syzbot


KASAN: use-after-free Read in eth_header_parse_protocol
Status: internal: reported C repro on 2021/03/10 12:38
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: 61431a5907fc net: ensure mac header is set in virtio_net_hdr_to_skb()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 141d, last: 95d

Cause bisection: introduced by (bisect log) :
commit 924a9bc362a5223cd448ca08c3dde21235adc310
Author: Balazs Nemeth <bnemeth@redhat.com>
Date: Tue Mar 9 11:31:00 2021 +0000

  net: check if protocol extracted by virtio_net_hdr_set_proto is correct

Crash: KASAN: use-after-free Read in eth_header_parse_protocol (log)
Repro: C syz .config
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 KASAN: use-after-free Read in eth_header_parse_protocol C 532 105d 134d 0/1 upstream: reported C repro on 2021/03/17 19:43

Sample crash report:

Crashes (1453):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2021/03/26 00:06 upstream e138138003eb 6a383ecf .config log report syz C KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-root 2021/03/10 21:55 upstream 05a59d79793d 764067f3 .config log report syz C KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-this-kasan-gce 2021/03/31 03:04 net 6e5a03bcba44 6a81331a .config log report syz C KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-this-kasan-gce 2021/03/11 00:28 net 05a59d79793d 764067f3 .config log report syz C KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/10 14:19 net-next 626b598aa8be bfeda1b1 .config log report syz C KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/03/31 04:39 net-next 37f368d8d09d 6a81331a .config log report syz C KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/03/12 03:24 net-next ee47ed08d75e 429d8a6b .config log report syz C KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-this-kasan-gce 2021/03/11 01:46 net 05a59d79793d 764067f3 .config log report syz C KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/10 15:43 net-next 626b598aa8be bfeda1b1 .config log report syz C KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/03/31 11:02 net-next 37f368d8d09d 6a81331a .config log report syz C KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-kasan-gce-smack-root 2021/04/10 06:57 upstream 17e7124aad76 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce 2021/04/10 05:27 upstream 17e7124aad76 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce 2021/04/10 02:21 upstream 17e7124aad76 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce 2021/04/10 01:18 upstream 17e7124aad76 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-selinux-root 2021/04/09 21:35 upstream 17e7124aad76 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-selinux-root 2021/04/09 19:25 upstream 17e7124aad76 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-smack-root 2021/04/09 08:42 upstream 4fa56ad0d12e 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce 2021/04/08 21:16 upstream 454859c552da 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-smack-root 2021/04/07 05:41 upstream 2d743660786e 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-root 2021/04/06 23:32 upstream 0a50438c8436 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-root 2021/04/06 18:52 upstream 0a50438c8436 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-qemu-upstream 2021/03/21 03:51 upstream 812da4d39463 17810eae .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce-386 2021/04/08 04:49 upstream 3a22981230f9 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-kasan-gce 2021/04/03 00:16 bpf 6dcc4e383869 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-this-kasan-gce 2021/03/10 12:37 net 05a59d79793d 26967e35 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/25 15:33 bpf-next 350a62ca065b 36c88236 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/25 05:34 bpf-next 350a62ca065b 17f0b706 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/24 15:43 bpf-next 7d3c10770603 17f0b706 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/23 23:13 bpf-next e7a1c1300891 17f0b706 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/23 13:28 bpf-next e7a1c1300891 17f0b706 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/23 11:11 bpf-next e7a1c1300891 17f0b706 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/20 15:56 bpf-next 69443c47305e c0ced557 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/19 23:51 bpf-next cdf0e80e9fbe 4285c989 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/19 12:06 bpf-next cdf0e80e9fbe 50f523d7 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/18 18:21 bpf-next cdf0e80e9fbe 7e2b734b .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/17 18:14 bpf-next cdf0e80e9fbe 7e2b734b .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/17 00:22 bpf-next cdf0e80e9fbe 7e2b734b .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/15 23:58 bpf-next d3d93e34bd98 c59079a6 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/15 06:10 bpf-next 069904ce318e fcdb12ba .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/10 21:16 bpf-next 92d3bff28aa4 bfeda1b1 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/10 17:48 net-next 626b598aa8be bfeda1b1 .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/10 05:19 net-next 626b598aa8be 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/09 12:15 net-next 4438669eb703 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/09 07:26 net-next 4438669eb703 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/08 19:56 net-next 3cd52c1e32fe 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/08 01:26 bpf-next 957dca3df624 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/07 09:07 net-next be107538c529 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/07 06:50 bpf-next 928dc406802d 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/07 04:17 net-next be107538c529 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/06 17:30 bpf-next 1e1032b0c4af 6a81331a .config log report info KASAN: use-after-free Read in eth_header_parse_protocol
ci-upstream-kasan-gce 2021/04/08 21:39 upstream 454859c552da 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-kasan-gce-root 2021/04/08 20:04 upstream 454859c552da 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-kasan-gce-root 2021/04/08 03:27 upstream 3a22981230f9 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-kasan-gce-selinux-root 2021/04/07 10:14 upstream 2d743660786e 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-kasan-gce 2021/04/07 00:58 upstream 0a50438c8436 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-kasan-gce-selinux-root 2021/04/02 00:44 upstream ffd9fb546d49 6a81331a .config log report info KFENCE: use-after-free in eth_header_parse_protocol
ci-qemu-upstream-386 2021/03/28 18:08 upstream 0f4498cef9f5 a8529b82 .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/25 11:17 bpf-next 350a62ca065b 36c88236 .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/22 16:55 bpf-next d044d9fc1380 33c28d03 .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/22 13:47 bpf-next d044d9fc1380 33c28d03 .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/21 19:52 bpf-next d044d9fc1380 95777977 .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/11 00:28 net-next 626b598aa8be bfeda1b1 .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/10 00:27 net-next 4438669eb703 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-bpf-next-kasan-gce 2021/04/08 12:34 bpf-next 957dca3df624 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/08 11:18 net-next 3cd52c1e32fe 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-net-kasan-gce 2021/04/08 06:21 net-next 0b35e0deb5be 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol
ci-upstream-linux-next-kasan-gce-root 2021/03/29 21:40 linux-next 931294922e65 6a81331a .config log report info KASAN: slab-out-of-bounds Read in eth_header_parse_protocol