From: asmadeus@codewreck.org
To: David Howells <dhowells@redhat.com>
Cc: syzbot <syzbot+d7c7a495a5e466c031b6@syzkaller.appspotmail.com>,
brauner@kernel.org, hdanton@sina.com,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fid_destroy
Date: Fri, 24 May 2024 05:57:17 +0900 [thread overview]
Message-ID: <Zk-trSrUlNmodxLx@codewreck.org> (raw)
In-Reply-To: <641239.1716487625@warthog.procyon.org.uk>
David Howells wrote on Thu, May 23, 2024 at 07:07:05PM +0100:
> asmadeus@codewreck.org wrote:
>
> > > There's a problem in 9p's interaction with netfslib whereby a crash occurs
> > > because the 9p_fid structs get forcibly destroyed during client teardown
> > > (without paying attention to their refcounts) before netfslib has finished
> > > with them. However, it's not a simple case of deferring the clunking that
> > > p9_fid_put() does as that requires the client.
> >
> > "as that requires the client" doesn't parse
>
> "... as that requires the p9_client record to still be present."?
Ah! yes, that works.
'as that uses/depends on the client' would also work.
Thanks,
--
Dominique Martinet | Asmadeus
prev parent reply other threads:[~2024-05-23 20:57 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-07 8:14 [syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fid_destroy syzbot
2024-05-17 11:31 ` syzbot
2024-05-17 23:59 ` Hillf Danton
2024-05-18 0:20 ` syzbot
2024-05-18 1:33 ` Hillf Danton
2024-05-18 1:58 ` syzbot
2024-05-18 11:41 ` Hillf Danton
2024-05-18 12:01 ` syzbot
2024-05-18 13:32 ` Hillf Danton
2024-05-18 13:55 ` syzbot
2024-05-18 23:08 ` Hillf Danton
2024-05-18 23:30 ` syzbot
2024-05-19 0:14 ` Hillf Danton
2024-05-19 0:39 ` syzbot
2024-05-22 23:19 ` Hillf Danton
2024-05-22 23:44 ` syzbot
2024-05-23 14:37 ` David Howells
2024-05-23 15:04 ` syzbot
2024-05-23 16:46 ` asmadeus
2024-05-23 18:07 ` David Howells
2024-05-23 20:57 ` asmadeus [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zk-trSrUlNmodxLx@codewreck.org \
--to=asmadeus@codewreck.org \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+d7c7a495a5e466c031b6@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox