Re: KASAN: use-after-free Read in tipc_nl_node_dump_monitor_peer
From: Jiri Pirko
Date: Wed Oct 09 2019 - 05:45:57 EST
Wed, Oct 09, 2019 at 11:22:00AM CEST, syzbot+d2a8670576fa63d18623@xxxxxxxxxxxxxxxxxxxxxxxxx wrote:
>syzbot has bisected this bug to:
>
>commit 057af70713445fad2459aa348c9c2c4ecf7db938
>Author: Jiri Pirko <jiri@xxxxxxxxxxxx>
>Date: Sat Oct 5 18:04:39 2019 +0000
>
> net: tipc: have genetlink code to parse the attrs during dumpit
>
>bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14ac08e7600000
>start commit: f9867b51 netdevsim: fix spelling mistake "forbidded" -> "f..
>git tree: net-next
>final crash: https://syzkaller.appspot.com/x/report.txt?x=16ac08e7600000
>console output: https://syzkaller.appspot.com/x/log.txt?x=12ac08e7600000
>kernel config: https://syzkaller.appspot.com/x/.config?x=d9be300620399522
>dashboard link: https://syzkaller.appspot.com/bug?extid=d2a8670576fa63d18623
>syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d3e04f600000
>C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13a76593600000
>
>Reported-by: syzbot+d2a8670576fa63d18623@xxxxxxxxxxxxxxxxxxxxxxxxx
>Fixes: 057af7071344 ("net: tipc: have genetlink code to parse the attrs
>during dumpit")
>
>For information about bisection process see: https://goo.gl/tpsmEJ#bisection
#syz fix: net: genetlink: always allocate separate attrs for dumpit ops