syzbot


KASAN: use-after-free Read in rt_cache_valid
Status: fixed on 2019/07/10 21:40
Reported-by: syzbot+c4c4b2bb358bb936ad7e@syzkaller.appspotmail.com
Fix commit: c3bcde02 tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
First crash: 223d, last: 107d
Bisection: introduced by (bisect log):

commit 6b27e27729270a2478fdebea2db9c4f57bb4e8e6
Author: Colin Ian King <colin.king@canonical.com>
Date: Wed Oct 31 19:31:43 2018 +0000

  ASoC: stm32: sai: fix less than zero comparison on unsigned int

Tree: upstream
Crash: inconsistent lock state in rhashtable_walk_enter (log)
Repro: syz .config
similar bugs (1):
Kernel Title Repro Bisected Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Read in rt_cache_valid 1 161d 161d 0/1 upstream: reported on 2019/04/15 03:22

Sample crash report:

All crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-root 2019/02/12 02:12 upstream aa0c38cf 65a0d619 .config log report syz davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-kasan-gce-386 2019/02/27 23:58 upstream 7d762d69 34ec456b .config log report davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-net-this-kasan-gce 2019/03/15 04:35 net 3b319ee2 d72db19b .config log report davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-net-kasan-gce 2019/06/08 10:24 net-next a6cdeeb1 cf9c3a50 .config log report davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-net-kasan-gce 2019/06/08 01:36 net-next 96524ea4 ce9107d0 .config log report davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org