Am 01.03.2018 um 10:30 schrieb Johannes Berg: > Hi, > >> syzbot hit the following crash on upstream commit >> f3afe530d644488a074291da04a69a296ab63046 (Tue Feb 27 22:02:39 2018 +0000) >> Merge branch 'fixes-v4.16-rc4' of >> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security >> >> So far this crash happened 4 times on upstream. >> Unfortunately, I don't have any reproducer for this crash yet. >> Raw console output is attached. > That's ... a pretty complex scenario. > > Looks like we have a race between destroying a network namespace, which > moves everything back into the init_ns and may have to rename objects > asynchronously (cleanup_net), with destroying the radio in hwsim that's > also asynchronous (destroy_radio). > > Benjamin, would you be able to take a look at this? I'm preparing for a > trip and will leave Saturday for a week so I don't think I'll be able > to really dig into this before mid-March. > > johannes > After having a look, we can not asynchronously delete the interfaces here, because after the callback they need to be already gone. We could simply put a workqueue flush after the loop, but since we have no unbounded workqueue (which would also not be useful here I think), this only will delay things further. Therefore I will create a patch, which deletes synchronously here. -- M.Sc. Benjamin Beichler Universität Rostock, Fakultät für Informatik und Elektrotechnik Institut für Angewandte Mikroelektronik und Datentechnik University of Rostock, Department of CS and EE Institute of Applied Microelectronics and CE Richard-Wagner-Straße 31 18119 Rostock Deutschland/Germany phone: +49 (0) 381 498 - 7278 email: Benjamin.Beichler@xxxxxxxxxxxxxx www: http://www.imd.uni-rostock.de/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature