Re: KASAN: use-after-free Read in inet_create

From: Sowmini Varadhan
Date: Sun Apr 08 2018 - 21:05:16 EST



#syz dup: KASAN: use-after-free Read in rds_cong_queue_updates

There are a number of manifestations of this bug, basically
all suggest that the connect/reconnect etc workqs are somehow
being scheduled after the netns is deleted, despite the
code refactoring in Commit 3db6e0d172c (and looks like
the WARN_ONs in that commit are not even being triggered).
We've not been able to reproduce this issues, and without
a crash dump (or some hint of other threads that were running
at the time of the problem) are working on figuring out
the root-cause by code-inspection.

--Sowmini