Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp712330imp; Wed, 20 Feb 2019 07:44:35 -0800 (PST) X-Google-Smtp-Source: AHgI3IYKOJznLvLzm6dhpTmE/YHeFOAkZYviJySVggKqQ3IovD6YbBzhGnVWeAfq7j/bo6pifSTn X-Received: by 2002:a17:902:8344:: with SMTP id z4mr17412282pln.77.1550677475078; Wed, 20 Feb 2019 07:44:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550677475; cv=none; d=google.com; s=arc-20160816; b=oQrLnPdEUmfnwyZHviez2EdOn4Ba4XCUT1OErQpBFBtB6/3c2UqO7/+cm3FfQGmLYh 9+9nx9vL3bZe1XC+JYB+31lkhgnsaUw7cbT1QkXRefRimo17G6F4Clun3S3IskWOPcC0 7YmiWjO9laV7nIWfDiG9Sl3anUHlLtmauta8Zci7NNGPrhemSxmlE96T0GcKjt7SZUL/ 6jjPGRQEfuD7OoBLz7S+VtG6EzkHKrHHkWaZ3VICZ5qzPnLbLV+4cNJAqxTj3pI7bQdY z0oW2KDsKy3q8o3RihLs8FAZvHbtIab2ak6ccZBCzmjvmQVIY31IdJahCoJBLm1BMnzq XUww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vIqHhAXdqVKrR+ff/TSZR/2yyklS8F5+xjZ4N+dafQQ=; b=McQoBK/BTUq4cOh5MPf113XvJW8zC+HdQWRk+sWdDK+MFIgnfmHHz8xcxGShj3XJW8 eay2pojHdKA+/K7vf8Rz9yVjMQcgQFaY43iw81L8kQhcBCx6YloUF8MMbQUJ76Gp2Jjl BwBB8XltM8J1SZhhA2WSCOKzgNZTsfYQBai5+j5CVPYdWRNnQaJ4RW5o2t+wxpCDV0xz 56wKEnNp6erpiVRqEMCTklMiiwn2jDaWpByYzNwzvXsMSZQoxQcJtVBIMHfJ+SqDktri LR82owWTUocs+grTjGAbSUt4KfzjNbJeuQplWGcEBq1zLhktXpkfXqm54W6MsCGy6EJD bz3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tl9QQK+d; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v9si17415872pgb.170.2019.02.20.07.44.18; Wed, 20 Feb 2019 07:44:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tl9QQK+d; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727300AbfBTPnA (ORCPT + 99 others); Wed, 20 Feb 2019 10:43:00 -0500 Received: from mail-it1-f196.google.com ([209.85.166.196]:50914 "EHLO mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726790AbfBTPm7 (ORCPT ); Wed, 20 Feb 2019 10:42:59 -0500 Received: by mail-it1-f196.google.com with SMTP id m137so16286600ita.0 for ; Wed, 20 Feb 2019 07:42:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vIqHhAXdqVKrR+ff/TSZR/2yyklS8F5+xjZ4N+dafQQ=; b=tl9QQK+dRlYI8EUJwcOmiVGZ80U94pVw+zThBoRK7LD0MWiMg2IKf6uAWTtMAKkrSp yXAwZvo4RRYBRbxzCeuaR4p8AgEFAsAfj0m+wbTXcQlvKOmbjO4V1vHV6H7xuphqUJ48 m87BMj9drYlon/qtwxAPABeJZ/NjT6AxqKvh/MUtCbfmTR8j7Gw7QOrqDsztq6CJBChb MtCAS0dK/mBqzR3O8hpMiKe2O8bjV0gS71pu0pn02NCPiUlo7/TtSFWBsxq9inS+/m2i B7CC5CE553V5pumIXlQJmqgzDB5B98ifbbGe/l5ZCqDy86nNsS5WgPbf8LAz3AC3UAW1 6UWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vIqHhAXdqVKrR+ff/TSZR/2yyklS8F5+xjZ4N+dafQQ=; b=Exzc0bI6cEXmwyb4dNbE/d1VOPOCaDX8O8yjsY5AkEtigAox8TdcO7m2Mbpwogu2/4 5pJb8HGjMOuiRuIMLuDNHpJKe63fEI7/CBzTlVQqlWJ+rRVp9L6CPO+JSO/lRVvJPql0 ud6UlF03shMz9S37qYZWIpMDFuZfA9cZNkwkaPnQjoNjGoOhV9ZpXeLnSG1Q4V6HSCLc ZEITkepg5sIqCRC79oUF0BVprVrJsPYtQ7uEObxPLqpcuFtf0s9WyrLiptMMGxyZ6jVI z/BgRJfy3pEk4cUtI0V9HrWUebXt7MyZZPEpJC5A2UBJPabmNUEBt8UGU5ZlA4WO9P/g lI4g== X-Gm-Message-State: AHQUAuaC9yb1+dmuSvRK++gSCwAyjEqIJWX7Xb2YS0eAcfIP6HRg809M q7Kem2gxpOHrlTg4PGvrPYTNoz1sqGGt4xRnAiCRVw== X-Received: by 2002:a5d:84c3:: with SMTP id z3mr20106810ior.11.1550677378644; Wed, 20 Feb 2019 07:42:58 -0800 (PST) MIME-Version: 1.0 References: <089e0825fc78410eaa056845781e@google.com> <20180513230237.GG677@sol.localdomain> <20180704232629.GJ725@sol.localdomain> In-Reply-To: <20180704232629.GJ725@sol.localdomain> From: Dmitry Vyukov Date: Wed, 20 Feb 2019 16:42:47 +0100 Message-ID: Subject: Re: KASAN: use-after-free Read in __list_add_valid (5) To: Eric Biggers Cc: Roland Dreier , linux-rdma@vger.kernel.org, Doug Ledford , Jason Gunthorpe , rds-devel@oss.oracle.com, syzbot , LKML , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 5, 2018 at 1:26 AM Eric Biggers wrote: > > On Tue, May 15, 2018 at 01:49:23PM -0700, Roland Dreier wrote: > > > Still reproducible on Linus' tree (commit 66e1c94db3cd4e) and on linux-next > > > (next-20180511). Here's a simplified reproducer: > > > > Thanks! That's a fantastic test case. > > > > The issue is a race where rdma_listen() sees invalid state in the > > middle of an rdma_bind_addr() call that will ultimately fail. I'll > > send a proposed patch shortly. > > > > - R. > > Ping; there's still no fix merged for this. The reproducer also works as an > unprivileged user. I don't see any patch similar to the tested one being merged. But this stopped happening, so let's do: #syz fix: ucma: fix a use-after-free in ucma_resolve_ip()