On Thu, Jul 5, 2018 at 1:26 AM Eric Biggers <ebiggers3@xxxxxxxxx> wrote: > > On Tue, May 15, 2018 at 01:49:23PM -0700, Roland Dreier wrote: > > > Still reproducible on Linus' tree (commit 66e1c94db3cd4e) and on linux-next > > > (next-20180511). Here's a simplified reproducer: > > > > Thanks! That's a fantastic test case. > > > > The issue is a race where rdma_listen() sees invalid state in the > > middle of an rdma_bind_addr() call that will ultimately fail. I'll > > send a proposed patch shortly. > > > > - R. > > Ping; there's still no fix merged for this. The reproducer also works as an > unprivileged user. I don't see any patch similar to the tested one being merged. But this stopped happening, so let's do: #syz fix: ucma: fix a use-after-free in ucma_resolve_ip()
