syzbot


[upstream] KASAN: use-after-free Read in locks_delete_block
Status: fixed on 2019/01/15 20:25
Reported-by: syzbot+a4a3d526b4157113ec6a@syzkaller.appspotmail.com
Fix commit: 16306a61 fs/locks: always delete_block after waiting.
First crash: 126d, last: 103d
duplicates:
Title Repro Bisected Count Last Reported Patched Status
KASAN: stack-out-of-bounds Read in locks_delete_block 1 125d 124d 0/12 closed as dup on 2018/11/16 20:38
BUG: unable to handle kernel paging request in locks_remove_file 4 130d 131d 0/12 closed as dup on 2018/11/16 20:43
KASAN: use-after-free Read in locks_remove_flock 9 130d 131d 0/12 closed as dup on 2018/11/16 20:42
KASAN: stack-out-of-bounds Read in locks_remove_flock 18 130d 131d 0/12 closed as dup on 2018/11/16 20:41
BUG: corrupted list in locks_delete_block C 4 113d 127d 0/12 closed as dup on 2018/11/16 20:40
general protection fault in locks_remove_flock C 181 130d 131d 0/12 closed as dup on 2018/11/16 20:45

Sample crash report:

All crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-linux-next-kasan-gce-root 2018/11/13 19:57 linux-next 442b8cea 5f5f6d14 .config log report syz bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root 2018/11/12 19:01 linux-next 442b8cea 7b5f8621 .config log report bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root 2018/12/05 19:09 linux-next 442b8cea ac6c0578 .config log report bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root 2018/11/28 23:42 linux-next 442b8cea 4b6d14f2 .config log report bfields@fieldses.org, jlayton@kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk