Re: KASAN: use-after-free Read in netdevice_event_work_handler

2020-08-05 Thread Jason Gunthorpe
On Tue, Aug 04, 2020 at 01:00:13PM -0700, Rustam Kovhaev wrote: > On Sun, Aug 02, 2020 at 07:22:26PM -0300, Jason Gunthorpe wrote: > > On Fri, Jul 31, 2020 at 02:11:22PM -0700, Rustam Kovhaev wrote: > > > > > IB roce driver receives NETDEV_UNREGISTER event, calls dev_hold() and > > > schedules

Re: KASAN: use-after-free Read in netdevice_event_work_handler

2020-08-04 Thread Rustam Kovhaev
On Sun, Aug 02, 2020 at 07:22:26PM -0300, Jason Gunthorpe wrote: > On Fri, Jul 31, 2020 at 02:11:22PM -0700, Rustam Kovhaev wrote: > > > IB roce driver receives NETDEV_UNREGISTER event, calls dev_hold() and > > schedules work item to execute, and before wq gets a chance to complete > > it, we

Re: KASAN: use-after-free Read in netdevice_event_work_handler

2020-08-02 Thread Jason Gunthorpe
On Fri, Jul 31, 2020 at 02:11:22PM -0700, Rustam Kovhaev wrote: > IB roce driver receives NETDEV_UNREGISTER event, calls dev_hold() and > schedules work item to execute, and before wq gets a chance to complete > it, we return to ip_tunnel.c:274 and call free_netdev(), and then later > we get UAF

Re: KASAN: use-after-free Read in netdevice_event_work_handler

2020-07-31 Thread Rustam Kovhaev
On Fri, Jul 31, 2020 at 02:11:22PM -0700, Rustam Kovhaev wrote: > On Thu, Jul 09, 2020 at 04:54:19PM -0700, syzbot wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit:0bddd227 Documentation: update for gcc 4.9 requirement > > git tree: upstream > >

Re: KASAN: use-after-free Read in netdevice_event_work_handler

2020-07-31 Thread Coiby Xu
On Fri, Jul 31, 2020 at 09:11:22PM +, Rustam Kovhaev wrote: On Thu, Jul 09, 2020 at 04:54:19PM -0700, syzbot wrote: Hello, syzbot found the following crash on: HEAD commit:0bddd227 Documentation: update for gcc 4.9 requirement git tree: upstream console output:

Re: KASAN: use-after-free Read in netdevice_event_work_handler

2020-07-31 Thread Rustam Kovhaev
On Thu, Jul 09, 2020 at 04:54:19PM -0700, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit:0bddd227 Documentation: update for gcc 4.9 requirement > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=1418afb710 > kernel

Re: KASAN: use-after-free Read in netdevice_event_work_handler

2020-07-22 Thread syzbot
syzbot has bisected this issue to: commit d70c47c8dc6902db19555b7ff7e6eeb264d4ac06 Author: Heiner Kallweit Date: Thu Apr 23 19:34:33 2020 + net: phy: make phy_suspend a no-op if PHY is suspended already bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16b2aad890 start

KASAN: use-after-free Read in netdevice_event_work_handler

2020-07-09 Thread syzbot
Hello, syzbot found the following crash on: HEAD commit:0bddd227 Documentation: update for gcc 4.9 requirement git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1418afb710 kernel config: https://syzkaller.appspot.com/x/.config?x=66ad203c2bb6d8b dashboard