From mboxrd@z Thu Jan  1 00:00:00 1970
From: Oleg Nesterov <oleg@redhat.com>
Subject: Re: fs/proc: Crash observed in next_tgid (fs/proc/base.c)
Date: Wed, 17 Apr 2019 13:21:48 +0200
Message-ID: <20190417112148.GB32622@redhat.com>
References: <b5b9df7b-324c-8286-3a7c-e7812511772d@codeaurora.org>
 <CAGXu5jLabRWRdknf_CSBJ316vXYrEUCPTUCsm50WEwdpVNfE3g@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-kernel-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <CAGXu5jLabRWRdknf_CSBJ316vXYrEUCPTUCsm50WEwdpVNfE3g@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
To: Kees Cook <keescook@chromium.org>
Cc: Jitendra Sharma <shajit@codeaurora.org>, "Luis R. Rodriguez" <mcgrof@kernel.org>, LKML <linux-kernel@vger.kernel.org>, "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>, linux-arm-msm@vger.kernel.org
List-Id: linux-arm-msm@vger.kernel.org

On 04/16, Kees Cook wrote:
>
> Do you have any hints on how to reproduce this? I assume something is
> missing proper locking or RCU handling,

or we simply have an unbalanced put_task_struct() anywhere else ...

> but I don't see anything
> obvious in the surrounding code yet...

I too do not see anything wrong in proc_pid_readdir() paths

Oleg.