Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp1279682lqo;
        Sat, 11 May 2024 16:34:38 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUGjz+KNECuN2wWaDkiUuf4ryVDKCKO4TnwsbhFvWpMcvgbzUMzY/HxfDN0EmTONdy7WvA5buY0w1vu/Yn5ublI2tRiACdQB+BhHe3VaA==
X-Google-Smtp-Source: AGHT+IG2HYFKImYI0KWDaRvORE78sQW7yn4/RbPAPBoBG0W0OG6KzWamPfy7YskkvZVlZcKefI+L
X-Received: by 2002:a50:ab0c:0:b0:572:459f:c7ab with SMTP id 4fb4d7f45d1cf-5734d6f004bmr6009358a12.28.1715470478639;
        Sat, 11 May 2024 16:34:38 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715470478; cv=pass;
        d=google.com; s=arc-20160816;
        b=SSO8Fgtcf0ZTg5sE/oZ/neWipiQhtALoMaSmsx0vAl444SP6QxGxMV5dRYAynZAlNg
         OGldKquNk988b3GAR2r80HJ1MfKCQoNyqjfF3x1lIizjPJ/jxLy3PUa4ZGeX9WdWCG9q
         lfxFfCYwfL5ioUFk148MY/YUWdOo6sXWym3GaK6SmdaBgtdc0MTSdLKONHcOmyjc5o4V
         1rgTMxdtuFI7cAHZPG6pD9Ol3lYAynJBXGH7TGhLSBOHXr6ltBaTDUW2WrIPei9W+46D
         /zG2oCnGQWxhkVc/dqjNl8IeJ+2mcFvYdF2lx9GS9xwrnn4qw/nww9uXVgr8N2SWVlnh
         VYJw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=/r5B+MK3yfHil50MHU78ePVQaPMRbWpc8ZVvX+wbjwg=;
        fh=YH7WV4GntSsNueSvU+qI+lafd0WU3cwByuQAC/Embnc=;
        b=Zrsi0HaDbHhZAS1Ne2FBTxmZHlRHfMsCtpYAWM2V72G8kbLrwLBU7BvSut2n7+VxpV
         sKGlcR019FwqGFnct3Kf2LgGSEyKjjnC9QOcZZC4u75/KqxTXLbio6fiIra9eg9Df3vu
         rXYcVUYwZDCEKedeTF3Z4LtHaT7zUh6xJ0c2wjcmbNy4g+6MivvSfp36G9LMkif4kPcw
         9D03HeUjRBHeN5CRFYGQPCHDOzDdqRuHk+7+gsJ5S3H8RJyjKjF1xFuF7a/ulb/8yY2y
         90rJfp9Mhsfwo1YPVuu8vZogvycpWatRLrsE8T189f+KWRCKh0xw3hzw6IM2aFpfA2/j
         NQXA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=sina.com);
       spf=pass (google.com: domain of linux-kernel+bounces-176777-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176777-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-176777-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5733bebff91si3462856a12.142.2024.05.11.16.34.38
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 11 May 2024 16:34:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-176777-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=sina.com);
       spf=pass (google.com: domain of linux-kernel+bounces-176777-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176777-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 5CD391F21CDE
	for <linux.lists.archive@gmail.com>; Sat, 11 May 2024 23:34:38 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 25A9F3FB1E;
	Sat, 11 May 2024 23:34:32 +0000 (UTC)
Received: from mail115-69.sinamail.sina.com.cn (mail115-69.sinamail.sina.com.cn [218.30.115.69])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8391C1CAA5
	for <linux-kernel@vger.kernel.org>; Sat, 11 May 2024 23:34:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=218.30.115.69
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715470471; cv=none; b=U54YMXxymIzh4RhNbENUspLGHWT2iQmAZsCYPWQQLrXBXhG0qaPJyg5pMf/t8x3O7QxEA+7iMYtEQILfsNAWkW6VujD2uC8QRSEGEBYWQIQcyv7KYbBOTij/HPQsIoweKNrlWNHRR82lNsF3WIBvbe5eafJq1p+LMPBIKQ5B6L0=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715470471; c=relaxed/simple;
	bh=yG3QvXIBxLaiZvKf2nykW9fnavoQe0jaouFl5e8ukZg=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version; b=PPX3N5k/6k5ZECVnOx3j4OsS/K8c5nSgWMCh0LlpFWy46Fo6VypP52TW0colcXAYen6pg8D5RstVckfm62G//5Hy5oFj5fLkdF9gsnpxUHfJsheEo1Bk87AQF3phw7mnTM9B8CR95ujD+IUUOEStLEFtRggMdw8ez8kFLgdwyK8=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com; spf=pass smtp.mailfrom=sina.com; arc=none smtp.client-ip=218.30.115.69
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com
X-SMAIL-HELO: localhost.localdomain
Received: from unknown (HELO localhost.localdomain)([113.88.49.25])
	by sina.com (10.75.12.45) with ESMTP
	id 6640007500001EDC; Sat, 12 May 2024 07:34:16 +0800 (CST)
X-Sender: hdanton@sina.com
X-Auth-ID: hdanton@sina.com
Authentication-Results: sina.com;
	 spf=none smtp.mailfrom=hdanton@sina.com;
	 dkim=none header.i=none;
	 dmarc=none action=none header.from=hdanton@sina.com
X-SMAIL-MID: 22319631457846
X-SMAIL-UIID: CCAE3AD48149438794BBB3613593D6F3-20240512-073416-1
From: Hillf Danton <hdanton@sina.com>
To: lee bruce <xrivendell7@gmail.com>
Cc: syzbot+68619f9e9e69accd8e0a@syzkaller.appspotmail.com,
	linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com,
	Edward Adam Davis <eadavis@qq.com>,
	clf700383@gmail.com,
	michael.christie@oracle.com,
	mst@redhat.com
Subject: Re: [syzbot] [kernel?] KASAN: slab-use-after-free Read in kill_orphaned_pgrp (2)
Date: Sun, 12 May 2024 07:34:04 +0800
Message-Id: <20240511233404.2764-1-hdanton@sina.com>
In-Reply-To: <CABOYnLy5WHJBjk33pzr12w5e7CDGb43LhQ5zQow0on4pCYusjw@mail.gmail.com>
References: 
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

On Sat, 11 May 2024 22:45:06 +0800 lee bruce <xrivendell7@gmail.com>
> Hello, I found a reproducer for this bug.
> 
Thanks for your report.

> If you fix this issue, please add the following tag to the commit:
> Reported-by: xingwei lee <xrivendell7@gmail.com>
> Reported-by: lingfei cheng <clf700383@gmail.com>
> 
> I use the same kernel as syzbot instance
> Kernel Commit: upstream dccb07f2914cdab2ac3a5b6c98406f765acab803
> Kernel Config: https://syzkaller.appspot.com/text?tag=3DKernelConfig&x=3D6d14c12b661fb43
> with KASAN enabled
> 
> Since the same title bug is triggered in
> https://syzkaller.appspot.com/bug?id=3D70492b96ff47ff70cfc433be100586119310670b.
> I make a simple RCA.
> In the old-syzbot instance the bug still trigger the title "KASAN:
> slab-use-after-free Read in kill_orphaned_pgrp=E2=80=9D and in the lastest
> syzbot the bug report as
> 
> TITLE: WARNING in signal_wake_up_state
> ------------[ cut here ]------------
> WARNING: CPU: 3 PID: 8591 at kernel/signal.c:762
> signal_wake_up_state+0xf8/0x130 kernel/signal.c:762
> Modules linked in:
> CPU: 3 PID: 8591 Comm: file0 Not tainted 6.9.0-rc7-00012-gdccb07f2914c #6

Could you reproduce it in the next tree, because of d558664602d3 ("vhost_task:
Handle SIGKILL by flushing work and exiting") adding reaction to signal?