KASAN: use-after-free Read in corrupted (4)

KASAN: use-after-free Read in corrupted (4)

Status: upstream: reported C repro on 2020/08/11 12:47
Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com
First crash: 782d, last: 84d

Cause bisection: introduced by (bisect log) [release commit]:
commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Feb 19 22:34:00 2017 +0000

Linux 4.10

Crash: KASAN: use-after-free Read in lock_sock_nested (log)
Repro: syz .config

Fix bisection: failed (bisect log)

similar bugs (15):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in corrupted	C			2	1596d	1599d	9/24	fixed on 2018/07/09 18:05
linux-4.14	KASAN: use-after-free Read in corrupted	syz		error	1	211d	682d	0/1	upstream: reported syz repro on 2020/11/15 10:58
android-414	KASAN: use-after-free Read in corrupted	C			2	1151d	1152d	0/1	public: reported C repro on 2019/08/03 12:36
upstream	KASAN: use-after-free Read in corrupted (3)	syz	done		1	1190d	1190d	13/24	fixed on 2019/08/27 17:15
upstream	KASAN: use-after-free Read in corrupted (2)	syz			1	1252d	1252d	0/24	closed as invalid on 2019/04/25 11:05
upstream	KMSAN: uninit-value in corrupted	syz			2	320d	320d	0/24	closed as invalid on 2021/11/18 13:55
android-54	BUG: unable to handle kernel NULL pointer dereference in corrupted	C			202	6h26m	659d	0/2	upstream: reported C repro on 2020/12/07 19:36
upstream	BUG: unable to handle kernel paging request in corrupted (3)	C	done		45	330d	499d	22/24	fixed on 2021/11/10 00:50
linux-4.19	BUG: corrupted list in corrupted	C		error	4	92d	731d	0/1	upstream: reported C repro on 2020/09/27 07:51
upstream	general protection fault in corrupted (2)	C			2	1359d	1362d	12/24	fixed on 2019/03/06 07:43
upstream	general protection fault in corrupted	syz			1	1523d	1523d	0/24	closed as invalid on 2018/07/29 11:55
android-54	general protection fault in corrupted	C			1	933d	933d	0/2	closed as invalid on 2021/10/13 11:17
upstream	BUG: unable to handle kernel paging request in corrupted	C			10	1365d	1627d	0/24	closed as invalid on 2019/06/11 06:50
android-54	BUG: unable to handle kernel paging request in corrupted	C			1	899d	899d	0/2	closed as invalid on 2021/10/13 14:32
upstream	BUG: unable to handle kernel paging request in corrupted (2)	syz	done		1	1167d	1167d	0/24	closed as dup on 2019/07/23 07:35

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2022/05/23 00:09	17m	hdanton@sina.com		upstream	OK

Sample crash report:

traps: syz-executor322[3610] general protection fault ip:0 sp:0 error:0

Crashes (9):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Title
ci-upstream-kasan-gce-smack-root	2022/07/06 13:09	upstream	e35e5b6f695d	bff65f44	.config	log	report	syz	C	general protection fault in corrupted
ci-upstream-kasan-gce-root	2022/05/22 23:01	upstream	eaea45fc0e7b	7268fa62	.config	log	report	syz	C	general protection fault in corrupted
ci-upstream-net-this-kasan-gce	2022/06/03 19:46	net	58f9d52ff689	eee80d3c	.config	log	report	syz	C	BUG: unable to handle kernel paging request in corrupted
ci-upstream-net-kasan-gce	2022/06/03 18:49	net-next	58f9d52ff689	eee80d3c	.config	log	report	syz	C	BUG: unable to handle kernel paging request in corrupted
ci-upstream-linux-next-kasan-gce-root	2022/07/03 10:19	linux-next	cb71b93c2dc3	1434eec0	.config	log	report	syz	C	general protection fault in corrupted
ci-upstream-linux-next-kasan-gce-root	2022/03/08 04:55	linux-next	91265a6da44d	7bdd8b2c	.config	log	report	syz		KASAN: use-after-free Read in corrupted
ci-upstream-kasan-gce-selinux-root	2020/08/24 08:56	upstream	cb95712138ec	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/08/07 12:39	upstream	d6efb3ac3e6c	cb436c69	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2020/08/12 00:11	linux-next	4c9b89d8981b	bacaf5fa	.config	log	report	syz

* ~~Struck through~~ repros no longer work on HEAD.