lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 3 Mar 2021 17:55:04 -0500
From:   Paul Moore <paul@...l-moore.com>
To:     syzbot <syzbot+521772a90166b3fca21f@...kaller.appspotmail.com>
Cc:     davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org,
        linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com, yoshfuji@...ux-ipv6.org
Subject: Re: KASAN: use-after-free Write in cipso_v4_doi_putdef

On Wed, Mar 3, 2021 at 11:20 AM Paul Moore <paul@...l-moore.com> wrote:
> On Wed, Mar 3, 2021 at 10:53 AM syzbot
> <syzbot+521772a90166b3fca21f@...kaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:    7a7fd0de Merge branch 'kmap-conversion-for-5.12' of git://..
> > git tree:       upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=164a74dad00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=779a2568b654c1c6
> > dashboard link: https://syzkaller.appspot.com/bug?extid=521772a90166b3fca21f
> > compiler:       Debian clang version 11.0.1-2
> >
> > Unfortunately, I don't have any reproducer for this issue yet.
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+521772a90166b3fca21f@...kaller.appspotmail.com
> >
> > ==================================================================
> > BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
> > BUG: KASAN: use-after-free in atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline]
> > BUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]
> > BUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]
> > BUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]
> > BUG: KASAN: use-after-free in cipso_v4_doi_putdef+0x2d/0x190 net/ipv4/cipso_ipv4.c:586
> > Write of size 4 at addr ffff8880179ecb18 by task syz-executor.5/20110
>
> Almost surely the same problem as the others, I'm currently chasing
> down a few remaining spots to make sure the fix I'm working on is
> correct.

I think I've now managed to convince myself that the patch I've got
here is reasonable.  I'm looping over a series of tests right now and
plan to let it continue overnight; assuming everything still looks
good in the morning I'll post it.

Thanks for your help.

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ