Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-23 Thread Guillaume Nault
On Tue, May 22, 2018 at 08:29:58PM -0700, Eric Biggers wrote: > On Fri, May 18, 2018 at 06:02:23PM +0200, Guillaume Nault wrote: > > On Sun, May 13, 2018 at 11:11:55PM -0700, Eric Biggers wrote: > > > [+ppp list and maintainer] > > > > > > This is a bug in ppp_generic.c; it still happens on

Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-23 Thread Guillaume Nault
On Tue, May 22, 2018 at 08:29:58PM -0700, Eric Biggers wrote: > On Fri, May 18, 2018 at 06:02:23PM +0200, Guillaume Nault wrote: > > On Sun, May 13, 2018 at 11:11:55PM -0700, Eric Biggers wrote: > > > [+ppp list and maintainer] > > > > > > This is a bug in ppp_generic.c; it still happens on

Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-22 Thread Eric Biggers
On Fri, May 18, 2018 at 06:02:23PM +0200, Guillaume Nault wrote: > On Sun, May 13, 2018 at 11:11:55PM -0700, Eric Biggers wrote: > > [+ppp list and maintainer] > > > > This is a bug in ppp_generic.c; it still happens on Linus' tree and it's > > easily > > reproducible, see program below. The

Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-22 Thread Eric Biggers
On Fri, May 18, 2018 at 06:02:23PM +0200, Guillaume Nault wrote: > On Sun, May 13, 2018 at 11:11:55PM -0700, Eric Biggers wrote: > > [+ppp list and maintainer] > > > > This is a bug in ppp_generic.c; it still happens on Linus' tree and it's > > easily > > reproducible, see program below. The

Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-18 Thread Guillaume Nault
On Sun, May 13, 2018 at 11:11:55PM -0700, Eric Biggers wrote: > [+ppp list and maintainer] > > This is a bug in ppp_generic.c; it still happens on Linus' tree and it's > easily > reproducible, see program below. The bug is that the PPPIOCDETACH ioctl > doesn't > consider that the file can

Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-18 Thread Guillaume Nault
On Sun, May 13, 2018 at 11:11:55PM -0700, Eric Biggers wrote: > [+ppp list and maintainer] > > This is a bug in ppp_generic.c; it still happens on Linus' tree and it's > easily > reproducible, see program below. The bug is that the PPPIOCDETACH ioctl > doesn't > consider that the file can

Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-14 Thread Eric Biggers
[+ppp list and maintainer] On Wed, Feb 28, 2018 at 08:59:02AM -0800, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > f3afe530d644488a074291da04a69a296ab63046 (Tue Feb 27 22:02:39 2018 +) > Merge branch 'fixes-v4.16-rc4' of >

Re: KASAN: use-after-free Read in remove_wait_queue (2)

2018-05-14 Thread Eric Biggers
[+ppp list and maintainer] On Wed, Feb 28, 2018 at 08:59:02AM -0800, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > f3afe530d644488a074291da04a69a296ab63046 (Tue Feb 27 22:02:39 2018 +) > Merge branch 'fixes-v4.16-rc4' of >

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Martijn Coenen
On Mon, Feb 12, 2018 at 7:31 PM, Al Viro wrote: > Any chance of bisecting it? Perhaps my fix introduced another (related) problem, I'm looking into it.

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Martijn Coenen
On Mon, Feb 12, 2018 at 7:31 PM, Al Viro wrote: > Any chance of bisecting it? Perhaps my fix introduced another (related) problem, I'm looking into it.

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Al Viro
On Mon, Feb 12, 2018 at 06:11:02PM +0100, Dmitry Vyukov wrote: > The commit on which it was triggered already includes this fix. So > there must be another bug. Any chance of bisecting it?

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Al Viro
On Mon, Feb 12, 2018 at 06:11:02PM +0100, Dmitry Vyukov wrote: > The commit on which it was triggered already includes this fix. So > there must be another bug. Any chance of bisecting it?

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Dmitry Vyukov
On Mon, Feb 12, 2018 at 5:52 PM, Todd Kjos wrote: > On Mon, Feb 12, 2018 at 7:57 AM, Dmitry Vyukov wrote: >> >> On Mon, Feb 12, 2018 at 4:54 PM, syzbot >> wrote: >> > Hello, >> > >> > syzbot hit the

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Dmitry Vyukov
On Mon, Feb 12, 2018 at 5:52 PM, Todd Kjos wrote: > On Mon, Feb 12, 2018 at 7:57 AM, Dmitry Vyukov wrote: >> >> On Mon, Feb 12, 2018 at 4:54 PM, syzbot >> wrote: >> > Hello, >> > >> > syzbot hit the following crash on upstream commit >> > f1517df8701c9f12dae9ce7f43a5d300a6917619 (Thu Feb 8

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Todd Kjos
On Mon, Feb 12, 2018 at 7:57 AM, Dmitry Vyukov wrote: > > On Mon, Feb 12, 2018 at 4:54 PM, syzbot > wrote: > > Hello, > > > > syzbot hit the following crash on upstream commit > > f1517df8701c9f12dae9ce7f43a5d300a6917619

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Todd Kjos
On Mon, Feb 12, 2018 at 7:57 AM, Dmitry Vyukov wrote: > > On Mon, Feb 12, 2018 at 4:54 PM, syzbot > wrote: > > Hello, > > > > syzbot hit the following crash on upstream commit > > f1517df8701c9f12dae9ce7f43a5d300a6917619 (Thu Feb 8 23:18:32 2018 +) > > Merge tag 'nfsd-4.16' of

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Dmitry Vyukov
On Mon, Feb 12, 2018 at 4:54 PM, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > f1517df8701c9f12dae9ce7f43a5d300a6917619 (Thu Feb 8 23:18:32 2018 +) > Merge tag 'nfsd-4.16' of

Re: KASAN: use-after-free Read in remove_wait_queue

2018-02-12 Thread Dmitry Vyukov
On Mon, Feb 12, 2018 at 4:54 PM, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > f1517df8701c9f12dae9ce7f43a5d300a6917619 (Thu Feb 8 23:18:32 2018 +) > Merge tag 'nfsd-4.16' of git://linux-nfs.org/~bfields/linux > > So far this crash happened 3 times on