Re: KASAN: use-after-free Read in p9_fd_poll
From: syzbot
Date: Thu Nov 07 2019 - 08:44:13 EST
syzbot suspects this bug was fixed by commit:
commit 430ac66eb4c5b5c4eb846b78ebf65747510b30f1
Author: Tomas Bortoli <tomasbortoli@xxxxxxxxx>
Date: Fri Jul 20 09:27:30 2018 +0000
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
kfree()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1646690c600000
start commit: d72e90f3 Linux 4.18-rc6
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=68af3495408deac5
dashboard link: https://syzkaller.appspot.com/bug?extid=0442e6e2f7e1e33b1037
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1569b51c400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16e7a978400000
If the result looks correct, please mark the bug fixed by replying with:
#syz fix: net/9p/trans_fd.c: fix race-condition by flushing workqueue
before the kfree()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection