syzbot


KASAN: use-after-free Read in corrupted (2)

Status: closed as invalid on 2019/04/25 11:05
Subsystems: usb
[Documentation on labels]
First crash: 1850d, last: 1850d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in corrupted mm C 2 2194d 2197d 8/26 fixed on 2018/07/09 18:05
linux-4.14 KASAN: use-after-free Read in corrupted syz error 1 809d 1279d 0/1 upstream: reported syz repro on 2020/11/15 10:58
android-414 KASAN: use-after-free Read in corrupted C 2 1748d 1749d 0/1 public: reported C repro on 2019/08/03 12:36
upstream KASAN: use-after-free Read in corrupted (3) kernel syz done 1 1788d 1787d 12/26 fixed on 2019/08/27 17:15
upstream KASAN: use-after-free Read in corrupted (4) C done error 10 384d 1375d 0/26 upstream: reported C repro on 2020/08/11 12:47

Sample crash report:
snd_usb_toneport 2-1:0.0: Line 6 POD Studio UX2 now disconnected
==================================================================
BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0xef lib/list_debug.c:51
Read of size 8 at addr ffff888095d01868 by task kworker/0:1/12

CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.1.0-rc3-319004-g43151d6 #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xe8/0x16e lib/dump_stack.c:113
 print_address_description+0x6c/0x236 mm/kasan/report.c:187

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/04/25 08:11 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 8e3c52b1 .config console log report syz ci2-upstream-usb
* Struck through repros no longer work on HEAD.