search for: kasan

...: syzbot+bd391451452fb0b93039 at syzkaller.appspotmail.com > > netlink: 'syz-executor5': attribute type 2 has an invalid length. > binder: 28577:28588 transaction failed 29189/-22, size 0-0 line 2852 > ================================================================== > BUG: KASAN: use-after-free in debug_spin_lock_before > kernel/locking/spinlock_debug.c:83 [inline] > BUG: KASAN: use-after-free in do_raw_spin_lock+0x1c0/0x200 > kernel/locking/spinlock_debug.c:112 > Read of size 4 at addr ffff880194d0ec6c by task syz-executor4/28583 > > CPU: 1 PID: 28583 C...

...'t have any reproducer for this crash yet. > > IMPORTANT: if you fix the bug, please add the following tag to the > commit: > Reported-by: syzbot+c51e6736a1bf614b3272 at syzkaller.appspotmail.com > > ================================================================== > BUG: KASAN: use-after-free in vhost_vq_meta_fetch > drivers/vhost/vhost.c:702 [inline] > BUG: KASAN: use-after-free in iotlb_access_ok+0x5c9/0x600 > drivers/vhost/vhost.c:1177 > Read of size 8 at addr ffff880197df2fc0 by task vhost-8938/8941 > > CPU: 0 PID: 8941 Comm: vhost-8938 Not tainte...

On 03/03/2015 05:16 PM, Konrad Rzeszutek Wilk wrote: > On Tue, Mar 03, 2015 at 04:15:06PM +0300, Andrey Ryabinin wrote: >> On 03/03/2015 12:40 PM, Luis R. Rodriguez wrote: >>> Andrey, >>> >>> I believe that on Xen we should disable kasan, would like confirmation >> >> I guess Xen guests won't work with kasan because Xen guests doesn't setup shadow >> (kasan_map_early_shadow() is not called in xen guests). >> >> Disabling kasan for Xen in Kconfig is undesirable because that will disable kasan &g...

On 03/03/2015 05:16 PM, Konrad Rzeszutek Wilk wrote: > On Tue, Mar 03, 2015 at 04:15:06PM +0300, Andrey Ryabinin wrote: >> On 03/03/2015 12:40 PM, Luis R. Rodriguez wrote: >>> Andrey, >>> >>> I believe that on Xen we should disable kasan, would like confirmation >> >> I guess Xen guests won't work with kasan because Xen guests doesn't setup shadow >> (kasan_map_early_shadow() is not called in xen guests). >> >> Disabling kasan for Xen in Kconfig is undesirable because that will disable kasan &g...

On 03/03/2015 12:40 PM, Luis R. Rodriguez wrote: > Andrey, > > I believe that on Xen we should disable kasan, would like confirmation I guess Xen guests won't work with kasan because Xen guests doesn't setup shadow (kasan_map_early_shadow() is not called in xen guests). Disabling kasan for Xen in Kconfig is undesirable because that will disable kasan for allmodconfig and allyesconfig builds, but...

On 03/03/2015 12:40 PM, Luis R. Rodriguez wrote: > Andrey, > > I believe that on Xen we should disable kasan, would like confirmation I guess Xen guests won't work with kasan because Xen guests doesn't setup shadow (kasan_map_early_shadow() is not called in xen guests). Disabling kasan for Xen in Kconfig is undesirable because that will disable kasan for allmodconfig and allyesconfig builds, but...

...syzkaller.appspot.com/x/repro.syz?x=15038ad0400000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1465b670400000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+4e955f82549d361ed655 at syzkaller.appspotmail.com #syz dup: KASAN: stack-out-of-bounds Read in timerqueue_add > ================================================================== > BUG: KASAN: stack-out-of-bounds in __read_once_size > include/linux/compiler.h:188 [inline] > BUG: KASAN: stack-out-of-bounds in __netif_receive_skb_core+0x2e09/0x3680 &gt...

https://bugs.freedesktop.org/show_bug.cgi?id=100691 Bug ID: 100691 Summary: [4.10] BUG: KASAN: use-after-free in drm_calc_vbltimestamp_from_scanoutpos+0x625/0x740 Product: xorg Version: git Hardware: x86-64 (AMD64) OS: Linux (All) Status: NEW Severity: normal Priority: medium Compone...

https://bugs.freedesktop.org/show_bug.cgi?id=96306 Bug ID: 96306 Summary: BUG: KASAN: slab-out-of-bounds in OUT_RINGp (via nvc0_fbcon_imageblit) Product: xorg Version: unspecified Hardware: x86-64 (AMD64) OS: Linux (All) Status: NEW Severity: normal Priority: medium Componen...

...rflows) are better detected > > > with kmalloc code, so we must test the kmalloc path too. > > > > Well now, this brings up another item for the collective TODO list -- > > implement redzone checks for vmalloc. Unless this is something already > > taken care of by kasan or similar. > > The kmalloc overflow testing is also not ideal - it rounds the size up to > the next slab size and detects buffer overflows only at this boundary. > > Some times ago, I made a "kmalloc guard" patch that places a magic number > immediatelly after the r...

...rflows) are better detected > > > with kmalloc code, so we must test the kmalloc path too. > > > > Well now, this brings up another item for the collective TODO list -- > > implement redzone checks for vmalloc. Unless this is something already > > taken care of by kasan or similar. > > The kmalloc overflow testing is also not ideal - it rounds the size up to > the next slab size and detects buffer overflows only at this boundary. > > Some times ago, I made a "kmalloc guard" patch that places a magic number > immediatelly after the r...

...> Console: switching to colour dummy device 80x25 > [drm] features: -virgl +edid > [drm] number of scanouts: 1 > [drm] number of cap sets: 0 > [drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 2 > ================================================================== > BUG: KASAN: slab-out-of-bounds in virtio_gpu_object_shmem_init drivers/gpu/drm/virtio/virtgpu_object.c:151 [inline] > BUG: KASAN: slab-out-of-bounds in virtio_gpu_object_create+0x9f3/0xaa0 drivers/gpu/drm/virtio/virtgpu_object.c:230 > Write of size 8 at addr ffff888027f7a388 by task swapper/0/1 > &gt...

...> Console: switching to colour dummy device 80x25 > [drm] features: -virgl +edid > [drm] number of scanouts: 1 > [drm] number of cap sets: 0 > [drm] Initialized virtio_gpu 0.1.0 0 for virtio0 on minor 2 > ================================================================== > BUG: KASAN: slab-out-of-bounds in virtio_gpu_object_shmem_init drivers/gpu/drm/virtio/virtgpu_object.c:151 [inline] > BUG: KASAN: slab-out-of-bounds in virtio_gpu_object_create+0x9f3/0xaa0 drivers/gpu/drm/virtio/virtgpu_object.c:230 > Write of size 8 at addr ffff888027f7a388 by task swapper/0/1 > &gt...

Andrey, I believe that on Xen we should disable kasan, would like confirmation from someone on xen-devel though. Here's the thing though -- if true -- I'd like to do it *properly*, where *properly* means addressing a bit of architecture. A simple Kconfig slap seems rather reactive. I'd like to address a way to properly ensure we don't...

Andrey, I believe that on Xen we should disable kasan, would like confirmation from someone on xen-devel though. Here's the thing though -- if true -- I'd like to do it *properly*, where *properly* means addressing a bit of architecture. A simple Kconfig slap seems rather reactive. I'd like to address a way to properly ensure we don't...

Hello, I'm seeing this kasan report after booting with linus v4.4-rc1-290-g3ad5d7e. BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff880169e21fd0 Read of size 64 by task kworker/1:0/14 ============================================================================= BUG kmalloc-8192 (Not tainted): kasan: bad access...

On 2018?05?18? 17:24, Jason Wang wrote: > > > On 2018?05?17? 21:45, DaeRyong Jeong wrote: >> We report the crash: KASAN: use-after-free Read in vhost_chr_write_iter >> >> This crash has been found in v4.17-rc1 using RaceFuzzer (a modified >> version of Syzkaller), which we describe more at the end of this >> report. Our analysis shows that the race occurs when invoking two >> syscalls c...

On 2018?05?21? 22:42, Michael S. Tsirkin wrote: > On Mon, May 21, 2018 at 10:38:10AM +0800, Jason Wang wrote: >> On 2018?05?18? 17:24, Jason Wang wrote: >>> On 2018?05?17? 21:45, DaeRyong Jeong wrote: >>>> We report the crash: KASAN: use-after-free Read in vhost_chr_write_iter >>>> >>>> This crash has been found in v4.17-rc1 using RaceFuzzer (a modified >>>> version of Syzkaller), which we describe more at the end of this >>>> report. Our analysis shows that the race occurs when...

On 2018?05?22? 16:38, DaeRyong Jeong wrote: > On Mon, May 21, 2018 at 10:38:10AM +0800, Jason Wang wrote: >> On 2018?05?18? 17:24, Jason Wang wrote: >>> On 2018?05?17? 21:45, DaeRyong Jeong wrote: >>>> We report the crash: KASAN: use-after-free Read in vhost_chr_write_iter >>>> >>>> This crash has been found in v4.17-rc1 using RaceFuzzer (a modified >>>> version of Syzkaller), which we describe more at the end of this >>>> report. Our analysis shows that the race occurs when...

...: > On 03/03/2015 05:16 PM, Konrad Rzeszutek Wilk wrote: > > On Tue, Mar 03, 2015 at 04:15:06PM +0300, Andrey Ryabinin wrote: > >> On 03/03/2015 12:40 PM, Luis R. Rodriguez wrote: > >>> Andrey, > >>> > >>> I believe that on Xen we should disable kasan, would like confirmation > >> > >> I guess Xen guests won't work with kasan because Xen guests doesn't setup shadow > >> (kasan_map_early_shadow() is not called in xen guests). > >> > >> Disabling kasan for Xen in Kconfig is undesirable because t...