Re: KASAN: use-after-free Read in rtnetlink_put_metrics

From: Sabrina Dubroca
Date: Tue Jul 31 2018 - 09:40:11 EST


2018-07-31, 05:41:56 -0700, Eric Dumazet wrote:
>
>
> On 07/31/2018 05:31 AM, syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:ÂÂÂ 61f4b23769f0 netlink: Don't shift with UB on nlk->ngroups
> > git tree:ÂÂÂÂÂÂ net
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14a9de58400000
> > kernel config:Â https://syzkaller.appspot.com/x/.config?x=ffb4428fdc82f93b
> > dashboard link: https://syzkaller.appspot.com/bug?extid=41f9c04b50ef70c66947
> > compiler:ÂÂÂÂÂÂ gcc (GCC) 8.0.1 20180413 (experimental)
> >
> > Unfortunately, I don't have any reproducer for this crash yet.
[...]

> Probably also caused by :
>
>
> commit df18b50448fab1dff093731dfd0e25e77e1afcd1
> Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
> Date: Mon Jul 30 16:23:10 2018 +0200
>
> net/ipv6: fix metrics leak

Yeah, I'm looking into both those reports :/

--
Sabrina