On Thu, 07 Nov 2019 05:42:07 -0800, syzbot wrote: > syzbot suspects this bug was fixed by commit: > > commit 9354544cbccf68da1b047f8fb7b47630e3c8a59d > Author: Dirk van der Merwe <dirk.vandermerwe@xxxxxxxxxxxxx> > Date: Mon Jun 24 04:26:58 2019 +0000 > > net/tls: fix page double free on TX cleanup > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=168ad3c2600000 > start commit: 4710e789 Merge tag 'nfs-for-4.20-2' of git://git.linux-nfs.. > git tree: upstream > kernel config: https://syzkaller.appspot.com/x/.config?x=9384ecb1c973baed > dashboard link: https://syzkaller.appspot.com/bug?extid=e736399a2c4054612307 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17902f5b400000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=111377e5400000 > > If the result looks correct, please mark the bug fixed by replying with: > > #syz fix: net/tls: fix page double free on TX cleanup > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection The bug report looks fairly strange and could indicate a double free, but I don't see an entirely clear connection. We are double freeing a record and its pages while the splat is from a slab-32.. Given the bisection I think it's probably okay: #syz fix: net/tls: fix page double free on TX cleanup
