KASAN: use-after-free Read in corrupted (4)

KASAN: use-after-free Read in corrupted (4)
Status: upstream: reported syz repro on 2020/08/11 12:47
Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com
First crash: 164d, last: 1d10h

Cause bisection: introduced by (bisect log) [release commit]:
commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Feb 19 22:34:00 2017 +0000

Linux 4.10

Crash: KASAN: use-after-free Read in lock_sock_nested (log)
Repro: syz .config

similar bugs (5):
Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: use-after-free Read in corrupted	C		2	979d	982d	9/17	fixed on 2018/07/09 18:05
linux-4.14	KASAN: use-after-free Read in corrupted	syz		1	4d19h	65d	0/1	upstream: reported syz repro on 2020/11/15 10:58
android-414	KASAN: use-after-free Read in corrupted	C		2	533d	534d	0/1	public: reported C repro on 2019/08/03 12:36
upstream	KASAN: use-after-free Read in corrupted (3)	syz	done	1	573d	573d	13/17	fixed on 2019/08/27 17:15
upstream	KASAN: use-after-free Read in corrupted (2)	syz		1	635d	635d	0/17	closed as invalid on 2019/04/25 11:05

Sample crash report:

netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x41d0/0x5640 kernel/locking/lockdep.c:4296
Read of size 8 at addr ffff8880a20040a0 by task syz-executor.0/6861

CPU: 1 PID: 6861 Comm: syz-executor.0 Not tainted 5.9.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro
ci-upstream-kasan-gce-selinux-root	2021/01/18 02:01	upstream	19c329f6	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/12/18 22:56	upstream	3644e2d2	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/11/12 12:26	upstream	3d5e28bf	cef5ae68	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/10/13 04:14	upstream	865c50e1	cef5ae68	.config	log	report	syz

Crashes (3):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	Maintainers
ci-upstream-kasan-gce-selinux-root	2020/08/24 08:56	upstream	cb957121	cef5ae68	.config	log	report	syz	linux-kernel@vger.kernel.org, mingo@redhat.com, peterz@infradead.org, will@kernel.org
ci-upstream-kasan-gce-selinux-root	2020/08/07 12:39	upstream	d6efb3ac	cb436c69	.config	log	report	syz	linux-kernel@vger.kernel.org, mingo@redhat.com, peterz@infradead.org, will@kernel.org
ci-upstream-linux-next-kasan-gce-root	2020/08/12 00:11	linux-next	4c9b89d8	bacaf5fa	.config	log	report	syz	linux-kernel@vger.kernel.org, mingo@redhat.com, peterz@infradead.org, will@kernel.org