syzbot

 sign-in | mailing list | source | docs
🐞 Open [1026] 🐞 Fixed [3615] 🐞 Invalid [7367]

KASAN: use-after-free Read in soft_cursor
Status: upstream: reported C repro on 2019/12/06 12:25
Reported-by: syzbot+cf43fb300aa142fb024b@syzkaller.appspotmail.com
First crash: 784d, last: 508d

Cause bisection: introduced by (bisect log) :
commit 2de50e9674fc4ca3c6174b04477f69eb26b4ee31
Author: Russell Currey <ruscur@russell.cc>
Date: Mon Feb 8 04:08:20 2016 +0000

  powerpc/powernv: Remove support for p5ioc2

Crash: BUG: spinlock lockup suspected in nf_conntrack_lock (log)
Repro: C syz .config

Fix bisection: the fix commit could be any of (bisect log):
  6b643a07a7e4 x86/entry, ubsan, objtool: Whitelist __ubsan_handle_*()
  8e8bb06d199a x86/entry, bug: Comment the instrumentation_begin() usage for WARN()
  14d3b376b6c3 x86/entry, cpumask: Provide non-instrumented variant of cpu_is_offline()
  33aea07f30c2 compiler_attributes.h: Support no_sanitize_undefined check with GCC 4
  5144f8a8dfd7 compiler_types.h: Add __no_sanitize_{address,undefined} to noinstr
  acf7b0bf7dcf kasan: Fix required compiler version
  734d099ba644 objtool: Don't consider vmlinux a C-file
  7b861a53e46b kasan: Bump required compiler version
  5ddbc4082e10 x86, kcsan: Add __no_kcsan to noinstr
  e3a9e681adb7 x86/entry: Fixup bad_iret vs noinstr
  c7aadc09321d x86/entry: Increase entry_stack size to a full page
  e79302ae8c8c kcsan: Remove __no_kcsan_or_inline
  145a773aef83 x86/entry: Fix #UD vs WARN more
  e82587336695 x86, kcsan: Remove __no_kcsan_or_inline usage
  2c92d787cc9f Merge branch 'linus' into x86/entry, to resolve conflicts
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Read in soft_cursor C done 16 489d 786d 1/1 fixed on 2020/10/26 21:28
linux-4.19 KASAN: use-after-free Read in soft_cursor (2) 2 397d 436d 0/1 auto-closed as invalid on 2021/04/26 05:01
linux-4.14 KASAN: use-after-free Read in soft_cursor C inconclusive 7 275d 786d 0/1 upstream: reported C repro on 2019/12/04 13:11
Patch testing requests:
Created Duration User Patch Repo Result
2021/03/15 01:50 15m ducheng2@gmail.com upstream OK

Sample crash report:

Crashes (12):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2019/12/06 11:48 upstream b0d4beaa5a4b 98b4ef2d .config log report syz C
ci-upstream-kasan-gce-root 2019/12/06 11:06 upstream b0d4beaa5a4b 98b4ef2d .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2019/12/18 13:06 linux-next b9c5ef25038d f2fe0772 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/09/07 20:05 upstream f4d51dffc6c0 abf9ba4f .config log report
ci-upstream-kasan-gce-root 2020/08/09 06:24 upstream 06a81c1c7db9 f721e4a0 .config log report
ci-upstream-kasan-gce-root 2020/04/28 04:05 upstream 51184ae37e05 0ce7569e .config log report
ci-upstream-kasan-gce-smack-root 2020/03/18 17:50 upstream 5076190daded 0a96a13c .config log report
ci-upstream-kasan-gce-smack-root 2020/03/14 18:54 upstream 69a4d0baeeb1 749688d2 .config log report
ci-upstream-kasan-gce-selinux-root 2019/12/18 23:40 upstream 2187f215ebaa 79b211f7 .config log report
ci-qemu-upstream-386 2019/12/21 17:39 upstream 6210469417fd bc586918 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/02/25 19:10 linux-next bdc5461b23ca 59b57593 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/02/21 04:53 linux-next bee46b309a13 bd2a74a3 .config log report