Reminder: 2 open syzbot bugs in "security/tomoyo" subsystem

Eric Biggers ebiggers at kernel.org
Wed Jul 24 04:34:50 UTC 2019


On Wed, Jul 24, 2019 at 12:18:47PM +0900, Tetsuo Handa wrote:
> > --------------------------------------------------------------------------------
> > Title:              KASAN: invalid-free in tomoyo_realpath_from_path
> > Last occurred:      57 days ago
> > Reported:           56 days ago
> > Branches:           net-next
> > Dashboard link:     https://syzkaller.appspot.com/bug?id=e9e5a1d41c3fb5d0f79aeea0e4cd535f160a6702
> > Original thread:    https://lkml.kernel.org/lkml/000000000000785e9d0589ec359a@google.com/T/#u
> 
> This cannot be a TOMOYO's bug. We are waiting for a reproducer but
> no crash occurred since then. Maybe it is time to close as invalid.

Maybe.  Did you check for stack buffer overflows in the functions that
tomoyo_realpath_from_path() calls?  Perhaps something is corrupting the 'buf'
variable in the parent's stack frame.

- Eric



More information about the Linux-security-module-archive mailing list