syzbot

 sign-in | mailing list | source | docs
🐞 Open [868] 🐞 Fixed [2470] 🐞 Invalid [3691]

KASAN: use-after-free Read in skb_release_data (2)
Status: upstream: reported syz repro on 2020/03/01 19:13
Reported-by: syzbot+a66a7c2e996797bb4acb@syzkaller.appspotmail.com
First crash: 159d, last: 159d

Cause bisection: introduced by (bisect log):

commit 5f71c84038d39def573744a145c573758f52a949
Author: Prashant Malani <pmalani@chromium.org>
Date: Tue Oct 1 08:35:57 2019 +0000

  r8152: Factor out OOB link list waits

Crash: KASAN: use-after-free Read in h5_reset_rx (log)
Repro: syz .config

Fix bisection: fixed by (bisect log):

commit d9958306d4be14f4c7466242b38ed3893a7b1386
Author: Nishad Kamdar <nishadkamdar@gmail.com>
Date: Sun Mar 15 10:55:07 2020 +0000

  USB: chipidea: Use the correct style for SPDX License Identifier

similar bugs (4):
Kernel Title Repro Bisected Count Last Reported Patched Status
android-49 KASAN: use-after-free Read in skb_release_data 1 821d 821d 0/3 auto-closed as invalid on 2019/02/22 12:31
linux-4.14 KASAN: use-after-free Read in skb_release_data 1 369d 369d 0/1 auto-closed as invalid on 2019/12/02 22:53
upstream KASAN: use-after-free Read in skb_release_data syz 7 1088d 1088d 3/17 fixed on 2017/10/24 06:54
linux-4.14 KASAN: use-after-free Read in skb_release_data (2) syz fix 1 157d 157d 0/1 upstream: reported syz repro on 2020/03/03 17:50

Sample crash report:

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-kasan-gce-smack-root 2020/03/01 13:46 upstream 63623fd4 c88c7b75 .config log report syz johan.hedberg@gmail.com, linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org, marcel@holtmann.org