Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On 5/2/17 10:58 AM, Andrey Konovalov wrote: > Do you have a patch that I could test? not yet. > > I also reported another issue recently, that might also be related to this > one: > https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw different problem. I can still trigger this one

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On 5/2/17 10:58 AM, Andrey Konovalov wrote: > Do you have a patch that I could test? not yet. > > I also reported another issue recently, that might also be related to this > one: > https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw different problem. I can still trigger this one

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Tue, May 2, 2017 at 4:44 AM, David Ahern wrote: > On 4/26/17 9:15 AM, Andrey Konovalov wrote: >> +David >> >> I've enabled CONFIG_DEBUG_OBJECTS_RCU_HEAD and this is what I get. >> >> Apparently the rcu warning is related to the fib6_del_route bug I've >> been trying

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Tue, May 2, 2017 at 4:44 AM, David Ahern wrote: > On 4/26/17 9:15 AM, Andrey Konovalov wrote: >> +David >> >> I've enabled CONFIG_DEBUG_OBJECTS_RCU_HEAD and this is what I get. >> >> Apparently the rcu warning is related to the fib6_del_route bug I've >> been trying to reproduce: >>

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On 4/26/17 9:15 AM, Andrey Konovalov wrote: > +David > > I've enabled CONFIG_DEBUG_OBJECTS_RCU_HEAD and this is what I get. > > Apparently the rcu warning is related to the fib6_del_route bug I've > been trying to reproduce: >

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On 4/26/17 9:15 AM, Andrey Konovalov wrote: > +David > > I've enabled CONFIG_DEBUG_OBJECTS_RCU_HEAD and this is what I get. > > Apparently the rcu warning is related to the fib6_del_route bug I've > been trying to reproduce: >

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Wed, Apr 26, 2017 at 04:45:51PM +0200, Andrey Konovalov wrote: > On Wed, Apr 26, 2017 at 3:59 PM, Paul E. McKenney > wrote: > > On Wed, Apr 26, 2017 at 02:34:15PM +0200, Andrey Konovalov wrote: > >> Hi, > >> > >> I've got the following error report while fuzzing the

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Wed, Apr 26, 2017 at 04:45:51PM +0200, Andrey Konovalov wrote: > On Wed, Apr 26, 2017 at 3:59 PM, Paul E. McKenney > wrote: > > On Wed, Apr 26, 2017 at 02:34:15PM +0200, Andrey Konovalov wrote: > >> Hi, > >> > >> I've got the following error report while fuzzing the kernel with > >>

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Wed, Apr 26, 2017 at 3:59 PM, Paul E. McKenney wrote: > On Wed, Apr 26, 2017 at 02:34:15PM +0200, Andrey Konovalov wrote: >> Hi, >> >> I've got the following error report while fuzzing the kernel with syzkaller. >> >> On commit

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Wed, Apr 26, 2017 at 3:59 PM, Paul E. McKenney wrote: > On Wed, Apr 26, 2017 at 02:34:15PM +0200, Andrey Konovalov wrote: >> Hi, >> >> I've got the following error report while fuzzing the kernel with syzkaller. >> >> On commit 5a7ad1146caa895ad718a534399e38bd2ba721b7 (4.11-rc8). >> >>

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Wed, Apr 26, 2017 at 02:34:15PM +0200, Andrey Konovalov wrote: > Hi, > > I've got the following error report while fuzzing the kernel with syzkaller. > > On commit 5a7ad1146caa895ad718a534399e38bd2ba721b7 (4.11-rc8). > > Unfortunately it's not reproducible. > > I'm not sure whether is is an

Re: net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu

On Wed, Apr 26, 2017 at 02:34:15PM +0200, Andrey Konovalov wrote: > Hi, > > I've got the following error report while fuzzing the kernel with syzkaller. > > On commit 5a7ad1146caa895ad718a534399e38bd2ba721b7 (4.11-rc8). > > Unfortunately it's not reproducible. > > I'm not sure whether is is an