* KASAN: use-after-free Read in corrupted (4) @ 2020-08-11 12:47 syzbot 2022-05-22 23:01 ` [syzbot] " syzbot 0 siblings, 1 reply; 4+ messages in thread From: syzbot @ 2020-08-11 12:47 UTC (permalink / raw) To: linux-kernel, mingo, peterz, syzkaller-bugs, will Hello, syzbot found the following issue on: HEAD commit: d6efb3ac Merge tag 'tty-5.9-rc1' of git://git.kernel.org/p.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=172b6976900000 kernel config: https://syzkaller.appspot.com/x/.config?x=ff87594cecb7e666 dashboard link: https://syzkaller.appspot.com/bug?extid=48135e34de22e3a82c99 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1373613a900000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 ================================================================== BUG: KASAN: use-after-free in __lock_acquire+0x41d0/0x5640 kernel/locking/lockdep.c:4296 Read of size 8 at addr ffff8880936320a0 by task syz-executor.0/6858 CPU: 1 PID: 6858 Comm: syz-executor.0 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: dump_sta --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] KASAN: use-after-free Read in corrupted (4) 2020-08-11 12:47 KASAN: use-after-free Read in corrupted (4) syzbot @ 2022-05-22 23:01 ` syzbot 2022-05-23 3:56 ` Linus Torvalds 0 siblings, 1 reply; 4+ messages in thread From: syzbot @ 2022-05-22 23:01 UTC (permalink / raw) To: applications, davem, gustavo, johan.hedberg, linux-bluetooth, linux-kbuild, linux-kernel, marcel, mingo, mmarek, netdev, peterz, syzkaller-bugs, torvalds, will syzbot has found a reproducer for the following issue on: HEAD commit: eaea45fc0e7b Merge tag 'perf-tools-fixes-for-v5.18-2022-05.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1315c161f00000 kernel config: https://syzkaller.appspot.com/x/.config?x=902c5209311d387c dashboard link: https://syzkaller.appspot.com/bug?extid=48135e34de22e3a82c99 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14a076d6f00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f76a3df00000 The issue was bisected to: commit c470abd4fde40ea6a0846a2beab642a578c0b8cd Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Sun Feb 19 22:34:00 2017 +0000 Linux 4.10 bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=128bb53a900000 final oops: https://syzkaller.appspot.com/x/report.txt?x=118bb53a900000 console output: https://syzkaller.appspot.com/x/log.txt?x=168bb53a900000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com Fixes: c470abd4fde4 ("Linux 4.10") traps: syz-executor229[3615] general protection fault ip:7feb96eb56a1 sp:20000fd0 error:0 in syz-executor2295634012[7feb96e75000+84000] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] KASAN: use-after-free Read in corrupted (4) 2022-05-22 23:01 ` [syzbot] " syzbot @ 2022-05-23 3:56 ` Linus Torvalds 2022-06-01 13:51 ` Aleksandr Nogikh 0 siblings, 1 reply; 4+ messages in thread From: Linus Torvalds @ 2022-05-23 3:56 UTC (permalink / raw) To: syzbot Cc: applications, David Miller, gustavo, Johan Hedberg, linux-bluetooth, Linux Kbuild mailing list, Linux Kernel Mailing List, Marcel Holtmann, Ingo Molnar, Michal Marek, Netdev, Peter Zijlstra, syzkaller-bugs, Will Deacon On Sun, May 22, 2022 at 4:01 PM syzbot <syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com> wrote: > > The issue was bisected to: > > commit c470abd4fde40ea6a0846a2beab642a578c0b8cd > Author: Linus Torvalds <torvalds@linux-foundation.org> > Date: Sun Feb 19 22:34:00 2017 +0000 > > Linux 4.10 Heh. That looks very unlikely, so the bisection seems to sadly have failed at some point. At least one of the KASAN reports (that "final oops") does look very much like the bug fixed by commit 1bff51ea59a9 ("Bluetooth: fix use-after-free error in lock_sock_nested()"), so this may already be fixed, but who knows... But that "update Makefile to 4.10" is not the cause... Linus ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] KASAN: use-after-free Read in corrupted (4) 2022-05-23 3:56 ` Linus Torvalds @ 2022-06-01 13:51 ` Aleksandr Nogikh 0 siblings, 0 replies; 4+ messages in thread From: Aleksandr Nogikh @ 2022-06-01 13:51 UTC (permalink / raw) To: Linus Torvalds Cc: syzbot, applications, David Miller, gustavo, Johan Hedberg, linux-bluetooth, Linux Kbuild mailing list, Linux Kernel Mailing List, Marcel Holtmann, Ingo Molnar, Michal Marek, Netdev, Peter Zijlstra, syzkaller-bugs, Will Deacon, Dmitry Vyukov, Aleksandr Nogikh Hi Linus, Thank you for looking at the syzbot's email! The bisection info was indeed included in this case by mistake. We have fixed this, now the bot should not mention bisections that point to release commits and thefefore won't be pinging you as the commit author. Best Regards, Aleksandr On Sun, May 22, 2022 at 08:56PM -0700, Linus Torvalds wrote: > On Sun, May 22, 2022 at 4:01 PM syzbot > <syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com> wrote: > > > > The issue was bisected to: > > > > commit c470abd4fde40ea6a0846a2beab642a578c0b8cd > > Author: Linus Torvalds <torvalds@linux-foundation.org> > > Date: Sun Feb 19 22:34:00 2017 +0000 > > > > Linux 4.10 > > Heh. That looks very unlikely, so the bisection seems to sadly have > failed at some point. > > At least one of the KASAN reports (that "final oops") does look very > much like the bug fixed by commit 1bff51ea59a9 ("Bluetooth: fix > use-after-free error in lock_sock_nested()"), so this may already be > fixed, but who knows... > > But that "update Makefile to 4.10" is not the cause... > > Linus ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-01 13:51 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-08-11 12:47 KASAN: use-after-free Read in corrupted (4) syzbot 2022-05-22 23:01 ` [syzbot] " syzbot 2022-05-23 3:56 ` Linus Torvalds 2022-06-01 13:51 ` Aleksandr Nogikh
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).