syzbot

 sign-in | mailing list | source | docs
🐞 Open [1024] 🐞 Fixed [2583] 🐞 Invalid [3979]

KASAN: use-after-free Read in refcount_inc_not_zero_checked (2)
Status: upstream: reported syz repro on 2019/03/16 20:12
Reported-by: syzbot+eff6b596cc8194e2f029@syzkaller.appspotmail.com
First crash: 558d, last: 126d

Cause bisection: the bug happens on the oldest tested release
Crash: inconsistent lock state in nr_find_socket (log)
Repro: syz .config

Fix bisection: fixed by (bisect log):

commit 987053a30016a7d9ab3e4ad973e7c51aeb1f1ef6
Author: Arvind Sankar <nivedita@alum.mit.edu>
Date: Thu Apr 30 18:28:40 2020 +0000

  efi/x86: Move command-line initrd loading to efi_main

similar bugs (2):
Kernel Title Repro Bisected Count Last Reported Patched Status
upstream KASAN: use-after-free Read in refcount_inc_not_zero_checked syz 24 571d 631d 12/17 fixed on 2019/03/06 07:43
linux-4.19 KASAN: use-after-free Read in refcount_inc_not_zero_checked 1 513d 513d 0/1 auto-closed as invalid on 2019/10/25 08:52

Sample crash report:

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Maintainers
ci-upstream-kasan-gce-root 2019/03/16 14:30 upstream 9c7dc824 bab43553 .config log report syz davem@davemloft.net, linux-hams@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, ralf@linux-mips.org
ci-upstream-kasan-gce-selinux-root 2019/04/17 19:03 upstream fe5cdef2 b0e8efcb .config log report davem@davemloft.net, linux-hams@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, ralf@linux-mips.org