KASAN: use-after-free Read in bpf_test

Title	Replies (including bot)	Last reply
[PATCH 4.14 00/45] 4.14.259-rc1 review	48 (48)	2021/12/21 23:12
[PATCH bpf] bpf: fix panic due to oob in bpf_prog_test_run_skb	2 (2)	2018/07/11 23:16
KASAN: use-after-free Read in bpf_test_finish	0 (1)	2018/07/09 06:19

Title

Replies (including bot)

Last reply

[PATCH 4.14 00/45] 4.14.259-rc1 review

48 (48)

2021/12/21 23:12

[PATCH bpf] bpf: fix panic due to oob in bpf_prog_test_run_skb

2 (2)

2018/07/11 23:16

KASAN: use-after-free Read in bpf_test_finish

0 (1)

2018/07/09 06:19

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.14	KASAN: use-after-free Read in bpf_test_finish	C		inconclusive	4	1423d	1727d	0/1	upstream: reported C repro on 2019/08/03 11:31
android-414	KASAN: use-after-free Read in bpf_test_finish	C			388	1696d	1841d	0/1	public: reported C repro on 2019/04/11 00:00

random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) ================================================================== BUG: KASAN: use-after-free in _copy_to_user+0xe9/0x110 lib/usercopy.c:27 Read of size 924 at addr ffff8801ab7ffff2 by task syz-executor173/4509 CPU: 1 PID: 4509 Comm: syz-executor173 Not tainted 4.18.0-rc4+ #144 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 _copy_to_user+0xe9/0x110 lib/usercopy.c:27 copy_to_user include/linux/uaccess.h:155 [inline] bpf_test_finish.isra.7+0xee/0x1f0 net/bpf/test_run.c:59 bpf_prog_test_run_skb+0x7d7/0xa30 net/bpf/test_run.c:144 bpf_prog_test_run+0x130/0x1a0 kernel/bpf/syscall.c:1686 __do_sys_bpf kernel/bpf/syscall.c:2323 [inline] __se_sys_bpf kernel/bpf/syscall.c:2267 [inline] __x64_sys_bpf+0x3d8/0x510 kernel/bpf/syscall.c:2267 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x440269 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffe962cae98 EFLAGS: 00000213 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440269 RDX: 0000000000000028 RSI: 0000000020000180 RDI: 000000000000000a RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401af0 R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:ffffea0006adffc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 ffffea0006adffc8 ffffea0006adffc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801ab7ffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801ab7fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8801ab7fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8801ab800000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801ab800080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================

Crashes (1211):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/07/13 10:21	upstream	63f047771621	06c33b3a	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/13 04:58	upstream	63f047771621	06c33b3a	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/11 18:14	upstream	1e09177acae3	2e0e3130	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/11 12:02	upstream	1e09177acae3	2e0e3130	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/11 11:19	upstream	1e09177acae3	2e0e3130	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/10 13:21	upstream	092150a25cb7	9fa03fa5	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/10 12:58	upstream	092150a25cb7	9fa03fa5	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/10 12:29	upstream	092150a25cb7	9fa03fa5	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/10 09:46	upstream	092150a25cb7	9fa03fa5	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/09 05:45	upstream	ca04b3cca11a	f25e5770	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/07/11 12:12	bpf	59ee4129a279	2e0e3130	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/11 03:13	bpf	59ee4129a279	2e0e3130	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 22:04	bpf	f292b87d3ac0	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 13:56	bpf	f292b87d3ac0	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 11:59	bpf	f292b87d3ac0	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 10:52	bpf	f292b87d3ac0	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 10:34	bpf	f292b87d3ac0	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 06:42	bpf	7f93d1295131	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 05:33	bpf	7f93d1295131	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/09 05:11	bpf	7f93d1295131	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2018/07/11 12:27	bpf-next	d90c936fb318	2e0e3130	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/11 11:53	bpf-next	d90c936fb318	2e0e3130	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/11 02:54	bpf-next	d90c936fb318	2e0e3130	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 22:18	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 13:39	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 11:41	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 05:29	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 05:15	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 04:55	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 04:38	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/09 04:22	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz	C	ci-upstream-bpf-next-kasan-gce
2018/07/11 18:23	linux-next	98be45067040	2e0e3130	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/07/11 13:27	linux-next	98be45067040	2e0e3130	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/07/11 02:58	linux-next	3951bd9fe3e2	2e0e3130	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/07/11 01:00	linux-next	3951bd9fe3e2	2e0e3130	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/07/09 04:00	linux-next	526674536360	f25e5770	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/07/10 08:13	bpf-next	d90c936fb318	f25e5770	.config	console log	report	syz		ci-upstream-bpf-next-kasan-gce
2018/07/09 03:44	upstream	ca04b3cca11a	f25e5770	.config	console log	report			ci-upstream-kasan-gce-root
2018/07/12 04:19	bpf	61d769807f27	2e0e3130	.config	console log	report			ci-upstream-bpf-kasan-gce
2018/07/23 16:57	bpf-next	8ae71e76cf1f	f69c5fcd	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 15:30	bpf-next	8ae71e76cf1f	f69c5fcd	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 12:45	bpf-next	8ae71e76cf1f	f69c5fcd	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 11:37	bpf-next	8ae71e76cf1f	f69c5fcd	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 09:39	bpf-next	8ae71e76cf1f	f69c5fcd	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 08:04	bpf-next	8ae71e76cf1f	f69c5fcd	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 07:01	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 03:59	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 02:49	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/23 01:13	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 23:53	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 22:30	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 20:00	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 17:57	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 17:06	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 15:06	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 13:51	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 12:30	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 10:06	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 08:50	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 07:38	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 03:54	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 02:50	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 02:47	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/22 00:10	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 21:10	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 19:38	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 18:13	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 15:45	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 14:41	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 12:52	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 11:36	bpf-next	8ae71e76cf1f	8cc079c3	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/21 03:38	net-next-old	eecd6857709e	af255b09	.config	console log	report			ci-upstream-net-kasan-gce
2018/07/21 03:05	bpf-next	8ae71e76cf1f	af255b09	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/20 21:37	bpf-next	8ae71e76cf1f	af255b09	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/20 20:09	bpf-next	8ae71e76cf1f	af255b09	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/20 17:52	bpf-next	8ae71e76cf1f	49f35839	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/20 16:51	bpf-next	8ae71e76cf1f	49f35839	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/20 15:39	bpf-next	8ae71e76cf1f	49f35839	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/20 14:37	bpf-next	8ae71e76cf1f	49f35839	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/20 14:17	bpf-next	8ae71e76cf1f	49f35839	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2018/07/09 11:12	linux-next	d00d6d9a339d	f25e5770	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

Crashes (1211):

Assets (help?)

2018/07/13 10:21

upstream