KASAN: use-after-free Read in bpf_prog_kallsyms_del
Status: fixed on 2019/09/06 20:45
Fix commit: c751798a bpf: fix use after free in prog symbol exposure
First crash: 533d, last: 454d

Cause bisection: introduced by (bisect log):

commit f4d7e40a5b7157e1329c3c5b10f60d8289fc2941
Author: Alexei Starovoitov <>
Date: Fri Dec 15 01:55:06 2017 +0000

  bpf: introduce function calls (verification)

Crash: WARNING in bpf_jit_free (log)
Repro: syz .config

Fix bisection: the bug occurs on the latest tested release
Crash: KASAN: use-after-free Read in bpf_prog_kallsyms_find (log)
Repro: syz .config

Sample crash report:

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-selinux-root 2018/11/18 18:13 upstream 1ce80e0f adf636a8 .config log report syz,,,
ci-upstream-bpf-kasan-gce 2019/01/01 18:59 bpf 8b6b25cf 3d85f48c .config log report syz,,,
ci-upstream-bpf-next-kasan-gce 2018/10/14 19:59 bpf-next 67e89ac3 caf12900 .config log report,,,