lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170228163833.GI31155@oracle.com> Date: Tue, 28 Feb 2017 11:38:33 -0500 From: Sowmini Varadhan <sowmini.varadhan@...cle.com> To: Dmitry Vyukov <dvyukov@...gle.com> Cc: santosh.shilimkar@...cle.com, David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, linux-rdma@...r.kernel.org, rds-devel@....oracle.com, LKML <linux-kernel@...r.kernel.org>, Eric Dumazet <edumazet@...gle.com>, syzkaller <syzkaller@...glegroups.com> Subject: Re: net/rds: use-after-free in inet_create On (02/28/17 17:32), Dmitry Vyukov wrote: > Not reproducible so far. > > rds is compiled into kernel (no modules): > CONFIG_RDS=y > CONFIG_RDS_TCP=y I see. So if it never gets unloaded, the rds_connections "should" be around forever.. let me inspect code and see if I spot some race-window.. > Also fuzzer actively creates and destroys namespaces. > Yes, I don't see socket(0x15) in the log. Probably it was truncated. I see. May be useful if we coudl get a crash dump to see what other threads were going on (might give a hint about which threads were racing). I'll try reproducing this at my end too. --Sowmini
Powered by blists - more mailing lists