syzbot

 sign-in | mailing list | source | docs
🐞 Open [1055] 🐞 Fixed [2943] 🐞 Invalid [5178]

KASAN: use-after-free Read in __list_del_entry_valid (2)
Status: fixed on 2018/01/11 01:23
Reported-by: syzbot+29cf0a34886ca39d13fc0451b174140973b5bed3@syzkaller.appspotmail.com
Fix commit: d76c6810 crypto: pcrypt - fix freeing pcrypt instances
First crash: 1179d, last: 1173d
duplicates (13):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
BUG: unable to handle kernel paging request in socket_file_ops C 1 1176d 1172d 0/21 closed as dup on 2017/12/20 22:39
BUG: bad usercopy in memdup_user 107 1154d 1174d 0/21 closed as dup on 2017/12/31 08:11
general protection fault in copy_user_generic_unrolled (2) 1 1174d 1170d 0/21 closed as dup on 2017/12/31 08:14
BUG: bad usercopy in ___sys_sendmsg 70 1154d 1176d 0/21 closed as dup on 2017/12/31 08:10
BUG: unable to handle kernel NULL pointer dereference in irq_may_run C 1 1172d 1171d 0/21 closed as dup on 2017/12/23 20:38
BUG: bad usercopy in old_dev_ioctl 13 1156d 1175d 0/21 closed as dup on 2017/12/31 08:10
KASAN: use-after-free Read in __pagevec_lru_add_fn C 1 1174d 1170d 0/21 closed as dup on 2017/12/22 22:25
general protection fault in strncpy_from_user 1 1175d 1171d 0/21 closed as dup on 2017/12/31 08:14
BUG: unable to handle kernel NULL pointer dereference in __crypto_alg_lookup C 47 1172d 1174d 0/21 closed as dup on 2017/12/20 22:36
BUG: bad usercopy in memdup_user_nul 5 1160d 1173d 0/21 closed as dup on 2017/12/31 08:11
BUG: unable to handle kernel paging request in security_compute_sid C 1 1174d 1170d 0/21 closed as dup on 2017/12/22 22:14
BUG: unable to handle kernel NULL pointer dereference in sidtab_search_core C 1 1177d 1172d 0/21 closed as dup on 2017/12/22 17:05
KASAN: use-after-free Read in crypto_aead_free_instance C 5 1168d 1172d 0/21 closed as dup on 2017/12/20 22:37
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in __list_del_entry_valid (3) C 15 1083d 1096d 13/21 closed as dup on 2018/03/22 15:31
upstream KASAN: use-after-free Read in __list_del_entry_valid (4) C done 16 389d 1077d 17/21 fixed on 2020/05/10 10:41

Sample crash report:

Crashes (11):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2017/12/15 23:04 upstream 032b4cc8 ac20b98c .config log report syz C
ci-upstream-kasan-gce 2017/12/15 07:11 upstream d455df0b ac20b98c .config log report syz C
ci-upstream-kasan-gce 2017/12/13 21:29 upstream d39a01ef 06ea774d .config log report syz C
ci-upstream-net-kasan-gce 2017/12/17 00:02 net-next 28dc4c8f b6f0c91b .config log report syz C
ci-upstream-net-kasan-gce 2017/12/15 22:53 net-next 3b07d788 ac20b98c .config log report syz C
ci-upstream-net-kasan-gce 2017/12/15 07:03 net-next 5c13e075 ac20b98c .config log report syz C
ci-upstream-net-kasan-gce 2017/12/13 21:16 net-next f93ea3bf 06ea774d .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/20 00:12 mmots 82bcf1de af9163c7 .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/19 18:35 mmots 82bcf1de af9163c7 .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/18 11:48 mmots 82bcf1de d5beb42a .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/17 10:30 mmots 82bcf1de b6f0c91b .config log report syz C