syzbot


KASAN: use-after-free Read in corrupted (2)

Status: closed as invalid on 2019/04/25 11:05
Reported-by: syzbot+@syzkaller.appspotmail.com
First crash: 1318d, last: 1318d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in corrupted C 2 1662d 1664d 9/24 fixed on 2018/07/09 18:05
linux-4.14 KASAN: use-after-free Read in corrupted syz error 1 277d 747d 0/1 upstream: reported syz repro on 2020/11/15 10:58
android-414 KASAN: use-after-free Read in corrupted C 2 1216d 1217d 0/1 public: reported C repro on 2019/08/03 12:36
upstream KASAN: use-after-free Read in corrupted (3) syz done 1 1255d 1255d 13/24 fixed on 2019/08/27 17:15
upstream KASAN: use-after-free Read in corrupted (4) C done error 9 149d 843d 0/24 upstream: reported C repro on 2020/08/11 12:47

Sample crash report:
snd_usb_toneport 2-1:0.0: Line 6 POD Studio UX2 now disconnected
==================================================================
BUG: KASAN: use-after-free in __list_del_entry_valid+0xe0/0xef lib/list_debug.c:51
Read of size 8 at addr ffff888095d01868 by task kworker/0:1/12

CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.1.0-rc3-319004-g43151d6 #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xe8/0x16e lib/dump_stack.c:113
 print_address_description+0x6c/0x236 mm/kasan/report.c:187

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-usb 2019/04/25 08:11 https://github.com/google/kasan.git usb-fuzzer 43151d6c3fce 8e3c52b1 .config log report syz
* Struck through repros no longer work on HEAD.