Great, thank you. Something I forgot to mention on the Bugzilla ticket is that recvmsg() always returns the same provided buffer id even if this buffer is being currently used in user space and hasn't been returned to the kernel. For example, if you provide 100 buffers (ids 0 - 99) and never return them back to the kernel after each recvmsg call, then further calls to recvmsg() will keep returning buffer id 99 until the kernel runs out of buffers. I suspect the kernel null pointer dereference bug might be related to this behaviour as well. Thanks again. On Tue, Jul 6, 2021 at 12:47 PM Pavel Begunkov <asml.silence@xxxxxxxxx> wrote: > > On 7/4/21 10:50 AM, Mauro De Gennaro wrote: > > Hi, > > > > First time reporting what seems to be a kernel bug, so I apologise if > > I am not supposed to send bug reports to this mailing list as well. > > The report was filed at Bugzilla: > > That's exactly the right place to report, not everyone monitor > bugzilla, if any at all. Thanks for letting know > > > https://bugzilla.kernel.org/show_bug.cgi?id=213639 > > > > It happens on 5.11 and I haven't tested the code yet on newer kernels. > > -- > Pavel Begunkov
