KASAN: use-after-free Read in corrupted (4)

KASAN: use-after-free Read in corrupted (4)

Status: upstream: reported C repro on 2020/08/11 12:47
Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com
First crash: 905d, last: 207d

Cause bisection: introduced by (bisect log) [release commit]:
commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Feb 19 22:34:00 2017 +0000

Linux 4.10

Crash: KASAN: use-after-free Read in lock_sock_nested (log)
Repro: syz .config

Fix bisection: failed (bisect log)

similar bugs (15):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in corrupted	C			2	1719d	1722d	9/24	fixed on 2018/07/09 18:05
linux-4.14	KASAN: use-after-free Read in corrupted	syz		error	1	335d	805d	0/1	upstream: reported syz repro on 2020/11/15 10:58
android-414	KASAN: use-after-free Read in corrupted	C			2	1274d	1275d	0/1	public: reported C repro on 2019/08/03 12:36
upstream	KASAN: use-after-free Read in corrupted (3)	syz	done		1	1313d	1313d	13/24	fixed on 2019/08/27 17:15
upstream	KASAN: use-after-free Read in corrupted (2)	syz			1	1375d	1375d	0/24	closed as invalid on 2019/04/25 11:05
upstream	KMSAN: uninit-value in corrupted	syz			2	443d	443d	0/24	closed as invalid on 2021/11/18 13:55
android-54	BUG: unable to handle kernel NULL pointer dereference in corrupted	C			224	4d00h	783d	0/2	upstream: reported C repro on 2020/12/07 19:36
upstream	BUG: unable to handle kernel paging request in corrupted (3)	C	done		45	454d	622d	22/24	fixed on 2021/11/10 00:50
linux-4.19	BUG: corrupted list in corrupted	C		error	4	216d	854d	0/1	upstream: reported C repro on 2020/09/27 07:51
upstream	general protection fault in corrupted (2)	C			2	1483d	1485d	12/24	fixed on 2019/03/06 07:43
upstream	general protection fault in corrupted	syz			1	1646d	1646d	0/24	closed as invalid on 2018/07/29 11:55
android-54	general protection fault in corrupted	C			1	1056d	1056d	0/2	closed as invalid on 2021/10/13 11:17
upstream	BUG: unable to handle kernel paging request in corrupted	C			10	1488d	1750d	0/24	closed as invalid on 2019/06/11 06:50
android-54	BUG: unable to handle kernel paging request in corrupted	C			1	1022d	1022d	0/2	closed as invalid on 2021/10/13 14:32
upstream	BUG: unable to handle kernel paging request in corrupted (2)	syz	done		1	1290d	1290d	0/24	closed as dup on 2019/07/23 07:35

Last patch testing requests:
Created	Duration	User	Repo	Result
2023/01/23 08:32	22m (2)	retest repro	upstream	OK log
2023/01/23 12:32	20m	retest repro	upstream	OK log
2023/01/23 08:32	21m	retest repro	net	error
2023/01/23 08:32	20m	retest repro	net-next	OK log
2023/01/23 07:32	20m	retest repro	upstream	OK log
2022/11/25 23:30	18m	retest repro	linux-next	OK log
2022/11/25 22:30	19m	retest repro	linux-next	OK log
2022/11/25 21:30	15m	retest repro	linux-next	report log
2022/10/15 07:30	17m	retest repro	upstream	error
2022/10/14 13:30	18m	retest repro	upstream	error
2022/05/23 00:09	17m	hdanton@sina.com	upstream	OK

Sample crash report:

traps: syz-executor322[3610] general protection fault ip:0 sp:0 error:0

Crashes (9):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-kasan-gce-smack-root	2022/07/06 13:09	upstream	e35e5b6f695d	bff65f44	.config	console log	report	syz	C	general protection fault in corrupted
ci-upstream-net-this-kasan-gce	2022/06/03 19:46	net	58f9d52ff689	eee80d3c	.config	console log	report	syz	C	BUG: unable to handle kernel paging request in corrupted
ci-upstream-linux-next-kasan-gce-root	2022/07/03 10:19	linux-next	cb71b93c2dc3	1434eec0	.config	console log	report	syz	C	general protection fault in corrupted
ci-upstream-kasan-gce-root	2022/05/22 23:01	upstream	eaea45fc0e7b	7268fa62	.config	console log	report	syz	C	general protection fault in corrupted
ci-upstream-net-kasan-gce	2022/06/03 18:49	net-next	58f9d52ff689	eee80d3c	.config	strace log	report	syz	C	BUG: unable to handle kernel paging request in corrupted
ci-upstream-linux-next-kasan-gce-root	2022/03/08 04:55	linux-next	91265a6da44d	7bdd8b2c	.config	console log	report	syz		KASAN: use-after-free Read in corrupted
ci-upstream-kasan-gce-selinux-root	2020/08/24 08:56	upstream	cb95712138ec	cef5ae68	.config	console log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/08/07 12:39	upstream	d6efb3ac3e6c	cb436c69	.config	console log	report	syz
ci-upstream-linux-next-kasan-gce-root	2020/08/12 00:11	linux-next	4c9b89d8981b	bacaf5fa	.config	console log	report	syz

* ~~Struck through~~ repros no longer work on HEAD.