On 4/24/24 10:09, Christian König wrote:
To repeat what I already said on the other thread: Calling dma_buf_poll() while
fput() is in progress is illegal in the first place.
So there is nothing to fix in dma_buf_poll(), but rather to figure out who is
incorrectly calling fput().
Hm. OTOH it's legal if userspace app calls close([fd]) in one thread when
another
thread sleeps in (e)poll({..., [fd], ...}) (IIUC this is close to what the
syzbot
reproducer actually does). What behavior should be considered as valid in this
(yes, really weird) scenario?
Dmitry