From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752466AbdLDSnM (ORCPT ); Mon, 4 Dec 2017 13:43:12 -0500 Received: from zeniv.linux.org.uk ([195.92.253.2]:36400 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751380AbdLDSnL (ORCPT ); Mon, 4 Dec 2017 13:43:11 -0500 Date: Mon, 4 Dec 2017 18:43:07 +0000 From: Al Viro To: Dmitry Vyukov Cc: syzbot , linux-fsdevel@vger.kernel.org, LKML , syzkaller-bugs@googlegroups.com Subject: Re: KASAN: use-after-free Read in __fput Message-ID: <20171204184307.GU21978@ZenIV.linux.org.uk> References: <001a1146fbf6a6305c055cfdf55e@google.com> <20171204164452.GT21978@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.0 (2017-09-02) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 04, 2017 at 07:39:29PM +0100, Dmitry Vyukov wrote: > On Mon, Dec 4, 2017 at 5:44 PM, Al Viro wrote: > > On Thu, Nov 02, 2017 at 04:05:01AM -0700, syzbot wrote: > >> Hello, > >> > >> syzkaller hit the following crash on > >> 3a99df9a3d14cd866b5516f8cba515a3bfd554ab > >> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master > >> compiler: gcc (GCC) 7.1.1 20170620 > >> .config is attached > >> Raw console output is attached. > > > > That one is almost certainly double-free in kcm_clone() fixed in > > https://marc.info/?l=linux-netdev&m=151208776817071&q=raw > > Hi, > > What's the title of that commit? We need the title for syzbot. "fix > kcm_clone()"? I don't see such commit in net-next. For a good and simple reason that it's _not_ in net-next yet.