KASAN: out-of-bounds Read in __dev_queue_xmit
已查看 6 次
跳至第一个未读帖子
syzbot
2019年4月14日 04:52:122019/4/14
收件人 syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 57de59b3 UPSTREAM: virt_wifi: fix error return code in vir..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=13762950c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5a0d66ca5b6245f9
dashboard link: https://syzkaller.appspot.com/bug?extid=a0b53e808111ec98a630
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a0b53e...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: out-of-bounds in __dev_queue_xmit+0x16bb/0x1cd0
net/core/dev.c:3483
Read of size 4 at addr ffff8881d4c0c20c by task syz-executor.3/15762
CPU: 1 PID: 15762 Comm: syz-executor.3 Not tainted 4.14.98+ #7
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
print_address_description+0x60/0x226 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0x88/0x2a5 mm/kasan/report.c:393
The buggy address belongs to the page:
page:ffffea0007530300 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x4000000000000000()
raw: 4000000000000000 0000000000000000 0000000000000000 00000001ffffffff
raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881d4c0c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881d4c0c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffff8881d4c0c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
ffff8881d4c0c280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881d4c0c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 57de59b3 UPSTREAM: virt_wifi: fix error return code in vir..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=13762950c00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5a0d66ca5b6245f9
dashboard link: https://syzkaller.appspot.com/bug?extid=a0b53e808111ec98a630
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a0b53e...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: out-of-bounds in __dev_queue_xmit+0x16bb/0x1cd0
net/core/dev.c:3483
Read of size 4 at addr ffff8881d4c0c20c by task syz-executor.3/15762
CPU: 1 PID: 15762 Comm: syz-executor.3 Not tainted 4.14.98+ #7
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
print_address_description+0x60/0x226 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0x88/0x2a5 mm/kasan/report.c:393
The buggy address belongs to the page:
page:ffffea0007530300 count:1 mapcount:0 mapping: (null) index:0x0
flags: 0x4000000000000000()
raw: 4000000000000000 0000000000000000 0000000000000000 00000001ffffffff
raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881d4c0c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881d4c0c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffff8881d4c0c200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
ffff8881d4c0c280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881d4c0c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
2019年8月8日 00:58:032019/8/8
收件人 syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
回复全部
回复作者
转发
0 个新帖子