Re: KASAN: use-after-free Read in addr_handler (2)

2020-06-29 Thread Dmitry Vyukov
On Mon, Jun 29, 2020 at 9:22 PM Jason Gunthorpe wrote: > > > > On Sat, Jun 27, 2020 at 09:02:05PM +0800, Hillf Danton wrote: > > > > > > So, to hit this syzkaller one of these must have happened: > > > > > > 1) rdma_addr_cancel() didn't work and the process_one_work() is > > > > > > still > > >

Re: KASAN: use-after-free Read in addr_handler (2)

2020-06-29 Thread Dmitry Vyukov
On Sun, Jun 28, 2020 at 12:25 AM Jason Gunthorpe wrote: > > On Sat, Jun 27, 2020 at 09:02:05PM +0800, Hillf Danton wrote: > > > So, to hit this syzkaller one of these must have happened: > > > 1) rdma_addr_cancel() didn't work and the process_one_work() is still > > > runnable/running > > > >

Re: KASAN: use-after-free Read in addr_handler (2)

2020-06-29 Thread Jason Gunthorpe
On Mon, Jun 29, 2020 at 07:27:40PM +0200, Dmitry Vyukov wrote: > On Mon, Jun 29, 2020 at 4:42 PM Dmitry Vyukov wrote: > > > > On Sun, Jun 28, 2020 at 12:25 AM Jason Gunthorpe wrote: > > > > > > On Sat, Jun 27, 2020 at 09:02:05PM +0800, Hillf Danton wrote: > > > > > So, to hit this syzkaller one o

Re: KASAN: use-after-free Read in addr_handler (2)

2020-06-29 Thread Dmitry Vyukov
On Mon, Jun 29, 2020 at 4:42 PM Dmitry Vyukov wrote: > > On Sun, Jun 28, 2020 at 12:25 AM Jason Gunthorpe wrote: > > > > On Sat, Jun 27, 2020 at 09:02:05PM +0800, Hillf Danton wrote: > > > > So, to hit this syzkaller one of these must have happened: > > > > 1) rdma_addr_cancel() didn't work and

Re: KASAN: use-after-free Read in addr_handler (2)

2020-06-27 Thread Jason Gunthorpe
On Sat, Jun 27, 2020 at 09:02:05PM +0800, Hillf Danton wrote: > > So, to hit this syzkaller one of these must have happened: > > 1) rdma_addr_cancel() didn't work and the process_one_work() is still > > runnable/running > > What syzbot reported indicates that the kworker did survive not only

Re: KASAN: use-after-free Read in addr_handler (2)

2020-06-26 Thread Jason Gunthorpe
On Sun, Jun 14, 2020 at 04:53:21PM +0800, Hillf Danton wrote: > > Wed, 10 Jun 2020 10:02:11 -0700 > > syzbot found the following crash on: > > > > HEAD commit:7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org.. > > git tree: upstream > > console output: https://syzkaller.appspo

KASAN: use-after-free Read in addr_handler (2)

2020-06-10 Thread syzbot
Hello, syzbot found the following crash on: HEAD commit:7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16c0d3a610 kernel config: https://syzkaller.appspot.com/x/.config?x=d195fe572fb15312 das

Re: KASAN: use-after-free Read in addr_handler

2019-02-18 Thread syzbot
syzbot has found a reproducer for the following crash on: HEAD commit:a3b22b9f11d9 Linux 5.0-rc7 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14c5df58c0 kernel config: https://syzkaller.appspot.com/x/.config?x=7132344728e7ec3f dashboard link: https:/

KASAN: use-after-free Read in addr_handler

2018-12-13 Thread syzbot
Hello, syzbot found the following crash on: HEAD commit:f5d582777bcb Merge branch 'for-linus' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14e556fb40 kernel config: https://syzkaller.appspot.com/x/.config?x=c8970c89a0efbb23 da