KASAN: use-after-free Read in sock_def_write

Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in sock_def_write_space (3) intel-wired-lan			21	1096d	1333d	0/26	auto-closed as invalid on 2021/08/18 10:16
linux-5.15	KASAN: use-after-free Read in sock_def_write_space (2)			1	166d	166d	0/3	auto-obsoleted due to no activity on 2024/03/15 00:45
upstream	KASAN: use-after-free Read in sock_def_write_space (4) net virt			7	745d	913d	0/26	auto-closed as invalid on 2022/08/04 16:53
upstream	KASAN: use-after-free Read in sock_def_write_space (2) arm-msm net	C	error	29	1342d	1399d	15/26	fixed on 2020/09/16 22:51
linux-5.15	KASAN: use-after-free Read in sock_def_write_space			1	299d	299d	0/3	auto-obsoleted due to no activity on 2023/11/03 11:19

Created	Duration	User	Repo	Result
2019/11/11 23:57	31m	bisect fix	upstream	job log (0) log
2019/10/03 05:41	32m	bisect fix	upstream	job log (0) log
2019/09/03 05:07	33m	bisect fix	upstream	job log (0) log

Created

Duration

User

Patch

Repo

Result

2019/11/11 23:57

31m

bisect fix

upstream

job log (0) log

2019/10/03 05:41

32m

bisect fix

upstream

job log (0) log

2019/09/03 05:07

33m

bisect fix

upstream

job log (0) log

================================================================== BUG: KASAN: use-after-free in list_empty include/linux/list.h:282 [inline] BUG: KASAN: use-after-free in waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: use-after-free in wq_has_sleeper include/linux/wait.h:161 [inline] BUG: KASAN: use-after-free in skwq_has_sleeper include/net/sock.h:2143 [inline] BUG: KASAN: use-after-free in sock_def_write_space+0x609/0x630 net/core/sock.c:2926 Read of size 8 at addr ffff888082ebf5c0 by task syz-executor433/9398 CPU: 1 PID: 9398 Comm: syz-executor433 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xae/0x436 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 list_empty include/linux/list.h:282 [inline] waitqueue_active include/linux/wait.h:127 [inline] wq_has_sleeper include/linux/wait.h:161 [inline] skwq_has_sleeper include/net/sock.h:2143 [inline] sock_def_write_space+0x609/0x630 net/core/sock.c:2926 sock_wfree+0x1cc/0x240 net/core/sock.c:2060 skb_release_head_state+0x9f/0x250 net/core/skbuff.c:651 skb_release_all net/core/skbuff.c:662 [inline] __kfree_skb net/core/skbuff.c:678 [inline] kfree_skb.part.0+0x89/0x350 net/core/skbuff.c:696 kfree_skb+0x7d/0x100 include/linux/refcount.h:270 skb_queue_purge+0x14/0x30 net/core/skbuff.c:3077 qrtr_tun_release+0x40/0x60 net/qrtr/tun.c:118 __fput+0x33c/0x880 fs/file_table.c:281 task_work_run+0xdd/0x190 kernel/task_work.c:135 exit_task_work include/linux/task_work.h:25 [inline] do_exit+0xb72/0x2a40 kernel/exit.c:805 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x40b/0x1ee0 kernel/signal.c:2743 do_signal+0x82/0x2520 arch/x86/kernel/signal.c:810 exit_to_usermode_loop arch/x86/entry/common.c:235 [inline] __prepare_exit_to_usermode+0x156/0x1f0 arch/x86/entry/common.c:269 do_syscall_64+0x6c/0xe0 arch/x86/entry/common.c:393 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x4469f9 Code: Bad RIP value. RSP: 002b:00007f220f53ad98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00000000006dbc48 RCX: 00000000004469f9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc48 RBP: 00000000006dbc40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc4c R13: 0000000000000000 R14: 0000000000000000 R15: 00306974765f7069 Allocated by task 9397: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:494 slab_post_alloc_hook mm/slab.h:586 [inline] slab_alloc mm/slab.c:3320 [inline] kmem_cache_alloc+0x12c/0x3b0 mm/slab.c:3484 sock_alloc_inode+0x18/0x1c0 net/socket.c:253 alloc_inode+0x61/0x230 fs/inode.c:232 new_inode_pseudo+0x14/0xe0 fs/inode.c:928 sock_alloc+0x3c/0x260 net/socket.c:573 __sock_create+0xb9/0x740 net/socket.c:1392 sock_create net/socket.c:1479 [inline] __sys_socket+0xef/0x200 net/socket.c:1521 __do_sys_socket net/socket.c:1530 [inline] __se_sys_socket net/socket.c:1528 [inline] __x64_sys_socket+0x6f/0xb0 net/socket.c:1528 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 16: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0xf5/0x140 mm/kasan/common.c:455 __cache_free mm/slab.c:3426 [inline] kmem_cache_free+0x7f/0x310 mm/slab.c:3694 i_callback+0x3f/0x70 fs/inode.c:221 rcu_do_batch kernel/rcu/tree.c:2414 [inline] rcu_core+0x5c7/0x1160 kernel/rcu/tree.c:2641 __do_softirq+0x34c/0xa60 kernel/softirq.c:292 The buggy address belongs to the object at ffff888082ebf540 which belongs to the cache sock_inode_cache of size 1216 The buggy address is located 128 bytes inside of 1216-byte region [ffff888082ebf540, ffff888082ebfa00) The buggy address belongs to the page: page:ffffea00020bafc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888082ebfffd flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea00020bb808 ffffea00020bb088 ffff88821b098000 raw: ffff888082ebfffd ffff888082ebf000 0000000100000003 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888082ebf480: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc ffff888082ebf500: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb >ffff888082ebf580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888082ebf600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888082ebf680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================

Crashes (67):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2020/07/17 03:34	upstream	f8456690ba8e	54b3c45e	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2020/07/16 11:07	upstream	994e99a96c9b	f3bec699	.config	console log	report	syz	C	ci-upstream-kasan-gce
2020/07/16 10:14	upstream	994e99a96c9b	f3bec699	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2020/06/14 22:19	upstream	435faf5c218a	2a22c77a	.config	console log	report	syz	C	ci-qemu-upstream-386
2019/12/16 02:23	upstream	510c9788991c	eef6e580	.config	console log	report	syz	C	ci-qemu-upstream-386
2019/08/04 05:07	upstream	dcb8cfbd8fe9	6affd8e8	.config	console log	report	syz		ci-upstream-kasan-gce-selinux-root
2020/07/18 07:37	upstream	8882572675c1	9c812472	.config	console log	report			ci-upstream-kasan-gce
2020/07/18 03:52	upstream	8882572675c1	9c812472	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2020/07/17 00:22	upstream	f8456690ba8e	54b3c45e	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2020/07/16 23:24	upstream	f8456690ba8e	54b3c45e	.config	console log	report			ci-upstream-kasan-gce
2020/07/15 03:23	upstream	e9919e11e219	609fb517	.config	console log	report			ci-upstream-kasan-gce-root
2020/07/12 02:29	upstream	a581387e415b	18d18b59	.config	console log	report			ci-upstream-kasan-gce
2020/07/03 09:51	upstream	cd77006e01b3	bed10395	.config	console log	report			ci-upstream-kasan-gce-root
2020/06/30 20:38	upstream	9ebcfadb0610	917afeaa	.config	console log	report			ci-upstream-kasan-gce
2020/06/30 02:08	upstream	4e99b32169e8	a2cdad9d	.config	console log	report			ci-upstream-kasan-gce-smack-root
2020/06/29 06:07	upstream	4e99b32169e8	a2cdad9d	.config	console log	report			ci-upstream-kasan-gce-smack-root
2020/06/28 02:59	upstream	1590a2e1c681	ffec44b5	.config	console log	report			ci-upstream-kasan-gce
2020/06/27 05:11	upstream	1590a2e1c681	ffec44b5	.config	console log	report			ci-upstream-kasan-gce
2020/06/25 11:28	upstream	7ae77150d94d	54566aff	.config	console log	report			ci-upstream-kasan-gce-root
2020/06/25 06:39	upstream	7ae77150d94d	54566aff	.config	console log	report			ci-upstream-kasan-gce
2020/06/12 20:36	upstream	435faf5c218a	d1c1c849	.config	console log	report			ci-qemu-upstream
2020/05/22 15:32	upstream	051143e1602d	9682898d	.config	console log	report			ci-upstream-kasan-gce-smack-root
2020/05/18 22:40	upstream	642b151f45dd	684d3606	.config	console log	report			ci-qemu-upstream
2020/05/12 18:36	upstream	152036d1379f	a44eb8f7	.config	console log	report			ci-qemu-upstream
2020/05/12 07:26	upstream	152036d1379f	44aa8310	.config	console log	report			ci-qemu-upstream
2020/04/16 05:45	upstream	00086336a8d9	c743fcb3	.config	console log	report			ci-qemu-upstream
2020/04/10 23:05	upstream	c0cc271173b2	a8c6a3f8	.config	console log	report			ci-upstream-kasan-gce-root
2020/01/24 05:44	upstream	4703d9119972	2e95ab33	.config	console log	report			ci-qemu-upstream
2019/12/22 11:26	upstream	b8e382a185eb	8b967267	.config	console log	report			ci-qemu-upstream
2019/12/21 11:28	upstream	f1fd1610cbb6	bc586918	.config	console log	report			ci-qemu-upstream
2019/12/20 18:40	upstream	6398b9fc818e	aa56acc6	.config	console log	report			ci-qemu-upstream
2019/12/17 10:57	upstream	ea200dec5128	2b31345f	.config	console log	report			ci-qemu-upstream
2019/12/14 03:03	upstream	e31736d9fae8	eef6e580	.config	console log	report			ci-qemu-upstream
2019/08/04 02:04	upstream	dcb8cfbd8fe9	6affd8e8	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/08/03 12:18	upstream	755f1fed27f4	6affd8e8	.config	console log	report			ci-upstream-kasan-gce-root
2019/07/31 21:07	upstream	4010b622f1d2	c692b5bd	.config	console log	report			ci-upstream-kasan-gce-root
2020/07/13 16:54	upstream	11ba468877bb	f90ec899	.config	console log	report			ci-upstream-kasan-gce-386
2020/07/09 04:41	upstream	0bddd227f3dc	bc238812	.config	console log	report			ci-upstream-kasan-gce-386
2020/07/07 20:49	upstream	7cc2a8ea1048	51095195	.config	console log	report			ci-upstream-kasan-gce-386
2020/07/04 16:57	upstream	7cc2a8ea1048	51095195	.config	console log	report			ci-upstream-kasan-gce-386
2020/07/03 07:26	upstream	cd77006e01b3	bed10395	.config	console log	report			ci-upstream-kasan-gce-386
2020/06/25 00:00	upstream	7ae77150d94d	54566aff	.config	console log	report			ci-upstream-kasan-gce-386
2020/03/22 07:33	upstream	b74b991fb8b9	78267cec	.config	console log	report			ci-qemu-upstream-386
2020/03/19 17:49	upstream	cd607737f3b8	2c31c529	.config	console log	report			ci-qemu-upstream-386
2020/02/18 22:24	upstream	b1da3acc781c	135c18aa	.config	console log	report			ci-qemu-upstream-386
2020/01/28 19:25	upstream	c677124e631d	c8e81ce4	.config	console log	report			ci-qemu-upstream-386
2019/12/15 11:48	upstream	510c9788991c	eef6e580	.config	console log	report			ci-qemu-upstream-386
2019/12/14 02:57	upstream	e31736d9fae8	eef6e580	.config	console log	report			ci-qemu-upstream-386
2020/07/15 07:34	net-old	d113c0f2e0d2	609fb517	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/05/13 23:11	net-old	99addbe31f55	a885920d	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/02/01 07:10	net-old	9f68e3655aae	c30117b2	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/30 20:35	net-old	ccd1f27368e4	5ed23f9a	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/12/10 09:40	net-old	991a34593bad	4b83c8fb	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/12 14:57	net-old	82ad862115c2	426631dd	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/07/21 21:54	net-old	1a03bb532934	1656845f	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/07/15 06:23	net-next-old	07dd1b7e68e4	609fb517	.config	console log	report			ci-upstream-net-kasan-gce
2020/07/06 12:33	net-next-old	e44f65fd666c	51095195	.config	console log	report			ci-upstream-net-kasan-gce
2020/06/02 07:40	net-next-old	9a25c1df24a6	a0331e89	.config	console log	report			ci-upstream-net-kasan-gce
2019/07/20 17:37	net-next-old	31cc088a4f5d	1656845f	.config	console log	report			ci-upstream-net-kasan-gce
2020/07/20 00:17	linux-next	4c43049f19a2	9c812472	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2020/07/19 19:34	linux-next	4c43049f19a2	9c812472	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2020/07/17 18:25	linux-next	4c43049f19a2	9c812472	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2020/07/16 08:25	linux-next	ca0e494af5ed	f3bec699	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/07/22 15:51	linux-next	6d21a41b7b1f	b3c615f5	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/07/21 19:37	linux-next	6d21a41b7b1f	1656845f	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

Crashes (67):

Assets (help?)

2020/07/17 03:34

upstream