Re: weird use-after-free bug in module_put

2012-10-19 Thread Dmitry Torokhov
On Fri, Oct 19, 2012 at 06:50:46PM +0100, Al Viro wrote: > On Fri, Oct 19, 2012 at 10:36:39AM -0700, Dmitry Torokhov wrote: > > On Fri, Oct 19, 2012 at 06:09:51PM +0100, Al Viro wrote: > > > On Fri, Oct 19, 2012 at 09:33:18AM -0700, Dmitry Torokhov wrote: > > > > > > > We are now removing instance

Re: weird use-after-free bug in module_put

2012-10-19 Thread Al Viro
On Fri, Oct 19, 2012 at 10:36:39AM -0700, Dmitry Torokhov wrote: > On Fri, Oct 19, 2012 at 06:09:51PM +0100, Al Viro wrote: > > On Fri, Oct 19, 2012 at 09:33:18AM -0700, Dmitry Torokhov wrote: > > > > > We are now removing instance of character device corresponding to input > > > device when input

Re: weird use-after-free bug in module_put

2012-10-19 Thread Dmitry Torokhov
On Fri, Oct 19, 2012 at 06:09:51PM +0100, Al Viro wrote: > On Fri, Oct 19, 2012 at 09:33:18AM -0700, Dmitry Torokhov wrote: > > > We are now removing instance of character device corresponding to input > > device when input device disappears. > > > > Ah, I know... cdev is embedded in evdev, but l

Re: weird use-after-free bug in module_put

2012-10-19 Thread Al Viro
On Fri, Oct 19, 2012 at 09:33:18AM -0700, Dmitry Torokhov wrote: > We are now removing instance of character device corresponding to input > device when input device disappears. > > Ah, I know... cdev is embedded in evdev, but lives longer.. I do want to > keep cdev embedded as it allows me to ea

Re: weird use-after-free bug in module_put

2012-10-19 Thread Dmitry Torokhov
Hi Dave, On Fri, Oct 19, 2012 at 11:34:52AM -0400, Dave Jones wrote: > On Fri, Oct 19, 2012 at 10:43:51AM -0400, Dave Jones wrote: > > I've hit this twice in the last two days while fuzz testing. > > (Both times on i686 only, my x86-64 tests aren't hitting it > > for some reason). > > > > B

Re: weird use-after-free bug in module_put

2012-10-19 Thread Dave Jones
On Fri, Oct 19, 2012 at 10:43:51AM -0400, Dave Jones wrote: > I've hit this twice in the last two days while fuzz testing. > (Both times on i686 only, my x86-64 tests aren't hitting it > for some reason). > > BUG: unable to handle kernel paging request at 6b6b6ce3 > IP: [] module_put+0x1e/0

weird use-after-free bug in module_put

2012-10-19 Thread Dave Jones
I've hit this twice in the last two days while fuzz testing. (Both times on i686 only, my x86-64 tests aren't hitting it for some reason). BUG: unable to handle kernel paging request at 6b6b6ce3 IP: [] module_put+0x1e/0x160 *pdpt = 25a4b001 *pde = Oops: [#1] PREEMPT