Re: KASAN: use-after-free Read in tomoyo_socket_sendmsg_permission

On Fri, Aug 9, 2019 at 12:08 AM Tetsuo Handa wrote: > > On 2019/08/09 1:45, syzbot wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit:107e47cc vrf: make sure skb->data contains ip header to ma.. > > git tree: net > > console output:

Re: general protection fault in rose_transmit_clear_request

On Wed, Jul 24, 2019 at 9:18 PM syzbot wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit:c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git... > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10656fa460 > kernel config:

Re: Reminder: 3 open syzbot bugs in "net/ax25" subsystem

On Wed, Jul 24, 2019 at 5:42 AM Joe wrote: > > Hi Eric, How do I get off of this thread? When I try to unsubscribe it > tells me I'm not a member of the group. Hi Joe, If you received it via netdev or linux-hams mailing lists, here are instructions on how to unsubscribe:

Re: KASAN: use-after-free Write in nr_insert_socket

On Tue, Jul 23, 2019 at 6:21 PM syzbot wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit:c6dd78fc Merge branch 'x86-urgent-for-linus' of git://git... > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=178a5c1060 > kernel config:

Re: KASAN: use-after-free Read in nr_rx_frame (2)

On Tue, Jul 23, 2019 at 10:49 AM syzbot wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit:3bfe1fc4 Merge tag 'for-5.3/dm-changes-2' of git://git.ker.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10413e3460 > kernel

Re: inconsistent lock state in ax25_std_heartbeat_expiry

On Tue, Mar 26, 2019 at 9:38 AM Salil Mehta wrote: > > Not reproducible on our setup either. Thanks for reporting though. > We will keep an eye! Hi Salil, Shouldn't these lockdep reports be self-explanatory without reproduction? The report contains stacks for both SOFTIRQ-ON-W and IN-SOFTIRQ-W

Re: WARNING: refcount bug in nr_release

On Mon, Jan 7, 2019 at 10:53 AM syzbot wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit:f1c2f8857c5a Merge tag 'powerpc-4.21-2' of git://git.kerne.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=16af96bb40 > kernel config:

Re: KASAN: use-after-free Read in selinux_netlbl_socket_setsockopt

On Fri, Feb 1, 2019 at 6:58 PM Cong Wang wrote: > > On Thu, Jan 31, 2019 at 10:56 PM Dmitry Vyukov wrote: > > Hi Paul, > > > > Searching for af_netrom across other syzbot bugs: > > https://groups.google.com/forum/#!searchin/syzkaller-bugs/af_netrom%7Csort:date >

Re: KASAN: use-after-free Read in selinux_netlbl_socket_setsockopt

On Wed, Jan 30, 2019 at 10:30 PM Paul Moore wrote: > > On Wed, Jan 30, 2019 at 4:01 PM syzbot > wrote: > > > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit:62967898789d Merge git://git.kernel.org/pub/scm/linux/kern.. > > git tree: upstream > > console output:

[PATCH] net/rose: fix NULL ax25_cb kernel panic

ent as reported many times and recently with syzbot. We need to test if ax25 is NULL before using it. Testing: Built kernel with CONFIG_ROSE=y. Signed-off-by: Bernard Pidoux Acked-by: Dmitry Vyukov Reported-by: syzbot+1a2c456a1ea08fa5b...@syzkaller.appspotmail.com Cc: "David S. Miller" Cc:

Re: [PATCH] NET:AX25:ROSE NULL ax25_cb kernel panic

On Sun, Jan 20, 2019 at 10:58 AM f6bvp wrote: > > Hi, > > Dmitry wrote: > > >Please also add: > >Reported-by: syzbot+1a2c456a1ea08fa5b...@syzkaller.appspotmail.com > > I did mention syzbot report but without the exact reference, thanks. > > >It's this report we are fixing, right? >

Re: [PATCH] NET:AX25:ROSE NULL ax25_cb kernel panic

On Sat, Jan 19, 2019 at 11:58 AM f6bvp wrote: > > > [PATCH] [ROSE] NULL ax25_cb kernel panic > > When an internally generated frame is handled by rose_xmit(), > rose_route_frame() is called: > > if (!rose_route_frame(skb, NULL)) { > dev_kfree_skb(skb); >

Re: [ROSE] rose dereferenced pointer kernel panic

e situation when rose_route_frame is called with a NULL > pointer. > > Could you explain with full details how to have "TCP/IP over AX.25 fully > configured" ? > > More specifically how can we configure rose device without NOARP ? This is > not the case when performin

net/rose: GPF in rose_route_frame

Hi, Rose device crashes kernel after several seconds after up'ping. I am doing just: # ip link set dev rose0 address 11:22:33:44:55 # ip link set dev rose0 up Then after ~15 seconds or so: kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access

Re: 6pack: stack-out-of-bounds in sixpack_receive_buf

On Mon, Sep 5, 2016 at 7:49 PM, One Thousand Gnomes wrote: >> different runs). Looking at code, the following looks suspicious -- we >> limit copy by 512 bytes, but use the original count which can be >> larger than 512: >> >> static void sixpack_receive_buf(struct

Re: 6pack: stack-out-of-bounds in sixpack_receive_buf

Hello, While running syzkaller fuzzer I've got the following report: BUG: KASAN: stack-out-of-bounds in sixpack_receive_buf+0xf8a/0x1450 at addr 880037fbf850 Read of size 1 by task syz-executor/6759 page:eadfefc0 count:0 mapcount:0 mapping: (null) index:0x0 flags:

6pack: stack-out-of-bounds in sixpack_receive_buf

Hello, While running syzkaller fuzzer I've got the following report: BUG: KASAN: stack-out-of-bounds in sixpack_receive_buf+0xf8a/0x1450 at addr 880037fbf850 Read of size 1 by task syz-executor/6759 page:eadfefc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: