syzbot


KASAN: use-after-free Read in corrupted

Status: upstream: reported syz repro on 2020/11/15 10:58
Reported-by: syzbot+3da5492d1fd6b9cb59e7@syzkaller.appspotmail.com
First crash: 754d, last: 283d

Fix bisection: failed (bisect log)
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in corrupted C 2 1668d 1671d 9/24 fixed on 2018/07/09 18:05
android-414 KASAN: use-after-free Read in corrupted C 2 1222d 1223d 0/1 public: reported C repro on 2019/08/03 12:36
upstream KASAN: use-after-free Read in corrupted (3) syz done 1 1262d 1262d 13/24 fixed on 2019/08/27 17:15
upstream KASAN: use-after-free Read in corrupted (2) syz 1 1324d 1324d 0/24 closed as invalid on 2019/04/25 11:05
upstream KASAN: use-after-free Read in corrupted (4) C done error 9 155d 849d 0/24 upstream: reported C repro on 2020/08/11 12:47
Patch testing requests:
Created Duration User Patch Repo Result
2022/10/11 10:30 13m retest repro linux-4.14.y report log

Sample crash report:
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x2c57/0x3f20 kernel/locking/lockdep.c:3369
Read of size 8 at addr ffff8880b4a85a68 by task loop4/11598

CPU: 0 PID: 11598 Comm: loop4 Not tainted 4.14.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_address_description.cold+0x54/0x1d3 mm/kasan/report.c:252

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/11/15 10:57 linux-4.14.y 27ce4f2a6817 1bf9a662 .config log report syz
* Struck through repros no longer work on HEAD.