Re: KASAN: use-after-free Read in rxrpc_release_call

Hillf Danton wrote: > if (conn) { > - rxrpc_disconnect_call(call); > conn->security->free_call_crypto(call); > + rxrpc_disconnect_call(call); > } Better to cache the security pointer in the call struct, I think. David

Re: KASAN: use-after-free Read in rxrpc_release_call

syzbot has bisected this bug to: commit 2baec2c3f854d1f79c7bb28386484e144e864a14 Author: David Howells Date: Wed May 24 16:02:32 2017 + rxrpc: Support network namespacing bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16240b0960 start commit: f97c81dc Merge tag 'a

Re: KASAN: use-after-free Read in rxrpc_release_call

syzbot has found a reproducer for the following crash on: HEAD commit:f97c81dc Merge tag 'armsoc-late' of git://git.kernel.org/p.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=110c16a160 kernel config: https://syzkaller.appspot.com/x/.config?x=61f948

KASAN: use-after-free Read in rxrpc_release_call

Hello, syzbot found the following crash on: HEAD commit:fed07ef3 Merge tag 'mlx5-updates-2019-08-21' of git://git... git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=1256e22e60 kernel config: https://syzkaller.appspot.com/x/.config?x=e34a4fe936eac597 da