Re: KASAN: use-after-free Read in selinux_netlbl_socket_setsockopt

From: Dmitry Vyukov <dvyukov@google.com>
Date: 2019-02-04 08:04:27
Also in: linux-hams, lkml, selinux

On Fri, Feb 1, 2019 at 6:58 PM Cong Wang [off-list ref] wrote:

On Thu, Jan 31, 2019 at 10:56 PM Dmitry Vyukov [off-list ref] wrote:

quoted

Hi Paul,

Searching for af_netrom across other syzbot bugs:
https://groups.google.com/forum/#!searchin/syzkaller-bugs/af_netrom%7Csort:date

I see at least:
https://syzkaller.appspot.com/bug?extid=b0b1952f5864b4009b09
https://syzkaller.appspot.com/bug?extid=febf3c50d4262e578b1c
https://syzkaller.appspot.com/bug?extid=defa700d16f1bd1b9a05

Which suggests there are some serious lifetime problems in netrom
sockets. That would probably explain this crash as well.

This is supposed to be fixed by:
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=63346650c1a94a92be61a57416ac88c0a47c4327

Please let me know if it isn't.

syzbot can tell if it's not fixed, but for that we need to mark these
bugs as fixed, otherwise syzbot will just consider any new crashes as
the same old bug so nothing to notify about.

#syz fix: netrom: switch to sock timer API

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help