From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dmitry Vyukov Subject: Re: KASAN: out-of-bounds Read in rds_cong_queue_updates (2) Date: Wed, 13 Jun 2018 13:14:55 +0200 Message-ID: References: <00000000000081bd9d056e813e48@google.com> <20180613101929.GA19385@oracle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: David Miller , netdev , rds-devel@oss.oracle.com, Santosh Shilimkar , Tetsuo Handa To: Sowmini Varadhan Return-path: Received: from mail-pg0-f68.google.com ([74.125.83.68]:34059 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934972AbeFMLPR (ORCPT ); Wed, 13 Jun 2018 07:15:17 -0400 Received: by mail-pg0-f68.google.com with SMTP id q4-v6so1129561pgr.1 for ; Wed, 13 Jun 2018 04:15:16 -0700 (PDT) In-Reply-To: <20180613101929.GA19385@oracle.com> Sender: netdev-owner@vger.kernel.org List-ID: On Wed, Jun 13, 2018 at 12:19 PM, Sowmini Varadhan wrote: > On (06/13/18 09:52), Dmitry Vyukov wrote: >> I think this is: >> >> #syz dup: KASAN: use-after-free Read in rds_cong_queue_updates > > Indeed. We'd had a discussion about getting a dump of threads > using sysrq (or similar), given the challenges around actually > getting a crash dump, is that now possible? That will certainly help. Still no automation around it. But you can add thread dump on panic locally. This is a common pattern recently that kernel does not provide enough information for debugging on bugs. +Testuo Since we panic on all kernel bugs, perhaps it's panic's work to dump as much info as possible. > another missing bit is that we still need the sychronize_net() > in rds_release(). I realize synchronize_net() is sub-optimal for perf, > but leaving this existing hole where races can occur in unexpected > manifestations is not ideal either. > (See https://www.spinics.net/lists/netdev/msg475074.html for earlier > discussion thread)