Re: [syzbot] KASAN: use-after-free Read in corrupted (4)

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: [syzbot] KASAN: use-after-free Read in corrupted (4)
       [not found] <000000000000c1925305ac997812@google.com>
@ 2022-05-22 23:01 ` syzbot
  2022-05-23  3:56   ` Linus Torvalds
  0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2022-05-22 23:01 UTC (permalink / raw)
  To: applications, davem, gustavo, johan.hedberg, linux-bluetooth,
	linux-kbuild, linux-kernel, marcel, mingo, mmarek, netdev, peterz,
	syzkaller-bugs, torvalds, will

syzbot has found a reproducer for the following issue on:

HEAD commit:    eaea45fc0e7b Merge tag 'perf-tools-fixes-for-v5.18-2022-05..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1315c161f00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=902c5209311d387c
dashboard link: https://syzkaller.appspot.com/bug?extid=48135e34de22e3a82c99
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14a076d6f00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f76a3df00000

The issue was bisected to:

commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Sun Feb 19 22:34:00 2017 +0000

    Linux 4.10

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=128bb53a900000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=118bb53a900000
console output: https://syzkaller.appspot.com/x/log.txt?x=168bb53a900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com
Fixes: c470abd4fde4 ("Linux 4.10")

traps: syz-executor229[3615] general protection fault ip:7feb96eb56a1 sp:20000fd0 error:0 in syz-executor2295634012[7feb96e75000+84000]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [syzbot] KASAN: use-after-free Read in corrupted (4)
  2022-05-22 23:01 ` [syzbot] KASAN: use-after-free Read in corrupted (4) syzbot
@ 2022-05-23  3:56   ` Linus Torvalds
  2022-06-01 13:51     ` Aleksandr Nogikh
  0 siblings, 1 reply; 3+ messages in thread
From: Linus Torvalds @ 2022-05-23  3:56 UTC (permalink / raw)
  To: syzbot
  Cc: applications, David Miller, gustavo, Johan Hedberg,
	linux-bluetooth, Linux Kbuild mailing list,
	Linux Kernel Mailing List, Marcel Holtmann, Ingo Molnar,
	Michal Marek, Netdev, Peter Zijlstra, syzkaller-bugs, Will Deacon

On Sun, May 22, 2022 at 4:01 PM syzbot
<syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com> wrote:
>
> The issue was bisected to:
>
> commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
> Author: Linus Torvalds <torvalds@linux-foundation.org>
> Date:   Sun Feb 19 22:34:00 2017 +0000
>
>     Linux 4.10

Heh. That looks very unlikely, so the bisection seems to sadly have
failed at some point.

At least one of the KASAN reports (that "final oops") does look very
much like the bug fixed by commit 1bff51ea59a9 ("Bluetooth: fix
use-after-free error in lock_sock_nested()"), so this may already be
fixed, but who knows...

But that "update Makefile to 4.10" is not the cause...

               Linus

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [syzbot] KASAN: use-after-free Read in corrupted (4)
  2022-05-23  3:56   ` Linus Torvalds
@ 2022-06-01 13:51     ` Aleksandr Nogikh
  0 siblings, 0 replies; 3+ messages in thread
From: Aleksandr Nogikh @ 2022-06-01 13:51 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: syzbot, applications, David Miller, gustavo, Johan Hedberg,
	linux-bluetooth, Linux Kbuild mailing list,
	Linux Kernel Mailing List, Marcel Holtmann, Ingo Molnar,
	Michal Marek, Netdev, Peter Zijlstra, syzkaller-bugs, Will Deacon,
	Dmitry Vyukov, Aleksandr Nogikh

Hi Linus,

Thank you for looking at the syzbot's email!

The bisection info was indeed included in this case by mistake. We have fixed this, now the bot should not mention bisections that point to release commits and thefefore won't be pinging you as the commit author.


Best Regards,
Aleksandr

On Sun, May 22, 2022 at 08:56PM -0700, Linus Torvalds wrote:
> On Sun, May 22, 2022 at 4:01 PM syzbot
> <syzbot+48135e34de22e3a82c99@syzkaller.appspotmail.com> wrote:
> >
> > The issue was bisected to:
> >
> > commit c470abd4fde40ea6a0846a2beab642a578c0b8cd
> > Author: Linus Torvalds <torvalds@linux-foundation.org>
> > Date:   Sun Feb 19 22:34:00 2017 +0000
> >
> >     Linux 4.10
> 
> Heh. That looks very unlikely, so the bisection seems to sadly have
> failed at some point.
> 
> At least one of the KASAN reports (that "final oops") does look very
> much like the bug fixed by commit 1bff51ea59a9 ("Bluetooth: fix
> use-after-free error in lock_sock_nested()"), so this may already be
> fixed, but who knows...
> 
> But that "update Makefile to 4.10" is not the cause...
> 
>                Linus

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-06-01 13:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <000000000000c1925305ac997812@google.com>
2022-05-22 23:01 ` [syzbot] KASAN: use-after-free Read in corrupted (4) syzbot
2022-05-23  3:56   ` Linus Torvalds
2022-06-01 13:51     ` Aleksandr Nogikh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).