syzbot


general protection fault in rb_erase (2)
Status: fixed on 2019/08/27 17:15
Reported-by: syzbot+e8c40862180d8949d624@syzkaller.appspotmail.com
Fix commit: 95fa1454 bpf: sockmap/tls, close can race with map free
First crash: 261d, last: 53d
Bisection: introduced by (bisect log):

commit e9db4ef6bf4ca9894bb324c76e01b8f1a16b2650
Author: John Fastabend <john.fastabend@gmail.com>
Date: Sat Jun 30 13:17:47 2018 +0000

  bpf: sockhash fix omitted bucket lock in sock_close

Tree: upstream
Crash: KASAN: use-after-free Write in bpf_tcp_close (log)
Repro: syz .config
similar bugs (2):
Kernel Title Repro Bisected Count Last Reported Patched Status
linux-4.14 general protection fault in rb_erase C 9681 1h10m 162d 0/1 upstream: reported C repro on 2019/04/11 11:41
upstream general protection fault in rb_erase C 79836 319d 360d 12/13 fixed on 2018/11/12 21:25

Sample crash report:

All crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-root 2019/06/06 03:58 upstream 156c0591 a547defc .config log report syz linux-kernel@vger.kernel.org, tglx@linutronix.de
ci-upstream-kasan-gce-selinux-root 2019/07/29 14:52 upstream 609488bc c85e1c5b .config log report syz linux-kernel@vger.kernel.org, tglx@linutronix.de
ci-upstream-kasan-gce-selinux-root 2019/01/03 00:25 upstream 85f78456 06a2b89f .config log report linux-kernel@vger.kernel.org, tglx@linutronix.de
ci-upstream-kasan-gce-root 2019/01/03 02:19 upstream 85f78456 06a2b89f .config log report linux-kernel@vger.kernel.org, tglx@linutronix.de