syzbot


BUG: unable to handle kernel NULL pointer dereference in corrupted (4)
Status: fixed on 2019/08/27 17:15
Reported-by: syzbot+4b5d77fdf765668f9eba@syzkaller.appspotmail.com
Fix commit: 95fa1454 bpf: sockmap/tls, close can race with map free
First crash: 683d, last: 683d

Cause bisection: introduced by (bisect log) :
commit e9db4ef6bf4ca9894bb324c76e01b8f1a16b2650
Author: John Fastabend <john.fastabend@gmail.com>
Date: Sat Jun 30 13:17:47 2018 +0000

  bpf: sockhash fix omitted bucket lock in sock_close

Crash: KASAN: use-after-free Write in bpf_tcp_close (log)
Repro: syz .config

Fix bisection: fixed by (bisect log) :
commit 95fa145479fbc0a0c1fd3274ceb42ec03c042a4a
Author: John Fastabend <john.fastabend@gmail.com>
Date: Fri Jul 19 17:29:22 2019 +0000

  bpf: sockmap/tls, close can race with map free

similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 BUG: unable to handle kernel NULL pointer dereference in corrupted C 45 3d20h 151d 0/1 upstream: reported C repro on 2020/12/07 19:36
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted (5) C done error 3 413d 419d 0/22 upstream: reported C repro on 2020/03/14 06:37
linux-4.19 BUG: unable to handle kernel NULL pointer dereference in corrupted C 6 12d 564d 0/1 upstream: reported C repro on 2019/10/21 15:36
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted (3) C 1 851d 851d 12/22 fixed on 2019/03/06 07:43
linux-4.14 BUG: unable to handle kernel NULL pointer dereference in corrupted C inconclusive 3 331d 571d 0/1 upstream: reported C repro on 2019/10/14 10:06
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted (2) C 1 1025d 1025d 9/22 fixed on 2018/08/07 13:43
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted C 5 1064d 1064d 9/22 fixed on 2018/07/09 18:05

Sample crash report:

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2019/06/25 04:24 upstream 4b972a01 82c13b6b .config log report syz