KASAN: use-after-free in move_expired_inodes

From: Shankara Pailoor
Date: Tue Oct 31 2017 - 09:24:49 EST

Next message: Felipe Balbi: "Re: [PATCH] usb: dwc3: gadget: Fix .udc_set_speed()"
Previous message: Michal Hocko: "Re: [PATCH] mm,oom: Try last second allocation before and after selecting an OOM victim."
Next in thread: Shankara Pailoor: "Re: KASAN: use-after-free in move_expired_inodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

We got the following error:

BUG: KASAN: use-after-free in move_expired_inodes+0xce6/0xdf0
Write of size 8 at addr ffff8800a3a36bf8 by task kworker/u8:0/5

while fuzzing with Syzkaller on 4.14-rc4 on x86_64. Included is the
trace of the crash along with the programs running around the time of
the crash.

Programs can be found here: https://pastebin.com/RYGtNn3z

Stack trace here: https://pastebin.com/SaJXWMg3

We don't have a C reproducer but we will send one if we have it.

Regards,
Shankara

Next message: Felipe Balbi: "Re: [PATCH] usb: dwc3: gadget: Fix .udc_set_speed()"
Previous message: Michal Hocko: "Re: [PATCH] mm,oom: Try last second allocation before and after selecting an OOM victim."
Next in thread: Shankara Pailoor: "Re: KASAN: use-after-free in move_expired_inodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]