syzbot

 sign-in | mailing list | source | docs
🐞 Open [1513]
Subsystems
🐞 Fixed [6633]
🐞 Invalid [17000]
Missing Backports [212]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-out-of-bounds Write in __unwind_start (2)

Status: closed as invalid on 2017/12/19 12:34
Subsystems: hardening
[Documentation on labels]
Reported-by: syzbot+5ad464715445efda92db249a5c38e3059767dfdb@syzkaller.appspotmail.com
First crash: 2863d, last: 2862d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Write in __unwind_start hardening 23 1 2865d 2865d 0/29 closed as invalid on 2017/12/05 10:45

Sample crash report:
attempt to access beyond end of device
unknown-block(7,0): rw=0, want=0, limit=256
attempt to access beyond end of device
unknown-block(7,0): rw=0, want=0, limit=256
==================================================================
BUG: KASAN: slab-out-of-bounds in memset include/linux/string.h:326 [inline]
BUG: KASAN: slab-out-of-bounds in __unwind_start+0x2d/0x330 arch/x86/kernel/unwind_frame.c:389
Write of size 88 at addr ffff8801d250fe98 by task loop0/3865

CPU: 1 PID: 3865 Comm: loop0 Not tainted 4.15.0-rc2+ #210
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

Allocated by task 2169817619:
(stack is not available)

Freed by task 2278480280:
(stack is not available)

The buggy address belongs to the object at ffff8801d250e800
 which belongs to the cache kmalloc-4096 of size 4096
The buggy address is located 1688 bytes to the right of
 4096-byte region [ffff8801d250e800, ffff8801d250f800)
The buggy address belongs to the page:
page:00000000c9ed0821 count:1 mapcount:0 mapping:00000000514eb3e6 index:0x0 compound_mapcount: 0
flags: 0x2fffc0000008100(slab|head)
raw: 02fffc0000008100 ffff8801d250e800 0000000000000000 0000000100000001
raw: ffffea000762e420 ffffea0007466820 ffff8801db000dc0 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801d250fd80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d250fe00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
>ffff8801d250fe80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
                            ^
 ffff8801d250ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d250ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 3865 Comm: loop0 Tainted: G    B            4.15.0-rc2+ #210
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/07 07:04 upstream e56d565d67ae 5d643f8e .config console log report ci-upstream-kasan-gce
2017/12/07 02:57 linux-next d5c52866f560 5d643f8e .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.