syzbot

 sign-in | mailing list | source | docs
🐞 Open [998] 🐞 Fixed [3094] 🐞 Invalid [5563]

KASAN: use-after-free Read in __list_del_entry_valid (2)
Status: fixed on 2018/01/11 01:23
Reported-by: syzbot+29cf0a34886ca39d13fc0451b174140973b5bed3@syzkaller.appspotmail.com
Fix commit: d76c6810 crypto: pcrypt - fix freeing pcrypt instances
First crash: 1242d, last: 1236d
duplicates (13):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
BUG: unable to handle kernel paging request in socket_file_ops C 1 1239d 1235d 0/22 closed as dup on 2017/12/20 22:39
BUG: bad usercopy in memdup_user 107 1218d 1238d 0/22 closed as dup on 2017/12/31 08:11
general protection fault in copy_user_generic_unrolled (2) 1 1237d 1233d 0/22 closed as dup on 2017/12/31 08:14
BUG: bad usercopy in ___sys_sendmsg 70 1217d 1239d 0/22 closed as dup on 2017/12/31 08:10
BUG: unable to handle kernel NULL pointer dereference in irq_may_run C 1 1236d 1235d 0/22 closed as dup on 2017/12/23 20:38
BUG: bad usercopy in old_dev_ioctl 13 1220d 1239d 0/22 closed as dup on 2017/12/31 08:10
KASAN: use-after-free Read in __pagevec_lru_add_fn C 1 1238d 1233d 0/22 closed as dup on 2017/12/22 22:25
general protection fault in strncpy_from_user 1 1239d 1235d 0/22 closed as dup on 2017/12/31 08:14
BUG: unable to handle kernel NULL pointer dereference in __crypto_alg_lookup C 47 1236d 1238d 0/22 closed as dup on 2017/12/20 22:36
BUG: bad usercopy in memdup_user_nul 5 1224d 1237d 0/22 closed as dup on 2017/12/31 08:11
BUG: unable to handle kernel paging request in security_compute_sid C 1 1238d 1233d 0/22 closed as dup on 2017/12/22 22:14
BUG: unable to handle kernel NULL pointer dereference in sidtab_search_core C 1 1240d 1236d 0/22 closed as dup on 2017/12/22 17:05
KASAN: use-after-free Read in crypto_aead_free_instance C 5 1232d 1236d 0/22 closed as dup on 2017/12/20 22:37
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in __list_del_entry_valid (3) C 15 1147d 1160d 13/22 closed as dup on 2018/03/22 15:31
upstream KASAN: use-after-free Read in __list_del_entry_valid (4) C done 16 452d 1140d 17/22 fixed on 2020/05/10 10:41

Sample crash report:

Crashes (11):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2017/12/15 23:04 upstream 032b4cc8 ac20b98c .config log report syz C
ci-upstream-kasan-gce 2017/12/15 07:11 upstream d455df0b ac20b98c .config log report syz C
ci-upstream-kasan-gce 2017/12/13 21:29 upstream d39a01ef 06ea774d .config log report syz C
ci-upstream-net-kasan-gce 2017/12/17 00:02 net-next 28dc4c8f b6f0c91b .config log report syz C
ci-upstream-net-kasan-gce 2017/12/15 22:53 net-next 3b07d788 ac20b98c .config log report syz C
ci-upstream-net-kasan-gce 2017/12/15 07:03 net-next 5c13e075 ac20b98c .config log report syz C
ci-upstream-net-kasan-gce 2017/12/13 21:16 net-next f93ea3bf 06ea774d .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/20 00:12 mmots 82bcf1de af9163c7 .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/19 18:35 mmots 82bcf1de af9163c7 .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/18 11:48 mmots 82bcf1de d5beb42a .config log report syz C
ci-upstream-mmots-kasan-gce 2017/12/17 10:30 mmots 82bcf1de b6f0c91b .config log report syz C