syzbot


KASAN: use-after-free Read in nl8NUM_dump_wpan_phy
Status: fixed on 2019/12/13 00:31
Reported-by: syzbot+495688b736534bb6c6ad@syzkaller.appspotmail.com
Fix commit: ab5b526da048 net: genetlink: always allocate separate attrs for dumpit ops
First crash: 794d, last: 791d

Cause bisection: introduced by (bisect log) :
commit 75cdbdd089003cd53560ff87b690ae911fa7df8e
Author: Jiri Pirko <jiri@mellanox.com>
Date: Sat Oct 5 18:04:37 2019 +0000

  net: ieee802154: have genetlink code to parse the attrs during dumpit

Crash: KASAN: use-after-free Read in nl8NUM_dump_wpan_phy (log)
Repro: C syz .config
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in nl8NUM_dump_wpan_phy (2) C 18 516d 530d 17/22 fixed on 2020/07/20 08:03

Sample crash report:

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-kasan-gce 2019/10/07 00:39 net-next 056ddc38e941 f3f7d9c8 .config log report syz C
ci-upstream-net-kasan-gce 2019/10/09 09:12 net-next f9867b51d268 b1ebbfef .config log report
ci-upstream-net-kasan-gce 2019/10/07 05:40 net-next 056ddc38e941 f3f7d9c8 .config log report
ci-upstream-net-kasan-gce 2019/10/07 00:12 net-next 056ddc38e941 f3f7d9c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/10/09 01:24 linux-next 442630f691a1 b1ebbfef .config log report
ci-upstream-linux-next-kasan-gce-root 2019/10/08 13:57 linux-next 442630f691a1 137e37ca .config log report