From: Jakub Kicinski <kuba@kernel.org>
To: Jiakai Xu <xujiakai24@mails.ucas.ac.cn>
Cc: davem@davemloft.net, edumazet@google.com,
ernestas.k@iconn-networks.com, horms@kernel.org, kees@kernel.org,
kuniyu@google.com, leitao@debian.org,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
pabeni@redhat.com
Subject: Re: [PATCH v2] llc: Fix race between sock_orphan() and timer callback in llc_sk_free()
Date: Tue, 2 Jun 2026 19:11:45 -0700 [thread overview]
Message-ID: <20260602191145.3deea6db@kernel.org> (raw)
In-Reply-To: <20260603013007.1171695-1-xujiakai24@mails.ucas.ac.cn>
On Wed, 3 Jun 2026 01:30:07 +0000 Jiakai Xu wrote:
> > Sashiko points out that there's more issues if the timer runs after
> > llc_ui_release(). Can you reliably reproduce this? Have you checked
> > that this change is sufficient? Sashiko says that llc->dev may
> > disappear even tho we don't clear that pointer in _release().
>
> This crash was discovered by fuzzing. Unfortunately, the fuzzer did
> not generate a reproducer program, so I am unable to reproduce it.
> Our analysis has been based entirely on the crash report.
>
> I'm not an expert in this area, so the quality of my patches may be
> low. I really appreciate your patience and the time you've taken to
> review this. Would this V3 approach (moving both sock_orphan() and
> netdev_put() into llc_sk_free() after the timer stop) be the correct
> way to proceed?
Not sure, feels like we're trying to fix symptoms instead of addressing
the real root cause.
prev parent reply other threads:[~2026-06-03 2:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-29 2:00 [PATCH v2] llc: Fix race between sock_orphan() and timer callback in llc_sk_free() Jiakai Xu
2026-06-02 20:30 ` Jakub Kicinski
2026-06-03 1:30 ` Jiakai Xu
2026-06-03 2:11 ` Jakub Kicinski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260602191145.3deea6db@kernel.org \
--to=kuba@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ernestas.k@iconn-networks.com \
--cc=horms@kernel.org \
--cc=kees@kernel.org \
--cc=kuniyu@google.com \
--cc=leitao@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=xujiakai24@mails.ucas.ac.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.