| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Nov 2023 11:53:48 +0800 From: Hou Tao <houtao@...weicloud.com> To: bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org> Subject: Re: [bug report] BUG: KASAN: slab-use-after-free in sock_def_readable+0x101/0x450 Hi, On 11/13/2023 10:12 PM, Hou Tao wrote: > Hi, > > I got the following kasan report when running test_progs on bpf-tree > (commit 100888fb6d8a): > > [ 212.183985] > ================================================================== > [ 212.184699] BUG: KASAN: slab-use-after-free in > sock_def_readable+0x101/0x450 > [ 212.185375] Read of size 8 at addr ffff88812d9f1860 by task > kworker/4:1/67 > > [ 212.186195] CPU: 4 PID: 67 Comm: kworker/4:1 Tainted: G > O 6.6.0+ #9 > [ 212.186942] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), > BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > [ 212.188044] Workqueue: events sk_psock_backlog > [ 212.188496] Call Trace: > [ 212.188746] <TASK> > [ 212.188967] dump_stack_lvl+0x4a/0x90 > [ 212.189342] print_report+0xd2/0x620 > [ 212.189706] ? kasan_complete_mode_report_info+0x7c/0x210 > [ 212.190241] kasan_report+0xd1/0x110 > [ 212.190599] ? sock_def_readable+0x101/0x450 > [ 212.191022] ? sock_def_readable+0x101/0x450 > [ 212.191452] kasan_check_range+0x101/0x1c0 > [ 212.191852] __kasan_check_read+0x11/0x20 > [ 212.192253] sock_def_readable+0x101/0x450 > [ 212.192656] unix_stream_sendmsg+0x3cc/0xaa0 > [ 212.193093] ? __pfx_unix_stream_sendmsg+0x10/0x10 > [ 212.193565] ? __pfx___lock_acquire+0x10/0x10 > [ 212.194034] sock_sendmsg+0x219/0x230 > [ 212.194400] ? __pfx_sock_sendmsg+0x10/0x10 > [ 212.194813] ? lock_acquire+0x180/0x420 > [ 212.195193] ? sk_psock_backlog+0x3c/0x600 > [ 212.195598] ? __pfx_lock_acquire+0x10/0x10 > [ 212.196014] ? lock_is_held_type+0x97/0x100 > [ 212.196436] ? __asan_storeN+0x12/0x20 > [ 212.196808] __skb_send_sock+0x53b/0x660 > [ 212.197204] ? __pfx_sendmsg_unlocked+0x10/0x10 > [ 212.197653] ? sk_psock_backlog+0x3c/0x600 > [ 212.198057] ? __pfx___skb_send_sock+0x10/0x10 > [ 212.198499] ? __mutex_unlock_slowpath+0x122/0x410 > [ 212.198990] skb_send_sock+0x15/0x20 It seems I hit the send button too soon. There is already pending fixes for the problem [1]. Please ignore the bug report. [1]: https://lore.kernel.org/bpf/20231016190819.81307-1-john.fastabend@gmail.com/
Powered by blists - more mailing lists