syzbot

 sign-in | mailing list | source | docs
🐞 Open [1031] 🐞 Fixed [3444] 🐞 Invalid [6721]

KASAN: use-after-free Read in nbd_release
Status: upstream: reported C repro on 2021/02/22 09:05
Reported-by: syzbot+74f888d2e102b3930324@syzkaller.appspotmail.com
First crash: 248d, last: 74d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: use-after-free Write in ex_handler_refcount (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) [merge commit]:
commit 6b6dc4f40c5264556223ba94693f20d83796ab1f
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Sep 5 17:50:12 2021 +0000

  Merge tag 'mtd/for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Read in nbd_release C 28 11d 250d 0/1 upstream: reported C repro on 2021/02/20 11:32
linux-4.19 KASAN: use-after-free Read in nbd_release C 38 2d16h 249d 0/1 upstream: reported C repro on 2021/02/21 06:21
Patch testing requests:
Created Duration User Patch Repo Result
2021/10/11 05:53 18m phind.uet@gmail.com linux-next OK
2021/03/21 21:31 0m alaaemadhossney.ae@gmail.com git://kernel/git/netdev/net.git master error

Sample crash report:

Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-this-kasan-gce 2021/02/21 15:06 net 3af409ca278d 3e5ed8b4 .config log report syz C KASAN: use-after-free Read in nbd_release
ci-upstream-net-kasan-gce 2021/03/10 12:23 net-next d310ec03a34e 26967e35 .config log report info KASAN: use-after-free Read in nbd_release
ci-upstream-net-kasan-gce 2021/03/05 12:45 net-next d310ec03a34e 9d751681 .config log report info KASAN: use-after-free Read in nbd_release
ci-upstream-net-kasan-gce 2021/02/24 01:32 net-next d310ec03a34e fcc6d71b .config log report info KASAN: use-after-free Read in nbd_release
ci-upstream-net-kasan-gce 2021/02/22 06:43 net-next d310ec03a34e a659b3f1 .config log report info KASAN: use-after-free Read in nbd_release