KASAN: use-after-free Read in corrupted (4)

KASAN: use-after-free Read in corrupted (4)
Status: upstream: reported syz repro on 2020/08/11 12:47
Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com
First crash: 350d, last: 12d

Cause bisection: introduced by (bisect log) [release commit]:
commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Feb 19 22:34:00 2017 +0000

Linux 4.10

Crash: KASAN: use-after-free Read in lock_sock_nested (log)
Repro: syz .config

similar bugs (5):
Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in corrupted	C		2	1165d	1168d	9/22	fixed on 2018/07/09 18:05
linux-4.14	KASAN: use-after-free Read in corrupted	syz		1	28d	251d	0/1	upstream: reported syz repro on 2020/11/15 10:58
android-414	KASAN: use-after-free Read in corrupted	C		2	719d	720d	0/1	public: reported C repro on 2019/08/03 12:36
upstream	KASAN: use-after-free Read in corrupted (3)	syz	done	1	759d	759d	13/22	fixed on 2019/08/27 17:15
upstream	KASAN: use-after-free Read in corrupted (2)	syz		1	821d	821d	0/22	closed as invalid on 2019/04/25 11:05

Sample crash report:

netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x41d0/0x5640 kernel/locking/lockdep.c:4296
Read of size 8 at addr ffff8880a20040a0 by task syz-executor.0/6861

CPU: 1 PID: 6861 Comm: syz-executor.0 Not tainted 5.9.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro
ci-upstream-kasan-gce-selinux-root	2021/07/12 07:00	upstream	e73f0f0ee754	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2021/06/12 06:09	upstream	ad347abe4a98	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2021/05/13 05:34	upstream	c06a2ba62fc4	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2021/04/12 15:33	upstream	d434405aaab7	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2021/03/12 05:10	upstream	f78d76e72a46	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2021/01/18 02:01	upstream	19c329f68089	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/12/18 22:56	upstream	3644e2d2dda7	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/11/12 12:26	upstream	3d5e28bff7ad	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/10/13 04:14	upstream	865c50e1d279	cef5ae68	.config	log	report	syz

Crashes (3):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro
ci-upstream-kasan-gce-selinux-root	2020/08/24 08:56	upstream	cb95712138ec	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/08/07 12:39	upstream	d6efb3ac3e6c	cb436c69	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2020/08/12 00:11	linux-next	4c9b89d8981b	bacaf5fa	.config	log	report	syz