lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 6 Feb 2018 09:27:00 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Xin Long <lucien.xin@...il.com>
Cc:     David Ahern <dsahern@...il.com>,
        Tommi Rantala <tommi.t.rantala@...ia.com>,
        network dev <netdev@...r.kernel.org>,
        linux-sctp@...r.kernel.org, Neil Horman <nhorman@...driver.com>,
        Alexey Kodanev <alexey.kodanev@...cle.com>,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Subject: Re: [PATCH net v3] sctp: fix dst refcnt leak in sctp_v4_get_dst

On Tue, Feb 6, 2018 at 6:06 AM, Xin Long <lucien.xin@...il.com> wrote:
> On Tue, Feb 6, 2018 at 7:20 AM, David Ahern <dsahern@...il.com> wrote:
>> On 2/5/18 12:48 PM, Tommi Rantala wrote:
>>> Fix dst reference count leak in sctp_v4_get_dst() introduced in commit
>>> 410f03831 ("sctp: add routing output fallback"):
>>>
>>> When walking the address_list, successive ip_route_output_key() calls
>>> may return the same rt->dst with the reference incremented on each call.
>>>
>>> The code would not decrement the dst refcount when the dst pointer was
>>> identical from the previous iteration, causing the dst refcnt leak.
>>>
>> ...
>>>   ...
>>>
>>> Fixes: 410f03831 ("sctp: add routing output fallback")
>>> Fixes: 0ca50d12f ("sctp: fix src address selection if using secondary addresses")
>>
>> any syzbot references for this bug?
> In Dmitry Vyukov mail, there was no syzbot reference provided.
> Not sure if there's another way to tell syzbot.


If we are talking about "net: hang in unregister_netdevice: waiting
for lo to become free":
https://groups.google.com/d/msg/syzkaller/-06_laheMF0/xqezy58kAwAJ
Then there is no syzbot tag. It was found with syzkaller, but not
reported by syzbot because the manifestation is too tricky, it could
have been reported as "no output from test machine" with no additional
details, which is not too actionable.

Powered by blists - more mailing lists