syzbot


KASAN: use-after-free Read in fuse_request_end
Status: fixed on 2019/11/23 02:56
Reported-by: syzbot+ae0bb7aae3de6b4594e2@syzkaller.appspotmail.com
Fix commit: 2b319d1f6f92 fuse: don't dereference req->args on finished request
First crash: 772d, last: 767d

Cause bisection: introduced by (bisect log) :
commit d49937749fef2597f6bcaf2a0ed67e88e347b7fb
Author: Miklos Szeredi <mszeredi@redhat.com>
Date: Tue Sep 10 13:04:11 2019 +0000

  fuse: stop copying args to fuse_req

Crash: KASAN: use-after-free Read in request_end (log)
Repro: syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2019/10/21 08:29 16m miklos@szeredi.hu git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git 2b319d1f6f92a4 OK

Sample crash report:

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2019/10/23 09:36 upstream 3b7c59a1950c d0686497 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/10/22 11:00 upstream 7d194c2100ad c59a7cd8 .config log report syz
ci-upstream-kasan-gce 2019/10/18 09:02 upstream 283ea345934d 8c88c9c1 .config log report syz
ci-upstream-kasan-gce-386 2019/10/18 08:29 upstream 283ea345934d 8c88c9c1 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/10/18 09:04 upstream 283ea345934d 8c88c9c1 .config log report
ci-upstream-kasan-gce-386 2019/10/18 07:26 upstream 283ea345934d 8c88c9c1 .config log report