Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Write in v9fs_free_request

From: David Howells
Date: Wed May 22 2024 - 06:57:07 EST

Next message: syzbot: "Re: [syzbot] [fs?] general protection fault in iter_file_splice_write"
Previous message: Miguel Ojeda: "Re: [PATCH 2/3] kbuild: rust: apply `CONFIG_WERROR` to all Rust targets"
In reply to: David Howells: "Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Write in v9fs_free_request"
Next in thread: David Howells: "Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Write in v9fs_free_request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

asmadeus@xxxxxxxxxxxxx wrote:

> That's a tough one: netfs took a ref in v9fs_init_request (netfs op's
> init_request) and expects to be able to use it until v9fs_free_request
> (net op's free_request()), but the fs was dismounted first and we kill
> the kmem cache at this point so we aggressively drop any dangling ref
> there as there's no way of waiting.

Which kmem cache are we talking about? I can see two in net/9p/ and one in
fs/9p/. And took a ref on what?

David

Next message: syzbot: "Re: [syzbot] [fs?] general protection fault in iter_file_splice_write"
Previous message: Miguel Ojeda: "Re: [PATCH 2/3] kbuild: rust: apply `CONFIG_WERROR` to all Rust targets"
In reply to: David Howells: "Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Write in v9fs_free_request"
Next in thread: David Howells: "Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Write in v9fs_free_request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]