffc0000010200(slab|head) raw: 01fffc0000010200 ffffea000239d608 ffffea000238c408 ffff8880aa400e00 raw: 0000000000000000 ffff8880a9ba4480 0000000100000003 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a9ba4400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8880a9ba4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880a9ba4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880a9ba4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880a9ba4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2019/09/27 04:57 | upstream | cbafe18c7102 | 2f1548bc | .config | console log | report | syz | ci-upstream-kasan-gce-root | ||||
2019/09/27 01:52 | upstream | cbafe18c7102 | 2f1548bc | .config | console log | report | syz | ci-upstream-kasan-gce-root | ||||
2019/08/28 21:23 | upstream | 6525771f58cb | fd37b39e | .config | console log | report | syz | ci-upstream-kasan-gce-root | ||||
2019/09/30 19:13 | linux-next | 8b0eed9f6e36 | c7a4fb99 | .config | console log | report | syz | ci-upstream-linux-next-kasan-gce-root | ||||
2019/09/18 15:35 | linux-next | a4b5b2e06e42 | c2dcd700 | .config | console log | report | syz | ci-upstream-linux-next-kasan-gce-root | ||||
2019/08/29 01:05 | linux-next | ed2393ca0910 | fd37b39e | .config | console log | report | syz | ci-upstream-linux-next-kasan-gce-root | ||||
2019/11/27 04:22 | upstream | be2eca94d144 | 1048481f | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/11/24 05:39 | upstream | 6b8a79467876 | 598ca6c8 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/11/23 05:29 | upstream | a6b0373ffcd8 | 598ca6c8 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/11/19 11:51 | upstream | af42d3466bdc | 5bc70212 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/11/19 06:22 | upstream | af42d3466bdc | 5bc70212 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/11/16 14:29 | upstream | 6c9594bdd474 | d5696d51 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/11/12 07:30 | upstream | de620fb99ef2 | 048f2d49 | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2019/11/10 18:45 | upstream | 00aff6836241 | dc438b91 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/11/10 10:01 | upstream | 00aff6836241 | dc438b91 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/11/07 23:40 | upstream | 847120f859cc | f39aff9e | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/11/06 19:12 | upstream | 26bc67213424 | da505f84 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/11/06 16:48 | upstream | 26bc67213424 | da505f84 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/11/03 07:50 | upstream | 9d2345057538 | a41ca8fa | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/30 13:59 | upstream | 23fdb198ae81 | 5ea87a66 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/30 08:35 | upstream | 23fdb198ae81 | 5ea87a66 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/30 02:49 | upstream | 23fdb198ae81 | 5ea87a66 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/29 18:58 | upstream | 23fdb198ae81 | 5ea87a66 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/29 17:13 | upstream | 8005803a2ca0 | 5ea87a66 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/10/25 22:58 | upstream | 39a38bcba4ab | c2e837da | .config | console log | report | ci-upstream-kasan-gce-smack-root | |||||
2019/10/14 00:18 | upstream | da94001239cc | 2f661ec4 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/10 11:31 | upstream | 8a8c600de5dc | a4efa8c0 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/10/09 04:40 | upstream | d5001955c281 | b1ebbfef | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/10/06 05:55 | upstream | 4ea655343ce4 | f3f7d9c8 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/05 00:29 | upstream | b145b0eb2031 | f3f7d9c8 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/10/04 01:31 | upstream | cc3a7bfe62b9 | fc17ba49 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/10/03 15:52 | upstream | 0f1a7b3fac05 | fc17ba49 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/10/02 12:39 | upstream | 54ecb8f7028c | 2e29b534 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/01 07:26 | upstream | 54ecb8f7028c | c7a4fb99 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/09/28 11:49 | upstream | 8f744bdee4fe | d8074e0b | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/09/28 02:07 | upstream | 8f744bdee4fe | d8074e0b | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/09/22 04:11 | upstream | 227c3e9eb5cf | d96e88f3 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
2019/09/06 02:23 | upstream | 3b47fd5ca9ea | 040fda58 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/08/30 10:12 | upstream | 6525771f58cb | fd37b39e | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/08/28 20:09 | upstream | 6525771f58cb | fd37b39e | .config | console log | report | ci-upstream-kasan-gce-root | |||||
2019/10/25 22:08 | net-next-old | 503a64635d5e | c2e837da | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2019/11/25 17:16 | linux-next | c165016bac27 | 371caf77 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/11/23 23:09 | linux-next | b9d3d0140506 | 598ca6c8 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/11/14 05:19 | linux-next | 4e8f108c3af2 | 048f2d49 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/11/07 02:38 | linux-next | dcd34bd23418 | da505f84 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/10/21 02:02 | linux-next | c4b9850b3676 | 8c88c9c1 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/10/20 11:57 | linux-next | c4b9850b3676 | 8c88c9c1 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/10/18 01:57 | linux-next | 3ef845da3c3b | 8c88c9c1 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/10/17 13:03 | linux-next | 3ef845da3c3b | 8c88c9c1 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/10/15 10:03 | linux-next | 0e9d28bc6c81 | 05ad7292 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/10/10 22:49 | linux-next | 4a9e93dbc796 | 1a3bad90 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/10/04 16:43 | linux-next | 311ef88adfa3 | 3e1e84d4 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/09/27 10:56 | linux-next | bb2aee77c82d | 2f1548bc | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/09/19 16:54 | linux-next | eb2f12732f67 | eb940044 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/09/19 08:22 | linux-next | 288b9117de5c | 46c0be24 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
2019/09/18 14:12 | linux-next | a4b5b2e06e42 | c2dcd700 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root |