Received: by 10.223.185.116 with SMTP id b49csp1135341wrg; Wed, 14 Feb 2018 12:09:54 -0800 (PST) X-Google-Smtp-Source: AH8x225wPFQAlu+8WM7sJLX2qOQZvtPvXLB2S2xTHcW2FiLtwv43TI5etkUJboa0iJH2bZMHEN5S X-Received: by 2002:a17:902:8a91:: with SMTP id p17-v6mr166522plo.375.1518638993999; Wed, 14 Feb 2018 12:09:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518638993; cv=none; d=google.com; s=arc-20160816; b=XUhnk/fuJY6LRAXrYVqkDsbs+fUJaMlRmDdwofKCVjxzerEUhamUt1yaoFQC67xN2I NwwN1jY8qBXznCu/mxtGNPsXgB5t63ZGx7BOeECEezGeOOWoVkdT+xiRToQWTvRqeXut e+wa954WmCWWwNzwCP7Kzn6b2MDV12coyOwtZuzWusYO2t/aRCNqYJtEPdtgeZ4USchn gUaUpHZiRHfOXXfmpIFEoGR9lK5UZGFaPNQoHceuf6go+J3SfGTKI5Ur82XH0qwkagqy MBcu9mVRKjST47dpa5JE54kJY6gi9jFIPz5UE9yrVMOpeLV7MqoTLdFmQ1tWGEjlEBem yTUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=DcRSObMcVWDpEHJqV3+jMMFXIONQT0XDr6al3FAff/o=; b=thHK3hX1tuA4bKK3BtQ1396OZSHKsi8JAJfZwGmPOFrRoKiSp3S0tetsfECZ6lvAur dpuHBdH7NiyU/GCWYqe+Be+qoiX0knAWn/7fhqmUsvr8lC46WUUZYI+HlieWszdT+1fD vnOSjNBVewY8MaDqJamdwYBZ/VsCVY8HL8GPpf+8hNhmG47CiqbrXpMHkpMtoLxZfXDF dgRpSQ+rOJel5DA5WU4ZLmtULCDEczK5cp7b6T4r15lAgwY+mB0GujU++pN//7uaF75h ISfUkhF1QDercZVKOH8lmdq/KHp5HV7knw1LWNMnF2ZtGJlVuHluN6t/9trgAZZ6hC/4 HG0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=VyO8ts0Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s17si138907pfi.32.2018.02.14.12.09.39; Wed, 14 Feb 2018 12:09:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=VyO8ts0Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1033372AbeBNROq (ORCPT + 99 others); Wed, 14 Feb 2018 12:14:46 -0500 Received: from mail-pl0-f65.google.com ([209.85.160.65]:38993 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1033330AbeBNROo (ORCPT ); Wed, 14 Feb 2018 12:14:44 -0500 Received: by mail-pl0-f65.google.com with SMTP id s13so5289800plq.6 for ; Wed, 14 Feb 2018 09:14:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=DcRSObMcVWDpEHJqV3+jMMFXIONQT0XDr6al3FAff/o=; b=VyO8ts0ZiGTUS/2DC9Nhe0iodJ5gyjGQmxcU/qe7Zz7tmZpewky578VdwbRBXNDYuj JzHG/ehFUdwDBjVuLeUUeT+UybPFj/cs3G014rae0vYtXpbHdpv++2a5by759SMVSAEo W/9eSmfyPEIVSv98s+H2QKdQy/uX2dpWI/S622Djz/H1Dxq9Tpy3RyNyQjVJqc4fen5k 7dT7HVdm+VhSFHOkW3vIF5j9hXu/h9dXmAEALd4jFLdSuPnd1Mm3tK4F21Nb+UwySpIa OufIUuXYkghlNZZdV4Lpze2Z13Ur4hnbuSJ7Gq3sFNXHLRyT4E/9eWbggIZcpRYA4we7 bhTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=DcRSObMcVWDpEHJqV3+jMMFXIONQT0XDr6al3FAff/o=; b=ETQWQf5cHcESvpkiZE4xOqxe6TAGpxiR2hgecIHstlQ5OLb0qEwU+FkANjE3WExGFi ZrW0SbZdvovzu4SLyBdhDstCf4eJUCvLcgAXSNPjlK7dqQvCzY/WeCKP8moqnt3OKtVm /w/Fx/+41PflycDAdbE5dzA1lD2zfg6VMiot6ebqS6VfitGr14EoTxTcv05HFtszDTKO jEIhvIWtU5fwkpvXe1SI0p/Q9W3NqZC2k/ugUlen4y9yy6PyU+0SodlalN/Ec6USaEhb u82uVHpU5MPSsBVy9lbqgHcifYhy2NYBBJ1/7nIu0oP9cVWIa++pvWHPO6UF+6h910es 0WyQ== X-Gm-Message-State: APf1xPCvQVhY9C/s+N9ccbUEmRyCZB0Oda/frujO2bGeVqx06DQ9RDk5 2f1gHa63MxveEQOgF5L0i8GjDy0wtb353yo6dgVuiQ== X-Received: by 2002:a17:902:6b88:: with SMTP id p8-v6mr4345239plk.261.1518628483893; Wed, 14 Feb 2018 09:14:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.236.140.151 with HTTP; Wed, 14 Feb 2018 09:14:23 -0800 (PST) In-Reply-To: <491a26b8-7abb-0d36-0a2e-e1c7bfcde79d@oracle.com> References: <089e08231920353a4805618b365c@google.com> <491a26b8-7abb-0d36-0a2e-e1c7bfcde79d@oracle.com> From: Dmitry Vyukov Date: Wed, 14 Feb 2018 18:14:23 +0100 Message-ID: Subject: Re: KASAN: use-after-free Read in rds_find_bound To: Santosh Shilimkar Cc: syzbot , linux-rdma@vger.kernel.org, syzkaller-bugs@googlegroups.com, David Miller , LKML , netdev , rds-devel@oss.oracle.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 14, 2018 at 5:53 PM, Santosh Shilimkar wrote: >>> On 12/30/17 1:17 AM, syzbot wrote: >>>> >>>> >>>> Hello, >>>> >>>> syzkaller hit the following crash on >>>> fba961ab29e5ffb055592442808bb0f7962e05da >>>> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master >>>> compiler: gcc (GCC) 7.1.1 20170620 >>>> .config is attached >>>> Raw console output is attached. >>>> Unfortunately, I don't have any reproducer for this bug yet. >>>> >>>> >>>> IMPORTANT: if you fix the bug, please add the following tag to the >>>> commit: >>>> Reported-by: syzbot+93a5839deb355537440f@syzkaller.appspotmail.com >>> >>> >>> >>> Posted a fix[1] for above issue. Didn't test it but looks straight >>> forward. >> >> >> >> Hi Santosh, >> >> What is that fix? You forgot to provide any link/reference. I also >> don't see any patches from you at around that date... >> > Fix [1] was later not added since there was a still a race. Wanted to > see if the issue re-appears after recent netns fix [2]. We will not see if the bug re-appears or not until this bug is closed. Please see this recent discussion about another rds bug: https://groups.google.com/d/msg/syzkaller-bugs/3XjmOzr5jRU/g7pXIsY1BgAJ In the current state syzbot will never report bugs in these functions again.