On Wed, Oct 19, 2016 at 6:57 PM, Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> wrote: > On Wed, Oct 19, 2016 at 02:25:24PM +0200, Andrey Konovalov wrote: >> Hi, >> >> I've got the following error report while running the syzkaller fuzzer: >> >> ================================================================== >> BUG: KASAN: use-after-free in __sctp_connect+0xabe/0xbf0 at addr >> ffff88006b1dc610 > > Seems this is the same that Dmitry Vyukov had reported back in Jan 13th. > So far I couldn't identify the reason. > "Good" to know it's still there, thanks for reporting it. Hi Marcelo, I've attached a reproducer that might help to figure out the reason. It triggers the UAF for me in ~10 seconds of running as: $ gcc -lpthread sctp-connect-uaf-poc.c $ while true; do ./a.out; done You need to have KASAN enabled. >
Attachment:
sctp-connect-uaf-poc.c
Description: Binary data
