syzbot

 sign-in | mailing list | source | docs
🐞 Open [587] 🐞 Fixed [172] 🐞 Invalid [428]

KASAN: use-after-free Read in relay_switch_subbuf
Status: upstream: reported C repro on 2019/11/05 17:36
Reported-by: syzbot+3905118b6e6567443ca7@syzkaller.appspotmail.com
First crash: 551d, last: 182d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: no output from test machine (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) [release commit]:
commit c196b3a9c83ae3491280b739d231d02b3cb9d041
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed Dec 2 07:34:45 2020 +0000

  Linux 4.14.210

similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in relay_switch_subbuf C done error 63 388d 956d 0/22 upstream: reported C repro on 2018/09/26 07:41
linux-4.19 KASAN: use-after-free Read in relay_switch_subbuf 10 317d 741d 0/1 auto-closed as invalid on 2020/10/24 01:02

Sample crash report:

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2019/11/05 19:01 linux-4.14.y ddef1e8e af5c522d .config log report syz C
ci2-linux-4-14 2020/07/11 02:33 linux-4.14.y b850307b 18d18b59 .config log report
ci2-linux-4-14 2019/11/21 05:55 linux-4.14.y f56f3d0e 8098ea0f .config log report
ci2-linux-4-14 2019/11/05 16:36 linux-4.14.y ddef1e8e af5c522d .config log report