KASAN: invalid-access Read in virtblk_request_done
13 views
Skip to first unread message
syzbot
Mar 25, 2021, 12:40:20 AM3/25/21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 812da4d3 Merge tag 'riscv-for-linus-5.12-rc4' of git://git..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12a53506d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f182846508fae0f
dashboard link: https://syzkaller.appspot.com/bug?extid=90d2a568a265f3050f6e
userspace arch: arm64
CC: [bro...@kernel.org catalin...@arm.com linux-ar...@lists.infradead.org linux-...@vger.kernel.org mark.r...@arm.com mbe...@suse.cz wi...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+90d2a5...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: invalid-access in memcg_slab_free_hook mm/slab.h:364 [inline]
BUG: KASAN: invalid-access in memcg_slab_free_hook mm/slab.h:336 [inline]
BUG: KASAN: invalid-access in do_slab_free mm/slub.c:3117 [inline]
BUG: KASAN: invalid-access in slab_free mm/slub.c:3162 [inline]
BUG: KASAN: invalid-access in kfree+0x184/0x4d0 mm/slub.c:4213
Read at addr f0ff000020629078 by task syz-executor.1/14287
Pointer tag: [f0], memory tag: [fe]
CPU: 1 PID: 14287 Comm: syz-executor.1 Not tainted 5.12.0-rc3-syzkaller-00220-g812da4d39463 #0
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x0/0x1b0 arch/arm64/kernel/stacktrace.c:112
show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0xd0/0x12c lib/dump_stack.c:120
print_address_description+0x70/0x29c mm/kasan/report.c:232
__kasan_report mm/kasan/report.c:399 [inline]
kasan_report+0x134/0x380 mm/kasan/report.c:416
report_tag_fault arch/arm64/mm/fault.c:324 [inline]
do_tag_recovery arch/arm64/mm/fault.c:336 [inline]
__do_kernel_fault+0x1a8/0x1dc arch/arm64/mm/fault.c:378
do_bad_area arch/arm64/mm/fault.c:474 [inline]
do_tag_check_fault+0x74/0x90 arch/arm64/mm/fault.c:729
do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
memcg_slab_free_hook mm/slab.h:364 [inline]
memcg_slab_free_hook mm/slab.h:336 [inline]
do_slab_free mm/slub.c:3117 [inline]
slab_free mm/slub.c:3162 [inline]
kfree+0x184/0x4d0 mm/slub.c:4213
virtblk_request_done+0x84/0x90 drivers/block/virtio_blk.c:167
blk_mq_complete_request block/blk-mq.c:679 [inline]
blk_mq_complete_request+0x34/0x4c block/blk-mq.c:676
virtblk_done+0x70/0x140 drivers/block/virtio_blk.c:190
vring_interrupt drivers/virtio/virtio_ring.c:2049 [inline]
vring_interrupt+0x64/0xac drivers/virtio/virtio_ring.c:2035
__handle_irq_event_percpu+0x54/0x170 kernel/irq/handle.c:156
handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
handle_irq_event+0x64/0x140 kernel/irq/handle.c:213
handle_fasteoi_irq+0xa4/0x1f4 kernel/irq/chip.c:714
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
__handle_domain_irq+0x7c/0xe0 kernel/irq/irqdesc.c:689
handle_domain_irq include/linux/irqdesc.h:176 [inline]
gic_handle_irq+0x50/0xd0 drivers/irqchip/irq-gic.c:370
el1_irq+0xb4/0x180 arch/arm64/kernel/entry.S:669
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:37 [inline]
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
_raw_spin_unlock_irq+0x14/0x50 kernel/locking/spinlock.c:199
context_switch kernel/sched/core.c:4325 [inline]
__schedule+0x2dc/0x794 kernel/sched/core.c:5073
preempt_schedule_notrace+0x4c/0x64 kernel/sched/core.c:5312
percpu_ref_put_many include/linux/percpu-refcount.h:320 [inline]
percpu_ref_put include/linux/percpu-refcount.h:338 [inline]
blk_mq_sched_insert_requests+0x108/0x1e0 block/blk-mq-sched.c:493
blk_mq_flush_plug_list+0xf4/0x160 block/blk-mq.c:1942
blk_flush_plug_list+0x38/0x1cc block/blk-core.c:1749
blk_schedule_flush_plug include/linux/blkdev.h:1279 [inline]
io_schedule_prepare kernel/sched/core.c:7177 [inline]
io_schedule_timeout+0x40/0x70 kernel/sched/core.c:7196
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common_io kernel/sched/completion.c:123 [inline]
wait_for_completion_io+0x80/0x114 kernel/sched/completion.c:171
submit_bio_wait+0x5c/0x90 block/bio.c:1149
blkdev_issue_discard+0x78/0xd0 block/blk-lib.c:142
sb_issue_discard include/linux/blkdev.h:1355 [inline]
ext4_issue_discard fs/ext4/mballoc.c:3013 [inline]
ext4_trim_extent fs/ext4/mballoc.c:5675 [inline]
ext4_trim_all_free fs/ext4/mballoc.c:5734 [inline]
ext4_trim_fs+0x3b8/0x594 fs/ext4/mballoc.c:5840
__ext4_ioctl+0x3c0/0x1d70 fs/ext4/ioctl.c:1126
ext4_ioctl+0x38/0x60 fs/ext4/ioctl.c:1332
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl fs/ioctl.c:739 [inline]
__arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:739
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
Allocated by task 4079:
stack_trace_save+0x50/0x80 kernel/stacktrace.c:121
kasan_save_stack+0x28/0x60 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:427 [inline]
____kasan_kmalloc mm/kasan/common.c:506 [inline]
____kasan_kmalloc mm/kasan/common.c:465 [inline]
__kasan_kmalloc+0xc8/0x100 mm/kasan/common.c:515
kasan_kmalloc include/linux/kasan.h:233 [inline]
__kmalloc_node+0x1d8/0x3dc mm/slub.c:4103
kmalloc_array_node include/linux/slab.h:647 [inline]
kcalloc_node include/linux/slab.h:652 [inline]
memcg_alloc_page_obj_cgroups+0x34/0xb0 mm/memcontrol.c:2916
memcg_slab_post_alloc_hook+0xac/0x2d0 mm/slab.h:318
slab_post_alloc_hook mm/slab.h:522 [inline]
slab_alloc_node mm/slub.c:2907 [inline]
slab_alloc mm/slub.c:2915 [inline]
kmem_cache_alloc+0x1dc/0x33c mm/slub.c:2920
sock_alloc_inode+0x20/0x70 net/socket.c:253
alloc_inode+0x28/0xdc fs/inode.c:234
new_inode_pseudo+0x14/0x5c fs/inode.c:928
sock_alloc+0x1c/0x8c net/socket.c:576
__sock_create+0xc0/0x220 net/socket.c:1372
sock_create net/socket.c:1459 [inline]
__sys_socket+0x58/0x110 net/socket.c:1501
__do_sys_socket net/socket.c:1510 [inline]
__se_sys_socket net/socket.c:1508 [inline]
__arm64_sys_socket+0x24/0x34 net/socket.c:1508
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
Freed by task 3291:
stack_trace_save+0x50/0x80 kernel/stacktrace.c:121
kasan_save_stack+0x28/0x60 mm/kasan/common.c:38
kasan_set_track+0x28/0x40 mm/kasan/common.c:46
kasan_set_free_info+0x20/0x30 mm/kasan/hw_tags.c:174
____kasan_slab_free.constprop.0+0x1e0/0x230 mm/kasan/common.c:360
__kasan_slab_free+0x10/0x1c mm/kasan/common.c:367
kasan_slab_free include/linux/kasan.h:199 [inline]
slab_free_hook mm/slub.c:1562 [inline]
slab_free_freelist_hook+0xbc/0x210 mm/slub.c:1600
slab_free mm/slub.c:3161 [inline]
kfree+0x348/0x4d0 mm/slub.c:4213
__vunmap+0x25c/0x330 mm/vmalloc.c:2293
__vfree+0x3c/0x9c mm/vmalloc.c:2333
vfree+0x34/0x50 mm/vmalloc.c:2364
copy_entries_to_user net/ipv4/netfilter/arp_tables.c:712 [inline]
get_entries net/ipv4/netfilter/arp_tables.c:866 [inline]
do_arpt_get_ctl+0x338/0x484 net/ipv4/netfilter/arp_tables.c:1450
nf_getsockopt+0x60/0x8c net/netfilter/nf_sockopt.c:116
ip_getsockopt net/ipv4/ip_sockglue.c:1777 [inline]
ip_getsockopt+0x114/0x184 net/ipv4/ip_sockglue.c:1756
tcp_getsockopt+0x20/0x50 net/ipv4/tcp.c:4239
sock_common_getsockopt+0x1c/0x30 net/core/sock.c:3236
__sys_getsockopt+0xa4/0x210 net/socket.c:2161
__do_sys_getsockopt net/socket.c:2176 [inline]
__se_sys_getsockopt net/socket.c:2173 [inline]
__arm64_sys_getsockopt+0x28/0x40 net/socket.c:2173
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
The buggy address belongs to the object at ffff000020629000
which belongs to the cache kmalloc-128 of size 128
The buggy address is located 120 bytes inside of
128-byte region [ffff000020629000, ffff000020629080)
The buggy address belongs to the page:
page:00000000b59aac49 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60629
memcg:f2ff000020629201
flags: 0x1ffffc000000200(slab)
raw: 01ffffc000000200 0000000000000000 0000000100000001 f8ff000003001200
raw: 0000000000000000 0000000000100010 00000001ffffffff f2ff000020629201
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff000020628e00: fd fd fd fd fd fd fd fd fe fe fe fe fe fe fe fe
ffff000020628f00: f7 f7 f7 f7 f7 f7 f7 f7 fe fe fe fe fe fe fe fe
>ffff000020629000: f0 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
^
ffff000020629100: f8 f8 f8 f8 f8 f8 f8 f8 fe fe fe fe fe fe fe fe
ffff000020629200: f2 f2 f2 f2 f2 f2 f2 f2 fe fe fe fe fe fe fe fe
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 812da4d3 Merge tag 'riscv-for-linus-5.12-rc4' of git://git..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12a53506d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f182846508fae0f
dashboard link: https://syzkaller.appspot.com/bug?extid=90d2a568a265f3050f6e
userspace arch: arm64
CC: [bro...@kernel.org catalin...@arm.com linux-ar...@lists.infradead.org linux-...@vger.kernel.org mark.r...@arm.com mbe...@suse.cz wi...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+90d2a5...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: invalid-access in memcg_slab_free_hook mm/slab.h:364 [inline]
BUG: KASAN: invalid-access in memcg_slab_free_hook mm/slab.h:336 [inline]
BUG: KASAN: invalid-access in do_slab_free mm/slub.c:3117 [inline]
BUG: KASAN: invalid-access in slab_free mm/slub.c:3162 [inline]
BUG: KASAN: invalid-access in kfree+0x184/0x4d0 mm/slub.c:4213
Read at addr f0ff000020629078 by task syz-executor.1/14287
Pointer tag: [f0], memory tag: [fe]
CPU: 1 PID: 14287 Comm: syz-executor.1 Not tainted 5.12.0-rc3-syzkaller-00220-g812da4d39463 #0
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x0/0x1b0 arch/arm64/kernel/stacktrace.c:112
show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0xd0/0x12c lib/dump_stack.c:120
print_address_description+0x70/0x29c mm/kasan/report.c:232
__kasan_report mm/kasan/report.c:399 [inline]
kasan_report+0x134/0x380 mm/kasan/report.c:416
report_tag_fault arch/arm64/mm/fault.c:324 [inline]
do_tag_recovery arch/arm64/mm/fault.c:336 [inline]
__do_kernel_fault+0x1a8/0x1dc arch/arm64/mm/fault.c:378
do_bad_area arch/arm64/mm/fault.c:474 [inline]
do_tag_check_fault+0x74/0x90 arch/arm64/mm/fault.c:729
do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
memcg_slab_free_hook mm/slab.h:364 [inline]
memcg_slab_free_hook mm/slab.h:336 [inline]
do_slab_free mm/slub.c:3117 [inline]
slab_free mm/slub.c:3162 [inline]
kfree+0x184/0x4d0 mm/slub.c:4213
virtblk_request_done+0x84/0x90 drivers/block/virtio_blk.c:167
blk_mq_complete_request block/blk-mq.c:679 [inline]
blk_mq_complete_request+0x34/0x4c block/blk-mq.c:676
virtblk_done+0x70/0x140 drivers/block/virtio_blk.c:190
vring_interrupt drivers/virtio/virtio_ring.c:2049 [inline]
vring_interrupt+0x64/0xac drivers/virtio/virtio_ring.c:2035
__handle_irq_event_percpu+0x54/0x170 kernel/irq/handle.c:156
handle_irq_event_percpu kernel/irq/handle.c:196 [inline]
handle_irq_event+0x64/0x140 kernel/irq/handle.c:213
handle_fasteoi_irq+0xa4/0x1f4 kernel/irq/chip.c:714
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
generic_handle_irq kernel/irq/irqdesc.c:652 [inline]
__handle_domain_irq+0x7c/0xe0 kernel/irq/irqdesc.c:689
handle_domain_irq include/linux/irqdesc.h:176 [inline]
gic_handle_irq+0x50/0xd0 drivers/irqchip/irq-gic.c:370
el1_irq+0xb4/0x180 arch/arm64/kernel/entry.S:669
arch_local_irq_enable arch/arm64/include/asm/irqflags.h:37 [inline]
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
_raw_spin_unlock_irq+0x14/0x50 kernel/locking/spinlock.c:199
context_switch kernel/sched/core.c:4325 [inline]
__schedule+0x2dc/0x794 kernel/sched/core.c:5073
preempt_schedule_notrace+0x4c/0x64 kernel/sched/core.c:5312
percpu_ref_put_many include/linux/percpu-refcount.h:320 [inline]
percpu_ref_put include/linux/percpu-refcount.h:338 [inline]
blk_mq_sched_insert_requests+0x108/0x1e0 block/blk-mq-sched.c:493
blk_mq_flush_plug_list+0xf4/0x160 block/blk-mq.c:1942
blk_flush_plug_list+0x38/0x1cc block/blk-core.c:1749
blk_schedule_flush_plug include/linux/blkdev.h:1279 [inline]
io_schedule_prepare kernel/sched/core.c:7177 [inline]
io_schedule_timeout+0x40/0x70 kernel/sched/core.c:7196
do_wait_for_common kernel/sched/completion.c:85 [inline]
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common_io kernel/sched/completion.c:123 [inline]
wait_for_completion_io+0x80/0x114 kernel/sched/completion.c:171
submit_bio_wait+0x5c/0x90 block/bio.c:1149
blkdev_issue_discard+0x78/0xd0 block/blk-lib.c:142
sb_issue_discard include/linux/blkdev.h:1355 [inline]
ext4_issue_discard fs/ext4/mballoc.c:3013 [inline]
ext4_trim_extent fs/ext4/mballoc.c:5675 [inline]
ext4_trim_all_free fs/ext4/mballoc.c:5734 [inline]
ext4_trim_fs+0x3b8/0x594 fs/ext4/mballoc.c:5840
__ext4_ioctl+0x3c0/0x1d70 fs/ext4/ioctl.c:1126
ext4_ioctl+0x38/0x60 fs/ext4/ioctl.c:1332
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl fs/ioctl.c:739 [inline]
__arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:739
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
Allocated by task 4079:
stack_trace_save+0x50/0x80 kernel/stacktrace.c:121
kasan_save_stack+0x28/0x60 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:427 [inline]
____kasan_kmalloc mm/kasan/common.c:506 [inline]
____kasan_kmalloc mm/kasan/common.c:465 [inline]
__kasan_kmalloc+0xc8/0x100 mm/kasan/common.c:515
kasan_kmalloc include/linux/kasan.h:233 [inline]
__kmalloc_node+0x1d8/0x3dc mm/slub.c:4103
kmalloc_array_node include/linux/slab.h:647 [inline]
kcalloc_node include/linux/slab.h:652 [inline]
memcg_alloc_page_obj_cgroups+0x34/0xb0 mm/memcontrol.c:2916
memcg_slab_post_alloc_hook+0xac/0x2d0 mm/slab.h:318
slab_post_alloc_hook mm/slab.h:522 [inline]
slab_alloc_node mm/slub.c:2907 [inline]
slab_alloc mm/slub.c:2915 [inline]
kmem_cache_alloc+0x1dc/0x33c mm/slub.c:2920
sock_alloc_inode+0x20/0x70 net/socket.c:253
alloc_inode+0x28/0xdc fs/inode.c:234
new_inode_pseudo+0x14/0x5c fs/inode.c:928
sock_alloc+0x1c/0x8c net/socket.c:576
__sock_create+0xc0/0x220 net/socket.c:1372
sock_create net/socket.c:1459 [inline]
__sys_socket+0x58/0x110 net/socket.c:1501
__do_sys_socket net/socket.c:1510 [inline]
__se_sys_socket net/socket.c:1508 [inline]
__arm64_sys_socket+0x24/0x34 net/socket.c:1508
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
Freed by task 3291:
stack_trace_save+0x50/0x80 kernel/stacktrace.c:121
kasan_save_stack+0x28/0x60 mm/kasan/common.c:38
kasan_set_track+0x28/0x40 mm/kasan/common.c:46
kasan_set_free_info+0x20/0x30 mm/kasan/hw_tags.c:174
____kasan_slab_free.constprop.0+0x1e0/0x230 mm/kasan/common.c:360
__kasan_slab_free+0x10/0x1c mm/kasan/common.c:367
kasan_slab_free include/linux/kasan.h:199 [inline]
slab_free_hook mm/slub.c:1562 [inline]
slab_free_freelist_hook+0xbc/0x210 mm/slub.c:1600
slab_free mm/slub.c:3161 [inline]
kfree+0x348/0x4d0 mm/slub.c:4213
__vunmap+0x25c/0x330 mm/vmalloc.c:2293
__vfree+0x3c/0x9c mm/vmalloc.c:2333
vfree+0x34/0x50 mm/vmalloc.c:2364
copy_entries_to_user net/ipv4/netfilter/arp_tables.c:712 [inline]
get_entries net/ipv4/netfilter/arp_tables.c:866 [inline]
do_arpt_get_ctl+0x338/0x484 net/ipv4/netfilter/arp_tables.c:1450
nf_getsockopt+0x60/0x8c net/netfilter/nf_sockopt.c:116
ip_getsockopt net/ipv4/ip_sockglue.c:1777 [inline]
ip_getsockopt+0x114/0x184 net/ipv4/ip_sockglue.c:1756
tcp_getsockopt+0x20/0x50 net/ipv4/tcp.c:4239
sock_common_getsockopt+0x1c/0x30 net/core/sock.c:3236
__sys_getsockopt+0xa4/0x210 net/socket.c:2161
__do_sys_getsockopt net/socket.c:2176 [inline]
__se_sys_getsockopt net/socket.c:2173 [inline]
__arm64_sys_getsockopt+0x28/0x40 net/socket.c:2173
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
The buggy address belongs to the object at ffff000020629000
which belongs to the cache kmalloc-128 of size 128
The buggy address is located 120 bytes inside of
128-byte region [ffff000020629000, ffff000020629080)
The buggy address belongs to the page:
page:00000000b59aac49 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60629
memcg:f2ff000020629201
flags: 0x1ffffc000000200(slab)
raw: 01ffffc000000200 0000000000000000 0000000100000001 f8ff000003001200
raw: 0000000000000000 0000000000100010 00000001ffffffff f2ff000020629201
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff000020628e00: fd fd fd fd fd fd fd fd fe fe fe fe fe fe fe fe
ffff000020628f00: f7 f7 f7 f7 f7 f7 f7 f7 fe fe fe fe fe fe fe fe
>ffff000020629000: f0 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
^
ffff000020629100: f8 f8 f8 f8 f8 f8 f8 f8 fe fe fe fe fe fe fe fe
ffff000020629200: f2 f2 f2 f2 f2 f2 f2 f2 fe fe fe fe fe fe fe fe
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 19, 2021, 12:31:15 AM6/19/21
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages