On 12/14/2015 04:50 AM, David Laight wrote:
> From: Vlad Yasevich
>> Sent: 11 December 2015 18:38
> ...
>>> Found a similar place in abort primitive handling like in this last
>>> patch update, it's probably the issue you're still triggering.
>>>
>>> Also found another place that may lead to this u
From: Vlad Yasevich
> Sent: 11 December 2015 18:38
...
> > Found a similar place in abort primitive handling like in this last
> > patch update, it's probably the issue you're still triggering.
> >
> > Also found another place that may lead to this use after free, in case
> > we receive a packet wi
On 12/11/2015 09:03 AM, Marcelo Ricardo Leitner wrote:
> On Fri, Dec 11, 2015 at 11:51:21AM -0200, Marcelo Ricardo Leitner wrote:
>> Em 11-12-2015 11:35, Dmitry Vyukov escreveu:
>>> On Wed, Dec 9, 2015 at 5:41 PM, Marcelo Ricardo Leitner
>>> wrote:
On Wed, Dec 09, 2015 at 01:03:56PM -0200, Ma
Em 11-12-2015 12:30, Dmitry Vyukov escreveu:
On Fri, Dec 11, 2015 at 3:03 PM, Marcelo Ricardo Leitner
wrote:
On Fri, Dec 11, 2015 at 11:51:21AM -0200, Marcelo Ricardo Leitner wrote:
Em 11-12-2015 11:35, Dmitry Vyukov escreveu:
On Wed, Dec 9, 2015 at 5:41 PM, Marcelo Ricardo Leitner
wrote:
O
On Fri, Dec 11, 2015 at 3:03 PM, Marcelo Ricardo Leitner
wrote:
> On Fri, Dec 11, 2015 at 11:51:21AM -0200, Marcelo Ricardo Leitner wrote:
>> Em 11-12-2015 11:35, Dmitry Vyukov escreveu:
>> >On Wed, Dec 9, 2015 at 5:41 PM, Marcelo Ricardo Leitner
>> > wrote:
>> >>On Wed, Dec 09, 2015 at 01:03:56PM
On Fri, Dec 11, 2015 at 11:51:21AM -0200, Marcelo Ricardo Leitner wrote:
> Em 11-12-2015 11:35, Dmitry Vyukov escreveu:
> >On Wed, Dec 9, 2015 at 5:41 PM, Marcelo Ricardo Leitner
> > wrote:
> >>On Wed, Dec 09, 2015 at 01:03:56PM -0200, Marcelo Ricardo Leitner wrote:
> >>>On Wed, Dec 09, 2015 at 03:
Em 11-12-2015 11:35, Dmitry Vyukov escreveu:
On Wed, Dec 9, 2015 at 5:41 PM, Marcelo Ricardo Leitner
wrote:
On Wed, Dec 09, 2015 at 01:03:56PM -0200, Marcelo Ricardo Leitner wrote:
On Wed, Dec 09, 2015 at 03:41:29PM +0100, Dmitry Vyukov wrote:
On Tue, Dec 8, 2015 at 8:22 PM, Dmitry Vyukov wr
sctp_disposition_t retval;
>
> /* Stop T1-init timer */
> sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP,
> SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
> - retval = SCTP_DISPOSITION_CONSUME;
>
> sctp_add_cmd_sf(commands, SCTP_C
On Wed, Dec 09, 2015 at 01:03:56PM -0200, Marcelo Ricardo Leitner wrote:
> On Wed, Dec 09, 2015 at 03:41:29PM +0100, Dmitry Vyukov wrote:
> > On Tue, Dec 8, 2015 at 8:22 PM, Dmitry Vyukov wrote:
> > > On Tue, Dec 8, 2015 at 6:40 PM, Marcelo Ricardo Leitner
> > > wrote:
> ...
> > >> The patches we
On Wed, Dec 09, 2015 at 03:41:29PM +0100, Dmitry Vyukov wrote:
> On Tue, Dec 8, 2015 at 8:22 PM, Dmitry Vyukov wrote:
> > On Tue, Dec 8, 2015 at 6:40 PM, Marcelo Ricardo Leitner
> > wrote:
...
> >> The patches were combined already, but this last pick by Vlad is just
> >> not yet patched. It's no
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x
On Tue, Dec 8, 2015 at 6:40 PM, Marcelo Ricardo Leitner
wrote:
> On Tue, Dec 08, 2015 at 06:30:51PM +0100, Dmitry Vyukov wrote:
>> On Mon, Dec 7, 2015 at 9:52 PM, Marcelo Ricardo Leitner
>> wrote:
>> > Em 07-12-2015 18:37, Vlad Yasevich escreveu:
>> >>
>> >> On 12/07/2015 02:50 PM, Marcelo Ricard
On Tue, Dec 08, 2015 at 06:30:51PM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 7, 2015 at 9:52 PM, Marcelo Ricardo Leitner
> wrote:
> > Em 07-12-2015 18:37, Vlad Yasevich escreveu:
> >>
> >> On 12/07/2015 02:50 PM, Marcelo Ricardo Leitner wrote:
> >>>
> >>> On Mon, Dec 07, 2015 at 02:33:52PM -0500,
On Mon, Dec 7, 2015 at 9:52 PM, Marcelo Ricardo Leitner
wrote:
> Em 07-12-2015 18:37, Vlad Yasevich escreveu:
>>
>> On 12/07/2015 02:50 PM, Marcelo Ricardo Leitner wrote:
>>>
>>> On Mon, Dec 07, 2015 at 02:33:52PM -0500, Vlad Yasevich wrote:
On 12/07/2015 01:52 PM, Marcelo Ricardo Leitne
Em 07-12-2015 18:37, Vlad Yasevich escreveu:
On 12/07/2015 02:50 PM, Marcelo Ricardo Leitner wrote:
On Mon, Dec 07, 2015 at 02:33:52PM -0500, Vlad Yasevich wrote:
On 12/07/2015 01:52 PM, Marcelo Ricardo Leitner wrote:
Vlad, I reviewed the places on which it returns SCTP_DISPOSITION_ABORT,
and
On 12/07/2015 02:50 PM, Marcelo Ricardo Leitner wrote:
> On Mon, Dec 07, 2015 at 02:33:52PM -0500, Vlad Yasevich wrote:
>> On 12/07/2015 01:52 PM, Marcelo Ricardo Leitner wrote:
>>> On Mon, Dec 07, 2015 at 02:20:47PM +0100, Dmitry Vyukov wrote:
On Mon, Dec 7, 2015 at 2:15 PM, Marcelo Ricardo L
On Mon, Dec 07, 2015 at 02:33:52PM -0500, Vlad Yasevich wrote:
> On 12/07/2015 01:52 PM, Marcelo Ricardo Leitner wrote:
> > On Mon, Dec 07, 2015 at 02:20:47PM +0100, Dmitry Vyukov wrote:
> >> On Mon, Dec 7, 2015 at 2:15 PM, Marcelo Ricardo Leitner
> >> wrote:
> >>> On Mon, Dec 07, 2015 at 12:26:09
On 12/07/2015 01:52 PM, Marcelo Ricardo Leitner wrote:
> On Mon, Dec 07, 2015 at 02:20:47PM +0100, Dmitry Vyukov wrote:
>> On Mon, Dec 7, 2015 at 2:15 PM, Marcelo Ricardo Leitner
>> wrote:
>>> On Mon, Dec 07, 2015 at 12:26:09PM +0100, Dmitry Vyukov wrote:
On Sat, Dec 5, 2015 at 5:39 PM, Vlad
On Mon, Dec 07, 2015 at 02:20:47PM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 7, 2015 at 2:15 PM, Marcelo Ricardo Leitner
> wrote:
> > On Mon, Dec 07, 2015 at 12:26:09PM +0100, Dmitry Vyukov wrote:
> >> On Sat, Dec 5, 2015 at 5:39 PM, Vlad Yasevich wrote:
...
> >> > Hi Marcelo
> >> >
> >> > I thin
On Mon, Dec 7, 2015 at 2:15 PM, Marcelo Ricardo Leitner
wrote:
> On Mon, Dec 07, 2015 at 12:26:09PM +0100, Dmitry Vyukov wrote:
>> On Sat, Dec 5, 2015 at 5:39 PM, Vlad Yasevich wrote:
>> > On 12/04/2015 04:34 PM, Marcelo Ricardo Leitner wrote:
>> >> On Fri, Dec 04, 2015 at 09:25:35PM +0100, Dmitr
On Mon, Dec 07, 2015 at 12:26:09PM +0100, Dmitry Vyukov wrote:
> On Sat, Dec 5, 2015 at 5:39 PM, Vlad Yasevich wrote:
> > On 12/04/2015 04:34 PM, Marcelo Ricardo Leitner wrote:
> >> On Fri, Dec 04, 2015 at 09:25:35PM +0100, Dmitry Vyukov wrote:
> >>> On Fri, Dec 4, 2015 at 6:48 PM, Marcelo Ricardo
On Sat, Dec 5, 2015 at 5:39 PM, Vlad Yasevich wrote:
> On 12/04/2015 04:34 PM, Marcelo Ricardo Leitner wrote:
>> On Fri, Dec 04, 2015 at 09:25:35PM +0100, Dmitry Vyukov wrote:
>>> On Fri, Dec 4, 2015 at 6:48 PM, Marcelo Ricardo Leitner
>>> wrote:
Hi Dmitry,
Can you please test this
On 12/04/2015 04:34 PM, Marcelo Ricardo Leitner wrote:
> On Fri, Dec 04, 2015 at 09:25:35PM +0100, Dmitry Vyukov wrote:
>> On Fri, Dec 4, 2015 at 6:48 PM, Marcelo Ricardo Leitner
>> wrote:
>>> Hi Dmitry,
>>>
>>> Can you please test this patch?
>>> I'll re-post with proper subject if it works.
>>
>
On Fri, Dec 4, 2015 at 10:34 PM, Marcelo Ricardo Leitner
wrote:
> On Fri, Dec 04, 2015 at 09:25:35PM +0100, Dmitry Vyukov wrote:
>> On Fri, Dec 4, 2015 at 6:48 PM, Marcelo Ricardo Leitner
>> wrote:
>> > Hi Dmitry,
>> >
>> > Can you please test this patch?
>> > I'll re-post with proper subject if
On Fri, Dec 04, 2015 at 09:25:35PM +0100, Dmitry Vyukov wrote:
> On Fri, Dec 4, 2015 at 6:48 PM, Marcelo Ricardo Leitner
> wrote:
> > Hi Dmitry,
> >
> > Can you please test this patch?
> > I'll re-post with proper subject if it works.
>
> Still happening with the same stacks.
Then there may be a
On Fri, Dec 4, 2015 at 6:48 PM, Marcelo Ricardo Leitner
wrote:
> Hi Dmitry,
>
> Can you please test this patch?
> I'll re-post with proper subject if it works.
Still happening with the same stacks.
> ---8<---
>
> Dmitry Vyukov reported a use-after-free in the code expanded by the
> macro debug_
Hi Dmitry,
Can you please test this patch?
I'll re-post with proper subject if it works.
Thanks.
---8<---
Dmitry Vyukov reported a use-after-free in the code expanded by the
macro debug_post_sfx, which is caused by the use of the asoc pointer
after it was freed within sctp_side_effect() scope.
On 12/04/2015 12:03 PM, Joe Perches wrote:
> On Fri, 2015-12-04 at 11:47 -0500, Jason Baron wrote:
>> When DYNAMIC_DEBUG is enabled we have this wrapper from
>> include/linux/dynamic_debug.h:
>>
>> if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT))
>>
>>
>> So the compiler is not emitti
On Fri, 2015-12-04 at 11:47 -0500, Jason Baron wrote:
> When DYNAMIC_DEBUG is enabled we have this wrapper from
> include/linux/dynamic_debug.h:
>
> if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT))
>
>
> So the compiler is not emitting the side-effects in this
> case.
Huh? Do I mis
On 12/04/2015 11:12 AM, Dmitry Vyukov wrote:
> On Thu, Dec 3, 2015 at 9:51 PM, Joe Perches wrote:
>> (adding lkml as this is likely better discussed there)
>>
>> On Thu, 2015-12-03 at 15:42 -0500, Jason Baron wrote:
>>> On 12/03/2015 03:24 PM, Joe Perches wrote:
On Thu, 2015-12-03 at 15:10 -0
On Thu, Dec 3, 2015 at 9:51 PM, Joe Perches wrote:
> (adding lkml as this is likely better discussed there)
>
> On Thu, 2015-12-03 at 15:42 -0500, Jason Baron wrote:
>> On 12/03/2015 03:24 PM, Joe Perches wrote:
>> > On Thu, 2015-12-03 at 15:10 -0500, Jason Baron wrote:
>> > > On 12/03/2015 03:03
Vlad Yasevich writes:
> On 12/04/2015 07:55 AM, Marcelo Ricardo Leitner wrote:
>> On Fri, Dec 04, 2015 at 11:40:02AM +0100, Dmitry Vyukov wrote:
>>> On Thu, Dec 3, 2015 at 9:51 PM, Joe Perches wrote:
(adding lkml as this is likely better discussed there)
On Thu, 2015-12-03 at 15:42
On 12/04/2015 07:55 AM, Marcelo Ricardo Leitner wrote:
> On Fri, Dec 04, 2015 at 11:40:02AM +0100, Dmitry Vyukov wrote:
>> On Thu, Dec 3, 2015 at 9:51 PM, Joe Perches wrote:
>>> (adding lkml as this is likely better discussed there)
>>>
>>> On Thu, 2015-12-03 at 15:42 -0500, Jason Baron wrote:
>>>
On Fri, Dec 04, 2015 at 11:40:02AM +0100, Dmitry Vyukov wrote:
> On Thu, Dec 3, 2015 at 9:51 PM, Joe Perches wrote:
> > (adding lkml as this is likely better discussed there)
> >
> > On Thu, 2015-12-03 at 15:42 -0500, Jason Baron wrote:
> >> On 12/03/2015 03:24 PM, Joe Perches wrote:
> >> > On Thu
On Thu, Dec 3, 2015 at 6:02 PM, Eric Dumazet wrote:
> On Thu, Dec 3, 2015 at 7:55 AM, Dmitry Vyukov wrote:
>> On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
No, I don't. But pr_debug always computes its arguments. See no_printk
in printk.h. So this use-after-free happens for
On Thu, Dec 3, 2015 at 9:51 PM, Joe Perches wrote:
> (adding lkml as this is likely better discussed there)
>
> On Thu, 2015-12-03 at 15:42 -0500, Jason Baron wrote:
>> On 12/03/2015 03:24 PM, Joe Perches wrote:
>> > On Thu, 2015-12-03 at 15:10 -0500, Jason Baron wrote:
>> > > On 12/03/2015 03:03
(adding lkml as this is likely better discussed there)
On Thu, 2015-12-03 at 15:42 -0500, Jason Baron wrote:
> On 12/03/2015 03:24 PM, Joe Perches wrote:
> > On Thu, 2015-12-03 at 15:10 -0500, Jason Baron wrote:
> > > On 12/03/2015 03:03 PM, Joe Perches wrote:
> > > > On Thu, 2015-12-03 at 14:32 -
On 12/03/2015 03:24 PM, Joe Perches wrote:
> On Thu, 2015-12-03 at 15:10 -0500, Jason Baron wrote:
>> On 12/03/2015 03:03 PM, Joe Perches wrote:
>>> On Thu, 2015-12-03 at 14:32 -0500, Jason Baron wrote:
On 12/03/2015 01:52 PM, Aaron Conole wrote:
> I think that as a minimum, the following
On Thu, 2015-12-03 at 15:10 -0500, Jason Baron wrote:
> On 12/03/2015 03:03 PM, Joe Perches wrote:
> > On Thu, 2015-12-03 at 14:32 -0500, Jason Baron wrote:
> > > On 12/03/2015 01:52 PM, Aaron Conole wrote:
> > > > I think that as a minimum, the following patch should be evaluted,
> > > > but am un
On 12/03/2015 03:03 PM, Joe Perches wrote:
> On Thu, 2015-12-03 at 14:32 -0500, Jason Baron wrote:
>> On 12/03/2015 01:52 PM, Aaron Conole wrote:
>>> I think that as a minimum, the following patch should be evaluted,
>>> but am unsure to whom I should submit it (after I test):
> []
>> Agreed - th
On Thu, 2015-12-03 at 14:32 -0500, Jason Baron wrote:
> On 12/03/2015 01:52 PM, Aaron Conole wrote:
> > I think that as a minimum, the following patch should be evaluted,
> > but am unsure to whom I should submit it (after I test):
[]
> Agreed - the intention here is certainly to have no side effec
On 12/03/2015 01:52 PM, Aaron Conole wrote:
> Dmitry Vyukov writes:
>> On Thu, Dec 3, 2015 at 6:02 PM, Eric Dumazet wrote:
>>> On Thu, Dec 3, 2015 at 7:55 AM, Dmitry Vyukov wrote:
On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
>>
>> No, I don't. But pr_debug always computes
On Thu, 2015-12-03 at 13:52 -0500, Aaron Conole wrote:
> Dmitry Vyukov writes:
> > On Thu, Dec 3, 2015 at 6:02 PM, Eric Dumazet wrote:
> > > On Thu, Dec 3, 2015 at 7:55 AM, Dmitry Vyukov wrote:
> > > > On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
> > > > > >
> > > > > > No, I don't. But
Dmitry Vyukov writes:
> On Thu, Dec 3, 2015 at 6:02 PM, Eric Dumazet wrote:
>> On Thu, Dec 3, 2015 at 7:55 AM, Dmitry Vyukov wrote:
>>> On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
>
> No, I don't. But pr_debug always computes its arguments. See no_printk
> in printk.h. So th
On Thu, Dec 03, 2015 at 01:35:37PM -0500, Vlad Yasevich wrote:
> On 12/03/2015 01:06 PM, Marcelo wrote:
> >
> >
> > Em 3 de dezembro de 2015 15:59:10 BRST, Eric Dumazet
> > escreveu:
> >> On Thu, 2015-12-03 at 15:43 -0200, Marcelo Ricardo Leitner wrote:
> >>
> >>> Vlad, others,
> >>>
> >>> It's
On 12/03/2015 01:06 PM, Marcelo wrote:
>
>
> Em 3 de dezembro de 2015 15:59:10 BRST, Eric Dumazet
> escreveu:
>> On Thu, 2015-12-03 at 15:43 -0200, Marcelo Ricardo Leitner wrote:
>>
>>> Vlad, others,
>>>
>>> It's been a long time but this was introduced by commit 914e1c8b6980
>>> ("sctp: Inheri
Em 3 de dezembro de 2015 15:59:10 BRST, Eric Dumazet
escreveu:
>On Thu, 2015-12-03 at 15:43 -0200, Marcelo Ricardo Leitner wrote:
>
>> Vlad, others,
>>
>> It's been a long time but this was introduced by commit 914e1c8b6980
>> ("sctp: Inherit all socket options from parent correctly."). This i
On Thu, 2015-12-03 at 15:43 -0200, Marcelo Ricardo Leitner wrote:
> Vlad, others,
>
> It's been a long time but this was introduced by commit 914e1c8b6980
> ("sctp: Inherit all socket options from parent correctly."). This is not
> very consistent with how other protocols work and it will be hard
On Thu, Dec 03, 2015 at 02:51:33PM -0200, Marcelo Ricardo Leitner wrote:
> On Sat, Nov 28, 2015 at 04:50:56PM +0100, Dmitry Vyukov wrote:
> > This also seems to lead the the following WARNINGS:
> >
> > [ cut here ]
> > WARNING: CPU: 3 PID: 21734 at kernel/jump_label.c:77
>
On Thu, Dec 3, 2015 at 6:02 PM, Eric Dumazet wrote:
> On Thu, Dec 3, 2015 at 7:55 AM, Dmitry Vyukov wrote:
>> On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
No, I don't. But pr_debug always computes its arguments. See no_printk
in printk.h. So this use-after-free happens for
On Thu, Dec 3, 2015 at 7:55 AM, Dmitry Vyukov wrote:
> On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
>>>
>>> No, I don't. But pr_debug always computes its arguments. See no_printk
>>> in printk.h. So this use-after-free happens for all users.
>>
>> Hmm.
>>
>> pr_debug() should be a nop unle
On Sat, Nov 28, 2015 at 04:50:56PM +0100, Dmitry Vyukov wrote:
> This also seems to lead the the following WARNINGS:
>
> [ cut here ]
> WARNING: CPU: 3 PID: 21734 at kernel/jump_label.c:77
> __static_key_slow_dec+0xfb/0x120()
> jump label: negative count!
> Modules linked i
On Thu, Dec 03, 2015 at 04:55:44PM +0100, Dmitry Vyukov wrote:
> On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
> >>
> >> No, I don't. But pr_debug always computes its arguments. See no_printk
> >> in printk.h. So this use-after-free happens for all users.
> >
> > Hmm.
> >
> > pr_debug() shou
On Thu, Dec 3, 2015 at 3:48 PM, Eric Dumazet wrote:
>>
>> No, I don't. But pr_debug always computes its arguments. See no_printk
>> in printk.h. So this use-after-free happens for all users.
>
> Hmm.
>
> pr_debug() should be a nop unless either DEBUG or CONFIG_DYNAMIC_DEBUG are set
>
> On our prod
>
> No, I don't. But pr_debug always computes its arguments. See no_printk
> in printk.h. So this use-after-free happens for all users.
Hmm.
pr_debug() should be a nop unless either DEBUG or CONFIG_DYNAMIC_DEBUG are set
On our production kernels, pr_debug() is a nop.
Can you double check ? Than
On Thu, Dec 3, 2015 at 2:05 PM, Marcelo Ricardo Leitner
wrote:
> Hi,
>
> On Tue, Nov 24, 2015 at 10:15:57AM +0100, Dmitry Vyukov wrote:
>>
>> Call Trace:
>> [] __asan_report_load4_noabort+0x3e/0x40
>> [] sctp_do_sm+0x42f6/0x4f60
>> [] sctp_primitive_SHUTDOWN+0xa9/0xd0
>> [] sctp_close+0x616/0x
Hi,
On Tue, Nov 24, 2015 at 10:15:57AM +0100, Dmitry Vyukov wrote:
>
> Call Trace:
> [] __asan_report_load4_noabort+0x3e/0x40
> [] sctp_do_sm+0x42f6/0x4f60
> [] sctp_primitive_SHUTDOWN+0xa9/0xd0
> [] sctp_close+0x616/0x790
> [] inet_release+0xed/0x1c0 ./net/ipv4/af_inet.c:471
> [] inet6_rel
try Vyukov wrote:
>>>>> Hello,
>>>>>
>>>>> The following program triggers use-after-free in sctp_do_sm:
>>>>>
>>>>> // autogenerated by syzkaller (http://github.com/google/syzkaller)
>>>>> #include
>>&g
x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
>>>> 128);
>>>> long r6 = syscall(SYS_sendto, r0, 0x2faaul, 0x5eul,
>>>> 0x81ul, 0x233aul, 0x80ul);
>>>> r
From: Neil Horman
Date: Tue, 24 Nov 2015 15:45:54 -0500
>> The right commit is:
>>
>> commit 7d267278a9ece963d77eefec61630223fce08c6c
>> Author: Rainer Weikusat
>> Date: Fri Nov 20 22:07:23 2015 +
>> unix: avoid use-after-free in ep_remove_wait_queue
> This commit doesn't seem to exist
lo,
> > >>
> > >> The following program triggers use-after-free in sctp_do_sm:
> > >>
> > >> // autogenerated by syzkaller (http://github.com/google/syzkaller)
> > >> #include
> > >> #include
> > >>
On Tue, Nov 24, 2015 at 11:10:32AM +0100, Dmitry Vyukov wrote:
> On Tue, Nov 24, 2015 at 10:31 AM, Dmitry Vyukov wrote:
> > On Tue, Nov 24, 2015 at 10:15 AM, Dmitry Vyukov wrote:
> >> Hello,
> >>
> >> The following program triggers use-after-free in sctp_
On Tue, Nov 24, 2015 at 10:31 AM, Dmitry Vyukov wrote:
> On Tue, Nov 24, 2015 at 10:15 AM, Dmitry Vyukov wrote:
>> Hello,
>>
>> The following program triggers use-after-free in sctp_do_sm:
>>
>> // autogenerated by syzkaller (http://github.com/google/sy
On Tue, Nov 24, 2015 at 10:15 AM, Dmitry Vyukov wrote:
> Hello,
>
> The following program triggers use-after-free in sctp_do_sm:
>
> // autogenerated by syzkaller (http://github.com/google/syzkaller)
> #include
> #include
> #include
>
> int main()
> {
>
Hello,
The following program triggers use-after-free in sctp_do_sm:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include
#include
#include
int main()
{
long r0 = syscall(SYS_socket, 0xaul, 0x80805ul, 0x0ul, 0, 0, 0);
long r1 = syscall(SYS_mmap
65 matches
Mail list logo
