Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4182337ybl; Mon, 9 Dec 2019 06:47:23 -0800 (PST) X-Google-Smtp-Source: APXvYqzzSDOXo54RBYXGKmRaKnLAZvmM/aozZaoNgC0wUGSu9kqM4fxWPQLSeVe59WO2HAZ6dd88 X-Received: by 2002:a9d:784b:: with SMTP id c11mr20529868otm.246.1575902843572; Mon, 09 Dec 2019 06:47:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575902843; cv=none; d=google.com; s=arc-20160816; b=RjmtbFp8zDaCJuUaYPZ+x+yixFJqmJ5+4qk2YlcDq3iS9QMe91CwoEwSlKLmPhp1FT sh0Ifp8S/R3T5k9/JFEI0mXCnjHcBTnQDt5ougt1ybM/w8ppb6e/jOwxerqaLylN4o6a cPtCqyI+5EFxqo9+ETGbbfIv0HVo34qQENfsuuAsUwyuvvQxDdZGh8GJZ7O1+1eEXfQr BnWqptljYN3lw+L1eHQXqY+cbEPNUeO3JTuUT8JueCXzUfkxFcu6jsI7TfnL/mccQpGQ ENyqMpKAnHIYb0UFH4+crADw81m9jPgfvVwsu3HMJWpB18Q56WuOyFieB0PuIFa4Jk/y /LqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date; bh=etR+rgd3V0q7cFN4kU1PEu8GZQ/tfCXlSoEDcl0iPks=; b=vfSuj7l5dlCQwHNCl90B6fhB+vwwLC/ConR4MrqYhBIIbLp7189xrWbl/Wdyrrz9Mp z+A0OKpx4WLECkTh5wAODX+F2BhcVrbPMxW2deg4SKnsOQFle2sswaCQYzt7e0ppLu2P VNX+9jsGXsXHmxYH2S8cN1qKWcZwattRR1cj0M+l5WvbGD93edJL7hWVCeINtxjsgvkD k3UDLqkQWLJkKponW5Uu/0XrHMLDRjD9tqbo8mpAtAGL4F831TE4rJt6TWVKl760P7Kz Scr1knvbmElBHyMNM1EG+R/j4CBXK8adQaPMK2FtOrva5uBljknKTqioU9OYWo7vpYFn kCZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 7si11534149oir.183.2019.12.09.06.47.12; Mon, 09 Dec 2019 06:47:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727816AbfLIOpx convert rfc822-to-8bit (ORCPT + 99 others); Mon, 9 Dec 2019 09:45:53 -0500 Received: from ipmail05.adl3.internode.on.net ([150.101.137.13]:33487 "EHLO ipmail05.adl3.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727388AbfLIOpx (ORCPT ); Mon, 9 Dec 2019 09:45:53 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2CV/QCtXe5dAG/sfAFkhkUSKoQCgl2?= =?us-ascii?q?GJow5hUiKCySHJAkBPAMBAREBNoN4AoI9OBMSAgcBAQEFBBABAQEyhROGKwE?= =?us-ascii?q?FI1YQCAMNCwICHwcCAiE2Bg4FgyKCRwMurCaBMhqFNYJLDWOBSIEOjE+BTD+?= =?us-ascii?q?BOAwDEYJMPoQpAQGDLjKCLK17H0MHgjFuBJUPgkKHc4QtA4d1g1gtjS6dKyG?= =?us-ascii?q?BWTMaLm8BgxGNQ44hLjSBHxoLixqCMgEB?= X-IronPort-SPAM: SPAM Received: from unknown (HELO [100.69.114.178]) ([1.124.236.111]) by ipmail05.adl3.internode.on.net with ESMTP; 10 Dec 2019 01:15:49 +1030 Date: Tue, 10 Dec 2019 01:15:46 +1030 User-Agent: K-9 Mail for Android In-Reply-To: References: <30808b0b-367a-266a-7ef4-de69c08e1319@internode.on.net> <09396dca-3643-9a4b-070a-e7db2a07235e@internode.on.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Subject: Re: refcount_t: underflow; use-after-free with CIFS umount after scsi-misc commit ef2cc88e2a205b8a11a19e78db63a70d3728cdf5 To: Linus Torvalds CC: SCSI development list , Linux Kernel Mailing List , CIFS , "James E.J. Bottomley" From: Arthur Marsh Message-ID: <5E678754-A3E8-46CE-8062-DA717F2C098F@internode.on.net> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, I ran the last good kernel with several boot-up, cifs mount, un-mount, shut down cycles without encountering the problem. After applying the patch from : diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 0ab6b1200288..d2658f51ff60 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -1847,7 +1847,8 @@ SMB2_tdis(const unsigned int xid, struct cifs_tcon *tcon) if ((tcon->need_reconnect) || (tcon->ses->need_reconnect)) return 0; - close_shroot(&tcon->crfid); + if (tcon->crfid.is_valid) + close_shroot(&tcon->crfid); to kernel 5.5.0-rc1 I no longer experience the problem. Regards, Arthur. On 9 December 2019 12:53:02 pm ACDT, Linus Torvalds wrote: >On Sun, Dec 8, 2019 at 5:49 PM Arthur Marsh > wrote: >> >> This still happens with 5.5.0-rc1: > >Does it happen 100% of the time? > >Your bisection result looks pretty nonsensical - not that it's >impossible (anything is possible), but it really doesn't look very >likely. Which makes me think maybe it's slightly timing-sensitive or >something? > >Would you mind trying to re-do the bisection, and for each kernel try >the mount thing at least a few times before you decide a kernel is >good? > >Bisection is very powerful, but if _any_ of the kernels you marked >good weren't really good (they just happened to not trigger the >problem), bisection ends up giving completely the wrong answer. And >with that bisection commit, there's not even a hint of what could have >gone wrong. > > Linus -- Sent from my Android device with K-9 Mail. Please excuse my brevity.