On Wed, Mar 3, 2021 at 11:20 AM Paul Moore [off-list ref] wrote:

On Wed, Mar 3, 2021 at 10:53 AM syzbot
[off-list ref] wrote:

quoted

Hello,

syzbot found the following issue on:

HEAD commit:    7a7fd0de Merge branch 'kmap-conversion-for-5.12' of git://..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=164a74dad00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=779a2568b654c1c6
dashboard link: https://syzkaller.appspot.com/bug?extid=521772a90166b3fca21f
compiler:       Debian clang version 11.0.1-2

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+521772a90166b3fca21f@syzkaller.appspotmail.com

==================================================================
BUG: KASAN: use-after-free in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
BUG: KASAN: use-after-free in atomic_fetch_sub_release include/asm-generic/atomic-instrumented.h:220 [inline]
BUG: KASAN: use-after-free in __refcount_sub_and_test include/linux/refcount.h:272 [inline]
BUG: KASAN: use-after-free in __refcount_dec_and_test include/linux/refcount.h:315 [inline]
BUG: KASAN: use-after-free in refcount_dec_and_test include/linux/refcount.h:333 [inline]
BUG: KASAN: use-after-free in cipso_v4_doi_putdef+0x2d/0x190 net/ipv4/cipso_ipv4.c:586
Write of size 4 at addr ffff8880179ecb18 by task syz-executor.5/20110

Almost surely the same problem as the others, I'm currently chasing
down a few remaining spots to make sure the fix I'm working on is
correct.

I think I've now managed to convince myself that the patch I've got
here is reasonable.  I'm looping over a series of tests right now and
plan to let it continue overnight; assuming everything still looks
good in the morning I'll post it.

Thanks for your help.

-- 
paul moore
www.paul-moore.com