Re: KASAN: use-after-free Read in hiddev_disconnect

From: Dmitry Vyukov
Date: Mon Jan 27 2020 - 10:51:20 EST


On Mon, Jan 27, 2020 at 4:12 PM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> One possible option would be to list the similar bugs at the start of
> the bug report.
>
> See also:
>
> KASAN: use-after-free Write in hiddev_disconnect
> https://syzkaller.appspot.com/bug?extid=784ccb935f9900cc7c9e
>
> Then we could just copy and paste to the "#syz dup:" command. The
> bitmap_port_list() stuff was reported something like 15 times so it was
> really complicated to track. Hopefully if it were easier to mark things
> as duplicate that would help.
>
> regards,
> dan carpenter

Interesting. This should be doable. I've filed
https://github.com/google/syzkaller/issues/1575 to keep track of this.
If it detects potential dups, then it could auto-dup as well, but it's
not completely trivial (some things are mentioned on the issue).
But note it won't help if the bug happens in different functions (e.g.
I think lots of bitmap_port_list were actually in different
functions). And this is also common for racy bugs -- a racy free
catches use in another thread at different locations.