syzbot


KASAN: use-after-free Read in bpf_prog_kallsyms_find (2)
Status: fixed on 2019/11/23 02:56
Reported-by: syzbot+0bd67ad376a3f4a8606e@syzkaller.appspotmail.com
Fix commit: cd7455f1013e bpf: Fix use after free in subprog's jited symbol removal
First crash: 784d, last: 766d

Cause bisection: introduced by (bisect log) :
commit 6c4fc209fcf9d27efbaa48368773e4d2bfbd59aa
Author: Daniel Borkmann <daniel@iogearbox.net>
Date: Sat Dec 15 23:49:47 2018 +0000

  bpf: remove useless version check for prog load

Crash: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in bpf_prog_kallsyms_find 2 1031d 1061d 0/22 auto-closed as invalid on 2019/07/31 10:58
linux-4.19 KASAN: use-after-free Read in bpf_prog_kallsyms_find C error 11 305d 776d 0/1 upstream: reported C repro on 2019/10/14 06:50
Patch testing requests:
Created Duration User Patch Repo Result
2019/10/23 08:27 18m daniel@iogearbox.net bpf OK

Sample crash report:

Crashes (9):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2019/10/24 18:55 upstream f116b96685a0 d01bb02a .config log report syz C
ci-upstream-kasan-gce-root 2019/10/21 04:53 upstream 4fe34d61a3a9 8c88c9c1 .config log report syz C
ci-upstream-kasan-gce-root 2019/10/07 03:05 upstream b212921b13bd f3f7d9c8 .config log report syz C
ci-upstream-net-this-kasan-gce 2019/10/20 04:20 net bd310aca442f 8c88c9c1 .config log report syz C
ci-upstream-net-kasan-gce 2019/10/20 04:18 net-next ebcd670d05d5 8c88c9c1 .config log report syz C
ci-upstream-net-kasan-gce 2019/10/14 06:49 net-next c208bdb93788 2f661ec4 .config log report syz C
ci-upstream-bpf-next-kasan-gce 2019/10/07 04:07 bpf-next a9eb048d5615 f3f7d9c8 .config log report syz C
ci-upstream-net-this-kasan-gce 2019/10/20 12:34 net 531e93d11470 8c88c9c1 .config log report
ci-upstream-net-kasan-gce 2019/10/13 21:54 net-next c208bdb93788 2f661ec4 .config log report