Re: KASAN: use-after-free Read in j1939_xtp_rx_abort_one

From: syzbot
Date: Mon Jan 13 2020 - 11:42:04 EST


syzbot suspects this bug was fixed by commit:

commit ddeeb7d4822ed06d79fc15e822b70dce3fa77e39
Author: Oleksij Rempel <o.rempel@xxxxxxxxxxxxxx>
Date: Sat Nov 9 15:11:18 2019 +0000

can: j1939: j1939_can_recv(): add priv refcounting

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15a7ec76e00000
start commit: de620fb9 Merge branch 'for-5.4-fixes' of git://git.kernel...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=f9ff8f11e66c1fb1
dashboard link: https://syzkaller.appspot.com/bug?extid=db4869ba599c0de9b13e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113e0d72e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=136aa6e8e00000

If the result looks correct, please mark the bug fixed by replying with:

#syz fix: can: j1939: j1939_can_recv(): add priv refcounting

For information about bisection process see: https://goo.gl/tpsmEJ#bisection