Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 08:38:57PM +0100, Al Viro wrote: > On Tue, Jul 19, 2016 at 02:33:27PM -0400, Dave Jones wrote: > > > Could you dump the relevant part of vmlinux objdump, rather than > > whatever > > > you've used on base.o? Having relocations resolved makes it much easier > > >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 08:38:57PM +0100, Al Viro wrote: > On Tue, Jul 19, 2016 at 02:33:27PM -0400, Dave Jones wrote: > > > Could you dump the relevant part of vmlinux objdump, rather than > > whatever > > > you've used on base.o? Having relocations resolved makes it much easier > > >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 08:38:57PM +0100, Al Viro wrote: > On Tue, Jul 19, 2016 at 02:33:27PM -0400, Dave Jones wrote: > > > Could you dump the relevant part of vmlinux objdump, rather than > > whatever > > > you've used on base.o? Having relocations resolved makes it much easier > > >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 08:38:57PM +0100, Al Viro wrote: > On Tue, Jul 19, 2016 at 02:33:27PM -0400, Dave Jones wrote: > > > Could you dump the relevant part of vmlinux objdump, rather than > > whatever > > > you've used on base.o? Having relocations resolved makes it much easier > > >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 02:33:27PM -0400, Dave Jones wrote: > > Could you dump the relevant part of vmlinux objdump, rather than whatever > > you've used on base.o? Having relocations resolved makes it much easier > > to figure out... Or just dump that vmlinux on anonftp somewhere... > >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 02:33:27PM -0400, Dave Jones wrote: > > Could you dump the relevant part of vmlinux objdump, rather than whatever > > you've used on base.o? Having relocations resolved makes it much easier > > to figure out... Or just dump that vmlinux on anonftp somewhere... > >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 11:31:45AM -0400, Dave Jones wrote: > On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > 88044feb2044 > > > > Just in case can you addr2line this address or post

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 11:31:45AM -0400, Dave Jones wrote: > On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > 88044feb2044 > > > > Just in case can you addr2line this address or post

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 05:20:36PM +0100, Al Viro wrote: > On Tue, Jul 19, 2016 at 11:31:45AM -0400, Dave Jones wrote: > > On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at > > addr 88044feb2044 >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 05:20:36PM +0100, Al Viro wrote: > On Tue, Jul 19, 2016 at 11:31:45AM -0400, Dave Jones wrote: > > On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at > > addr 88044feb2044 >

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 11:31:45AM -0400, Dave Jones wrote: > On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > 88044feb2044 > > > > Just in case can you addr2line this address or post

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 11:31:45AM -0400, Dave Jones wrote: > On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > 88044feb2044 > > > > Just in case can you addr2line this address or post

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > > 88044feb2044 > > Just in case can you addr2line this address or post disassembly? http://codemonkey.org.uk/junk/fs_proc_base.dis.txt Which

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

On Tue, Jul 19, 2016 at 02:16:36PM +0300, Alexey Dobriyan wrote: > > BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > > 88044feb2044 > > Just in case can you addr2line this address or post disassembly? http://codemonkey.org.uk/junk/fs_proc_base.dis.txt Which

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

> BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > 88044feb2044 Just in case can you addr2line this address or post disassembly?

Re: 4.7-rc7: use-after-free in proc_map_files_readdir

> BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr > 88044feb2044 Just in case can you addr2line this address or post disassembly?

4.7-rc7: use-after-free in proc_map_files_readdir

Just caught this spew during a fuzz-run. [ 4971.564511] == [ 4971.570505] BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr 88044feb2044 [ 4971.582570] Read of size 4 by task trinity-main/29845 [

4.7-rc7: use-after-free in proc_map_files_readdir

Just caught this spew during a fuzz-run. [ 4971.564511] == [ 4971.570505] BUG: KASAN: use-after-free in proc_map_files_readdir+0x2e3/0x5a0 at addr 88044feb2044 [ 4971.582570] Read of size 4 by task trinity-main/29845 [