On 08/11/2018 10:51 PM, Vincent Pelletier wrote: > On Sun, 12 Aug 2018 02:55:31 +0000, Vincent Pelletier > <[email protected]> wrote: >> Aug 12 04:44:53 boke kernel: [ 64.737069] BUG: KASAN: use-after-free in >> iscsi_target_login_sess_out.cold.11+0x58/0x123 [iscsi_target_mod] >> Aug 12 04:44:53 boke kernel: [ 64.771148] BUG: KASAN: double-free or >> invalid-free in iscsi_target_login_sess_out.cold.11+0x103/0x123 >> [iscsi_target_mod] > > If I'm reading the code correctly, the double-free would be > iscsi_login_init_conn and iscsi_target_login_sess_out both calling > kfree(conn->conn_ops), with the latter called by > __iscsi_target_login_thread precisely when the former fails (returns > NULL after freeing). >
I think I fixed that with this patch: https://www.spinics.net/lists/target-devel/msg17018.html It fixes a mix of problems double free of the ops, session and reference after free.
