syzbot


KASAN: use-after-free Read in h4_recv_buf
Status: upstream: reported C repro on 2021/08/19 08:20
Reported-by: syzbot+a06c3db558cbb33d7ff9@syzkaller.appspotmail.com
First crash: 69d, last: 69d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel paging request in h4_recv_buf (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit 0766ec82e5fb26fc5dc6d592bc61865608bdc651
Author: Stephen Brennan <stephen.s.brennan@oracle.com>
Date: Wed Sep 1 17:51:41 2021 +0000

  namei: Fix use after free in kern_path_locked

similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Write in h4_recv_buf 2 219d 228d 0/22 auto-closed as invalid on 2021/07/16 16:14

Sample crash report:

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2021/08/16 05:21 upstream 7c60610d4767 2489ab88 .config log report syz C KASAN: use-after-free Read in h4_recv_buf
ci-upstream-kasan-gce-smack-root 2021/08/16 02:47 upstream 7c60610d4767 2489ab88 .config log report info KASAN: use-after-free Read in h4_recv_buf
ci-upstream-kasan-gce-smack-root 2021/08/16 02:46 upstream 7c60610d4767 2489ab88 .config log report info KASAN: use-after-free Read in h4_recv_buf