syzbot


KASAN: use-after-free Read in link_path_walk
Status: fixed on 2019/04/12 08:05
Reported-by: syzbot+fb731ca573367b7f6564@syzkaller.appspotmail.com
Fix commit: 1da6c4d9 bpf: fix use after free in bpf_evict_inode
First crash: 269d, last: 254d
Bisection: introduced by (bisect log):

commit 0f98621bef5d2b7ad41f6595899660af344f5016
Author: Daniel Borkmann <daniel@iogearbox.net>
Date: Sat Oct 29 00:30:46 2016 +0000

  bpf, inode: add support for symlinks and fix mtime/ctime

Tree: upstream
Crash: KASAN: use-after-free Read in trailing_symlink (log)
Repro: syz .config
similar bugs (3):
Kernel Title Repro Bisected Count Last Reported Patched Status
android-44 KASAN: use-after-free Read in link_path_walk 17 385d 581d 0/2 auto-closed as invalid on 2019/02/22 12:34
android-414 KASAN: use-after-free Read in link_path_walk syz 2 191d 134d 0/1 public: reported syz repro on 2019/04/13 00:01
android-49 KASAN: use-after-free Read in link_path_walk C 56 386d 135d 0/3 public: reported C repro on 2019/04/11 08:44

Sample crash report:

All crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-selinux-root 2018/11/28 09:10 upstream ef78e5ec 4b6d14f2 .config log report syz linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-selinux-root 2018/12/13 00:05 upstream f5d58277 02613a41 .config log report syz linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root 2018/12/14 05:55 linux-next ca40dc22 fe7127be .config log report syz linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-selinux-root 2018/12/12 22:16 upstream f5d58277 02613a41 .config log report linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-kasan-gce-selinux-root 2018/11/28 08:21 upstream ef78e5ec 4b6d14f2 .config log report linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk