lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAAVpQUBB7eE2LCLXSFv3wzPhmTKJxz5ZP_Hw9FPRj6y5hHtArg@mail.gmail.com>
Date: Tue, 12 Aug 2025 22:45:10 -0700
From: Kuniyuki Iwashima <kuniyu@...gle.com>
To: syzbot <syzbot+8aa80c6232008f7b957d@...kaller.appspotmail.com>
Cc: edumazet@...gle.com, hdanton@...a.com, leitao@...ian.org, 
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] BUG: unable to handle kernel paging request in nsim_queue_free

On Tue, Aug 12, 2025 at 6:17 PM syzbot
<syzbot+8aa80c6232008f7b957d@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> KASAN: slab-use-after-free Read in udp_tunnel_nic_device_sync_work
>
> netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
> ==================================================================
> BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:577 [inline]
> BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1360 kernel/locking/mutex.c:760
> Read of size 8 at addr ffff8880434426b0 by task kworker/u4:10/1096
>
> CPU: 0 UID: 0 PID: 1096 Comm: kworker/u4:10 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f-dirty #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
> Call Trace:
>  <TASK>
>  dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
>  print_address_description mm/kasan/report.c:378 [inline]
>  print_report+0xca/0x240 mm/kasan/report.c:482
>  kasan_report+0x118/0x150 mm/kasan/report.c:595
>  __mutex_lock_common kernel/locking/mutex.c:577 [inline]
>  __mutex_lock+0x147/0x1360 kernel/locking/mutex.c:760
>  udp_tunnel_nic_device_sync_work+0x39/0xa50 net/ipv4/udp_tunnel_nic.c:737

This is apparently another issue that I hold in the syzbot queue.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ