linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* KASAN: use-after-free Read in corrupted (4)
@ 2020-08-11 12:47 syzbot
  2022-05-22 23:01 ` [syzbot] " syzbot
  0 siblings, 1 reply; 4+ messages in thread
From: syzbot @ 2020-08-11 12:47 UTC (permalink / raw)
  To: linux-kernel, mingo, peterz, syzkaller-bugs, will

Hello,

syzbot found the following issue on:

HEAD commit:    d6efb3ac Merge tag 'tty-5.9-rc1' of git://git.kernel.org/p..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=172b6976900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ff87594cecb7e666
dashboard link: https://syzkaller.appspot.com/bug?extid=48135e34de22e3a82c99
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1373613a900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com

netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x41d0/0x5640 kernel/locking/lockdep.c:4296
Read of size 8 at addr ffff8880936320a0 by task syz-executor.0/6858

CPU: 1 PID: 6858 Comm: syz-executor.0 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 dump_sta


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [syzbot] KASAN: use-after-free Read in corrupted (4)
  2020-08-11 12:47 KASAN: use-after-free Read in corrupted (4) syzbot
@ 2022-05-22 23:01 ` syzbot
  2022-05-23  3:56   ` Linus Torvalds
  0 siblings, 1 reply; 4+ messages in thread
From: syzbot @ 2022-05-22 23:01 UTC (permalink / raw)
  To: applications, davem, gustavo, johan.hedberg, linux-bluetooth,
	linux-kbuild, linux-kernel, marcel, mingo, mmarek, netdev,
	peterz, syzkaller-bugs, torvalds, will

syzbot has found a reproducer for the following issue on:

HEAD commit:    eaea45fc0e7b Merge tag 'perf-tools-fixes-for-v5.18-2022-05..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1315c161f00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=902c5209311d387c
dashboard link: https://syzkaller.appspot.com/bug?extid=48135e34de22e3a82c99
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14a076d6f00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f76a3df00000

The issue was bisected to:

commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Sun Feb 19 22:34:00 2017 +0000

    Linux 4.10

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=128bb53a900000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=118bb53a900000
console output: https://syzkaller.appspot.com/x/log.txt?x=168bb53a900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com
Fixes: c470abd4fde4 ("Linux 4.10")

traps: syz-executor229[3615] general protection fault ip:7feb96eb56a1 sp:20000fd0 error:0 in syz-executor2295634012[7feb96e75000+84000]


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [syzbot] KASAN: use-after-free Read in corrupted (4)
  2022-05-22 23:01 ` [syzbot] " syzbot
@ 2022-05-23  3:56   ` Linus Torvalds
  2022-06-01 13:51     ` Aleksandr Nogikh
  0 siblings, 1 reply; 4+ messages in thread
From: Linus Torvalds @ 2022-05-23  3:56 UTC (permalink / raw)
  To: syzbot
  Cc: applications, David Miller, gustavo, Johan Hedberg,
	linux-bluetooth, Linux Kbuild mailing list,
	Linux Kernel Mailing List, Marcel Holtmann, Ingo Molnar,
	Michal Marek, Netdev, Peter Zijlstra, syzkaller-bugs,
	Will Deacon

On Sun, May 22, 2022 at 4:01 PM syzbot
<syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com> wrote:
>
> The issue was bisected to:
>
> commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
> Author: Linus Torvalds <torvalds@linux-foundation.org>
> Date:   Sun Feb 19 22:34:00 2017 +0000
>
>     Linux 4.10

Heh. That looks very unlikely, so the bisection seems to sadly have
failed at some point.

At least one of the KASAN reports (that "final oops") does look very
much like the bug fixed by commit 1bff51ea59a9 ("Bluetooth: fix
use-after-free error in lock_sock_nested()"), so this may already be
fixed, but who knows...

But that "update Makefile to 4.10" is not the cause...

               Linus

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [syzbot] KASAN: use-after-free Read in corrupted (4)
  2022-05-23  3:56   ` Linus Torvalds
@ 2022-06-01 13:51     ` Aleksandr Nogikh
  0 siblings, 0 replies; 4+ messages in thread
From: Aleksandr Nogikh @ 2022-06-01 13:51 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: syzbot, applications, David Miller, gustavo, Johan Hedberg,
	linux-bluetooth, Linux Kbuild mailing list,
	Linux Kernel Mailing List, Marcel Holtmann, Ingo Molnar,
	Michal Marek, Netdev, Peter Zijlstra, syzkaller-bugs,
	Will Deacon, Dmitry Vyukov, Aleksandr Nogikh

Hi Linus,

Thank you for looking at the syzbot's email!

The bisection info was indeed included in this case by mistake. We have fixed this, now the bot should not mention bisections that point to release commits and thefefore won't be pinging you as the commit author.


Best Regards,
Aleksandr

On Sun, May 22, 2022 at 08:56PM -0700, Linus Torvalds wrote:
> On Sun, May 22, 2022 at 4:01 PM syzbot
> <syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com> wrote:
> >
> > The issue was bisected to:
> >
> > commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
> > Author: Linus Torvalds <torvalds@linux-foundation.org>
> > Date:   Sun Feb 19 22:34:00 2017 +0000
> >
> >     Linux 4.10
> 
> Heh. That looks very unlikely, so the bisection seems to sadly have
> failed at some point.
> 
> At least one of the KASAN reports (that "final oops") does look very
> much like the bug fixed by commit 1bff51ea59a9 ("Bluetooth: fix
> use-after-free error in lock_sock_nested()"), so this may already be
> fixed, but who knows...
> 
> But that "update Makefile to 4.10" is not the cause...
> 
>                Linus

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-01 13:51 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-11 12:47 KASAN: use-after-free Read in corrupted (4) syzbot
2022-05-22 23:01 ` [syzbot] " syzbot
2022-05-23  3:56   ` Linus Torvalds
2022-06-01 13:51     ` Aleksandr Nogikh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).