| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230301124506.4a7tuvlptyzkbpm3@quack3>
Date: Wed, 1 Mar 2023 13:45:06 +0100
From: Jan Kara <jack@...e.cz>
To: Palash Oswal <oswalpalash@...il.com>
Cc: Jan Kara <jack@...e.cz>, linux-fsdevel@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
Al Viro <viro@...iv.linux.org.uk>
Subject: Re: KASAN: use-after-free Read in inode_cgwb_move_to_attached
On Tue 28-02-23 22:33:32, Palash Oswal wrote:
> On Tue, Feb 28, 2023 at 4:45 AM Jan Kara <jack@...e.cz> wrote:
> >
> > On Tue 21-02-23 21:09:23, Palash Oswal wrote:
> > > Hello,
> > > I found the following issue using syzkaller on:
> > > HEAD commit : e60276b8c11ab4a8be23807bc67b04
> > > 8cfb937dfa (v6.0.8)
> > > git tree: stable
> > >
> > > C Reproducer : https://gist.github.com/oswalpalash/bed0eba75def3cdd34a285428e9bcdc4
> > > Kernel .config :
> > > https://gist.github.com/oswalpalash/0962c70d774e5ec736a047bba917cecb
> > >
> > > Console log :
> > >
> > > ==================================================================
> > > BUG: KASAN: use-after-free in __list_del_entry_valid+0xf2/0x110
> > > Read of size 8 at addr ffff8880273c4358 by task syz-executor.1/6475
> >
> > OK, so FAT inode was on writeback list (through inode->i_io_list) when
> > being freed. This should be fixed by commit 4e3c51f4e805 ("fs: do not
> > update freeing inode i_io_list"). Can you check please?
> >
> > Honza
> >
>
> I have verified that the commit fixes the bug. Tested against v6.0.11
> on the stable tree.
Thanks for testing!
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists