cc shankara On Sat, Nov 4, 2017 at 4:05 PM, Andrew Zhu Aday <andrew.aday@xxxxxxxxxxxx> wrote: > ---------- Forwarded message ---------- > From: Shankara Pailoor <sp3485@xxxxxxxxxxxx> > Date: Tue, Oct 31, 2017 at 10:05 PM > Subject: Fwd: KASAN: use-after-free in move_expired_inodes > To: Andrew Zhu Aday <andrew.aday@xxxxxxxxxxxx> > > > ---------- Forwarded message ---------- > From: Shankara Pailoor <sp3485@xxxxxxxxxxxx> > Date: Tue, Oct 31, 2017 at 10:04 PM > Subject: Re: KASAN: use-after-free in move_expired_inodes > To: LKML <linux-kernel@xxxxxxxxxxxxxxx>, viro@xxxxxxxxxxxxxxxxxx, > linux-fsdevel@xxxxxxxxxxxxxxx > > > Hi Al, etc, > > I was unable to find a reproducer but I was looking at > move_expired_inodes (fs/fs-writeback.c 1093.c) and how do you ensure > that the inode can't be freed after retrieving it from the work queue? > Any insights would be appreciated. > > Regards, > Shankara > > On Tue, Oct 31, 2017 at 9:24 AM, Shankara Pailoor <sp3485@xxxxxxxxxxxx> wrote: >> Hi, >> >> We got the following error: >> >> BUG: KASAN: use-after-free in move_expired_inodes+0xce6/0xdf0 >> Write of size 8 at addr ffff8800a3a36bf8 by task kworker/u8:0/5 >> >> while fuzzing with Syzkaller on 4.14-rc4 on x86_64. Included is the >> trace of the crash along with the programs running around the time of >> the crash. >> >> Programs can be found here: https://pastebin.com/RYGtNn3z >> >> Stack trace here: https://pastebin.com/SaJXWMg3 >> >> We don't have a C reproducer but we will send one if we have it. >> >> Regards, >> Shankara
