Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp1317028lqo; Sat, 11 May 2024 18:40:49 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUycBQ46LQcGvI9dLYprkGDNWdYfA/E0v6OHr6vNRy2rOEVm5DzlHeGhtbODo6wQP1XhYjYVJlAadptRwXYRyTNajOwNpIlAxa+y8oIdQ== X-Google-Smtp-Source: AGHT+IH5mdmsfaSDpZXCkBFD8mj0a714SbAA3cf1oo319AGCseS2sm6stBP+f6UqYoBOOu7OKoNt X-Received: by 2002:a50:870d:0:b0:56d:fca5:4245 with SMTP id 4fb4d7f45d1cf-5734d5c0f47mr4147426a12.10.1715478048847; Sat, 11 May 2024 18:40:48 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715478048; cv=pass; d=google.com; s=arc-20160816; b=D1Ssvf7+X0BshQeNOq/C+xoFBbxLUwtP7JyI64dqDbUsnvxzYAiMRK0RUHkaJB6y/X sVEis2Zig5na24QV6O2488GZ2uJnLaEobSYeg1H8NiRRdqrSpPcJ1KkgT6LPQaKp7dDr jJM7YkN+POw/ZhcnJaUyG08wqw74h4jPEn5VN9+nKlwou+P3l4Lm3Et/A405aOXXzsTV c4X6duFGhm6Xq9a72+l5+iJwO0hiPISHEvyi3kH6EZW3aH6147ngUHNmaPpqNUv8cCjp b5r38FVgt76r/gV60X5x7ZH+QX5PTWj/zhmr0vgU8XGuJOpM0O171m/d9lxEgRAsokxe UE2w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=5sMHG0JcscwjTcoGWdmOOYLNkF3DEBYMdX0qDG8OcrI=; fh=q9KnOkGOuIMFsRJid5FrRfHCNQhedcPOtCQwk82B7YE=; b=j6pS6IPT7DvGf8HjKR3aDa6DSzuO52rua2pUcsXl3/fkfKBkpU6M9O4WMfwzCbb8C/ OI0/NDytTMCp0DZK+GdTMZZzXjOh505Mk1YT3ryee1j5DHr1lQLgl7FR6Kq8yP8scCV/ DD8GaRUhUCBAFqrvy9gByBvijc0WIJivBxeQdE8FLWoQj0ktlpZ8WXVKbXLb7W1wg4GA tkriL+NYhBeF2GuZqs65TfOd+bOilohi+q5bZ9EZ5oKMuemOFJz4m0ws6A4pcFpCBxIi oI1gHB3e/egl1DAYwJX1v5gKU27vJQRUPngZUXQtfUiWq/njX8ul5l2f2MoQxwEXh2d/ 5Vpg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hUEYYiRA; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-176783-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176783-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5733c3273b2si3557787a12.368.2024.05.11.18.40.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 May 2024 18:40:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-176783-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hUEYYiRA; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-176783-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-176783-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 664251F21544 for ; Sun, 12 May 2024 01:40:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AAC5C63C8; Sun, 12 May 2024 01:40:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hUEYYiRA" Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71E0E2F41 for ; Sun, 12 May 2024 01:40:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715478039; cv=none; b=eaPIqAXHB5roLzSh9aWybaq5wC8ETVOPHqj3jje/JCIQoS1L3OWw+ckauWELqhYW4/2VfbWH5rKT1gYJpxVBOu65aPz5P7pY7pycDIWohoqOhAhXgbMxIA44oxyYHxRXcBPcCs55zhle8Gqh2T3Vh9iDn02WaY0N3TgPfJb0S+s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715478039; c=relaxed/simple; bh=5sMHG0JcscwjTcoGWdmOOYLNkF3DEBYMdX0qDG8OcrI=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=ThIB5xw4DXDlFxfNDehopThQGWUUJg/Aq7+hdPbRl5yISW1X/W4d0E/zyBvt9dsDU4Bzll0VmSPVIlhpVq0/Swi0soFPBh5IHEEC+0u8r0wyEztTwfo2cBUSinYIz/C8i9A/kJtyknHmO2aEILXSu+dEgCVSEg8EOturlkq+cyk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hUEYYiRA; arc=none smtp.client-ip=209.85.210.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-6ee13f19e7eso2933710b3a.1 for ; Sat, 11 May 2024 18:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715478038; x=1716082838; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=5sMHG0JcscwjTcoGWdmOOYLNkF3DEBYMdX0qDG8OcrI=; b=hUEYYiRASpkF/k933ZfyMgOcfj05ra7imqoAjPaHNLBHGoKeZlHsRdsOPt2cZmCYS6 ATsaPfpZhztixIl9CAN5XjADFJU+3Q127Ypl5Z88Vjz678H81bgo/Wf0r/JxtnAfGtYp bqSpCE2sGkxTKnwBtLlPUJ+kkrKS47BMYU9qjLx2oCVylm9+OBYN7f8+R0rlX4C5lDVR HFT5TRx49TCTj9gczJAIvfDRUD4FVY7l3AYZzpFUgrdYtMLXJeI1yrHMG+UoikR6wsK3 /1yoQXuk4L6fGxNx55FZmhw+3naqBI8PUZjGQjrSFsdJ0v4L8Af3EDFIWEeJTVlR24wg 4Z1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715478038; x=1716082838; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5sMHG0JcscwjTcoGWdmOOYLNkF3DEBYMdX0qDG8OcrI=; b=EnOGA+OLFPyYXX0DVh64j0R5jQOW5t0+1RP5EaFgefzhCzt6QqRNIJqMmjiNCuC1vi LcvW+AFCZFxIlr1mfXJfSZriUIOYFJs4Jb1xmhA1awk8NgyNNRsmnqYch2qpHl8E9/wm IsbnVGJHIV51TZlbyADmjCF/0DsQERYeLIb6KWcCzLI6729/OlrhhkIRWflkKmtShhJc GRe/AFIIlz7hJuawE7XSBfRVqcRTg14MslaOtrqSys4xdBrX+0aarkmt4QPMfKBeDPPD lkvgKND8PMYBtzUhIYMjHhT/T4/lYb8q2a0WC/xgDJEhBpLH67TUb1GCQMXcecd6hrM2 o/yA== X-Forwarded-Encrypted: i=1; AJvYcCWwsnNc9HyC/7+1Dm6REnsY4kNkYY8KHAlmLdG1Fhqtt+Po73t2UpWz3KtwYGOCDq+igDVYy83jFvWmt/c1vI97hoYxXI0TMuIlcv0U X-Gm-Message-State: AOJu0YxXiLXVlVqzKRezIRGbX6e7Cmx7YNoNQ6z3sZBNMNTdu0VrwshO Ws0IpeVOMM/F8NmYFeJ6VJYnzj4U8H4rCzZtHO/XiIkcx7mAFjs15LI8siMJYLT07f1nSAV0WRI SmH+SYqYbdaSAc2m4dqPVbNkABOs= X-Received: by 2002:a05:6a20:565b:b0:1a7:919f:2b60 with SMTP id adf61e73a8af0-1afde0f3a28mr5999599637.37.1715478037580; Sat, 11 May 2024 18:40:37 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240511233404.2764-1-hdanton@sina.com> In-Reply-To: <20240511233404.2764-1-hdanton@sina.com> From: lee bruce Date: Sun, 12 May 2024 09:40:26 +0800 Message-ID: Subject: Re: [syzbot] [kernel?] KASAN: slab-use-after-free Read in kill_orphaned_pgrp (2) To: Hillf Danton Cc: syzbot+68619f9e9e69accd8e0a@syzkaller.appspotmail.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Edward Adam Davis , clf700383@gmail.com, michael.christie@oracle.com, mst@redhat.com, luto@kernel.org, peterz@infradead.org, Thomas Gleixner , ebiederm@xmission.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi. Hillf Danton =E4=BA=8E2024=E5=B9=B45=E6=9C=8812=E6=97=A5= =E5=91=A8=E6=97=A5 07:34=E5=86=99=E9=81=93=EF=BC=9A > > On Sat, 11 May 2024 22:45:06 +0800 lee bruce > > Hello, I found a reproducer for this bug. > > > Thanks for your report. > > > If you fix this issue, please add the following tag to the commit: > > Reported-by: xingwei lee > > Reported-by: lingfei cheng > > > > I use the same kernel as syzbot instance > > Kernel Commit: upstream dccb07f2914cdab2ac3a5b6c98406f765acab803 > > Kernel Config: https://syzkaller.appspot.com/text?tag=3D3DKernelConfig&= x=3D3D6d14c12b661fb43 > > with KASAN enabled > > > > Since the same title bug is triggered in > > https://syzkaller.appspot.com/bug?id=3D3D70492b96ff47ff70cfc433be100586= 119310670b. > > I make a simple RCA. > > In the old-syzbot instance the bug still trigger the title "KASAN: > > slab-use-after-free Read in kill_orphaned_pgrp=3DE2=3D80=3D9D and in th= e lastest > > syzbot the bug report as > > > > TITLE: WARNING in signal_wake_up_state > > ------------[ cut here ]------------ > > WARNING: CPU: 3 PID: 8591 at kernel/signal.c:762 > > signal_wake_up_state+0xf8/0x130 kernel/signal.c:762 > > Modules linked in: > > CPU: 3 PID: 8591 Comm: file0 Not tainted 6.9.0-rc7-00012-gdccb07f2914c = #6 > > Could you reproduce it in the next tree, because of d558664602d3 ("vhost_= task: > Handle SIGKILL by flushing work and exiting") adding reaction to signal? Ok, I'll try. Best Regards, xingwei lee