From: Siddh Raman Pant via Linux-kernel-mentees <linux-kernel-mentees@lists.linuxfoundation.org>
To: "Dipanjan Das" <mail.dipanjan.das@gmail.com>
Cc: Eric Dumazet <edumazet@google.com>,
"Fabio M. De Francesco" <fmdefrancesco@gmail.com>,
syzbot+c70d87ac1d001f29a058
<syzbot+c70d87ac1d001f29a058@syzkaller.appspotmail.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
linux-security-modules <linux-security-module@vger.kernel.org>,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
linux-kernel-mentees
<linux-kernel-mentees@lists.linuxfoundation.org>
Subject: Re: [PATCH v3] kernel/watch_queue: Make pipe NULL while clearing watch_queue
Date: Tue, 02 Aug 2022 00:19:05 +0530 [thread overview]
Message-ID: <1825abd83c7.2fc2819e194605.6286442523651645797@siddh.me> (raw)
In-Reply-To: <20220801161642.GA1932489@berlinger>
On Mon, 01 Aug 2022 21:46:42 +0530 Dipanjan Das <mail.dipanjan.das@gmail.com> wrote:
> Are you referring to the reproducer attached to our original report?
> https://lore.kernel.org/all/CANX2M5bHye2ZEEhEV6PUj1kYL2KdWYeJtgXw8KZRzwrNpLYz+A@mail.gmail.com/
Yes, I meant the reproducer you gave.
I suspect I must have missed CONFIG_WATCH_QUEUE=y while setting the kernel
up, extremely sorry for it.
I now tried 5.10.y with it (using a modification of syzkaller's dashboard
config I had been using[1]), and I'm getting a __post_watch_notification()
crash (which is a related crash, as the fix[2][3] for that causes the
reproducer to not reproduce the post_one_notification crash on mainline),
but not the post_one_notification() crash you had reported. It seems if I
apply my patch, it doesn't trigger this related crash, so these bugs are
seem to be very related maybe due to racing? I haven't looked at that yet.
I then tried on v5.10.131 since that was the exact version you had
reproduced on, and it reproduces the post_one_notification() error
successfully. Applying 353f7988dd84 causes __post_watch_notification()
crash, and then applying this v3 patch does not trigger the issue, but
the patch to fix __post_watch_notification() crash is [2], which does
not really address the issue of post_one_notification() crash which
is due to the dangling reference to a freed pipe.
Can you please try reproducer at your end?
Thanks,
Siddh
[1] https://gist.github.com/siddhpant/06c7d64ca83273f0fd6604e4677f7c0d
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e64ab2dbd882933b65cd82ff6235d705ad65dbb6
[3] https://lore.kernel.org/linux-mm/18259769e5e.52eb2082293078.3991591702430862151@siddh.me/
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
WARNING: multiple messages have this Message-ID (diff)
From: Siddh Raman Pant <code@siddh.me>
To: "Dipanjan Das" <mail.dipanjan.das@gmail.com>
Cc: "Greg KH" <gregkh@linuxfoundation.org>,
"syzbot+c70d87ac1d001f29a058"
<syzbot+c70d87ac1d001f29a058@syzkaller.appspotmail.com>,
"linux-kernel-mentees"
<linux-kernel-mentees@lists.linuxfoundation.org>,
"linux-security-modules" <linux-security-module@vger.kernel.org>,
"linux-kernel" <linux-kernel@vger.kernel.org>,
"David Howells" <dhowells@redhat.com>,
"Eric Dumazet" <edumazet@google.com>,
"Christophe JAILLET" <christophe.jaillet@wanadoo.fr>,
"Fabio M. De Francesco" <fmdefrancesco@gmail.com>
Subject: Re: [PATCH v3] kernel/watch_queue: Make pipe NULL while clearing watch_queue
Date: Tue, 02 Aug 2022 00:19:05 +0530 [thread overview]
Message-ID: <1825abd83c7.2fc2819e194605.6286442523651645797@siddh.me> (raw)
In-Reply-To: <20220801161642.GA1932489@berlinger>
On Mon, 01 Aug 2022 21:46:42 +0530 Dipanjan Das <mail.dipanjan.das@gmail.com> wrote:
> Are you referring to the reproducer attached to our original report?
> https://lore.kernel.org/all/CANX2M5bHye2ZEEhEV6PUj1kYL2KdWYeJtgXw8KZRzwrNpLYz+A@mail.gmail.com/
Yes, I meant the reproducer you gave.
I suspect I must have missed CONFIG_WATCH_QUEUE=y while setting the kernel
up, extremely sorry for it.
I now tried 5.10.y with it (using a modification of syzkaller's dashboard
config I had been using[1]), and I'm getting a __post_watch_notification()
crash (which is a related crash, as the fix[2][3] for that causes the
reproducer to not reproduce the post_one_notification crash on mainline),
but not the post_one_notification() crash you had reported. It seems if I
apply my patch, it doesn't trigger this related crash, so these bugs are
seem to be very related maybe due to racing? I haven't looked at that yet.
I then tried on v5.10.131 since that was the exact version you had
reproduced on, and it reproduces the post_one_notification() error
successfully. Applying 353f7988dd84 causes __post_watch_notification()
crash, and then applying this v3 patch does not trigger the issue, but
the patch to fix __post_watch_notification() crash is [2], which does
not really address the issue of post_one_notification() crash which
is due to the dangling reference to a freed pipe.
Can you please try reproducer at your end?
Thanks,
Siddh
[1] https://gist.github.com/siddhpant/06c7d64ca83273f0fd6604e4677f7c0d
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e64ab2dbd882933b65cd82ff6235d705ad65dbb6
[3] https://lore.kernel.org/linux-mm/18259769e5e.52eb2082293078.3991591702430862151@siddh.me/
next prev parent reply other threads:[~2022-08-01 18:49 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-28 15:51 [PATCH v3] kernel/watch_queue: Make pipe NULL while clearing watch_queue Siddh Raman Pant
2022-07-28 15:51 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-01 9:34 ` Siddh Raman Pant
2022-08-01 9:34 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-01 10:24 ` Greg KH
2022-08-01 10:24 ` Greg KH
2022-08-01 12:58 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-01 12:58 ` Siddh Raman Pant
2022-08-01 13:00 ` Siddh Raman Pant
2022-08-01 13:00 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-01 16:16 ` Dipanjan Das
2022-08-01 16:16 ` Dipanjan Das
2022-08-01 18:49 ` Siddh Raman Pant via Linux-kernel-mentees [this message]
2022-08-01 18:49 ` Siddh Raman Pant
2022-08-03 1:16 ` Eric Biggers
2022-08-03 1:16 ` Eric Biggers
2022-08-03 3:58 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-03 3:58 ` Siddh Raman Pant
2022-08-03 4:10 ` Dipanjan Das
2022-08-03 4:10 ` Dipanjan Das
2022-08-03 1:08 ` Eric Biggers
2022-08-03 1:08 ` Eric Biggers
2022-08-03 3:56 ` Siddh Raman Pant
2022-08-03 3:56 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-03 4:12 ` Eric Biggers
2022-08-03 4:12 ` Eric Biggers
2022-08-03 5:13 ` Siddh Raman Pant
2022-08-03 5:13 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-03 5:41 ` Eric Biggers
2022-08-03 5:41 ` Eric Biggers
2022-08-03 8:40 ` Siddh Raman Pant
2022-08-03 8:40 ` Siddh Raman Pant via Linux-kernel-mentees
2022-08-03 18:15 ` Eric Biggers
2022-08-03 18:15 ` Eric Biggers
2022-08-04 8:39 ` Siddh Raman Pant
2022-08-04 8:39 ` Siddh Raman Pant via Linux-kernel-mentees
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1825abd83c7.2fc2819e194605.6286442523651645797@siddh.me \
--to=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=christophe.jaillet@wanadoo.fr \
--cc=code@siddh.me \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=fmdefrancesco@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mail.dipanjan.das@gmail.com \
--cc=syzbot+c70d87ac1d001f29a058@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.