Re: KASAN: use-after-free Read in post_one_notification

[Greg KH]

On Wed, Jul 27, 2022 at 02:28:45PM -0700, Dipanjan Das wrote:
> Hi,
> 
> We would like to report the following bug which has been found by our
> modified version of syzkaller.
> 
> ======================================================
> description: KASAN: use-after-free Read in post_one_notification
> affected file: kernel/watch_queue.c
> kernel version: 5.10.131
> kernel commit: 8f95261a006489c828f1d909355669875649668b
> git tree: upstream
> kernel config: https://syzkaller.appspot.com/x/.config?x=e49433cfed49b7d9
> crash reproducer: attached
> patch: This bug was previously reported by syzkaller for kernel
> version 5.17. The same patch works for kernel version 5.10 as well,
> i.e., we tested that the repro can no longer triggers the reported
> crash with this patch:
> https://syzkaller.appspot.com/text?tag=Patch&x=13b8c83c080000

I'm sorry, I do not understand.  So this is fixed in Linus's tree?  But
not in 5.10.y?  Or it is not fixed everywhere?

If it is fixed, what is the git commit id of the patch in Linus's tree
that fixes this that should be backported to 5.10.y?

confused,

greg k-h