All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ming Lei <ming.lei@redhat.com>
To: Jens Axboe <axboe@kernel.dk>
Cc: syzbot <syzbot+99938118dfd9e1b0741a@syzkaller.appspotmail.com>,
	andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org,
	daniel@iogearbox.net, john.fastabend@gmail.com, kafai@fb.com,
	kpsingh@kernel.org, linux-block@vger.kernel.org,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	songliubraving@fb.com, syzkaller-bugs@googlegroups.com,
	yhs@fb.com, Christoph Hellwig <hch@lst.de>
Subject: Re: [syzbot] KASAN: use-after-free Read in bio_poll
Date: Tue, 10 May 2022 08:13:58 +0800	[thread overview]
Message-ID: <YnmuRuO4yplt8p/p@T590> (raw)
In-Reply-To: <a72282ef-650c-143b-4b88-5185009c3ec2@kernel.dk>

On Mon, May 09, 2022 at 11:02:41AM -0600, Jens Axboe wrote:
> On 5/9/22 10:14 AM, syzbot wrote:
> > Hello,
> > 
> > syzbot found the following issue on:
> > 
> > HEAD commit:    c5eb0a61238d Linux 5.18-rc6
> > git tree:       upstream
> > console+strace: https://syzkaller.appspot.com/x/log.txt?x=112bf03ef00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=79caa0035f59d385
> > dashboard link: https://syzkaller.appspot.com/bug?extid=99938118dfd9e1b0741a
> > compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12311571f00000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=177a2e86f00000
> > 
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+99938118dfd9e1b0741a@syzkaller.appspotmail.com
> > 
> > ==================================================================
> > BUG: KASAN: use-after-free in bio_poll+0x275/0x3c0 block/blk-core.c:942
> > Read of size 4 at addr ffff8880751d92b4 by task syz-executor486/3607
> > 
> > CPU: 0 PID: 3607 Comm: syz-executor486 Not tainted 5.18.0-rc6-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > Call Trace:
> >  <TASK>
> >  __dump_stack lib/dump_stack.c:88 [inline]
> >  dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
> >  print_address_description.constprop.0.cold+0xeb/0x495 mm/kasan/report.c:313
> >  print_report mm/kasan/report.c:429 [inline]
> >  kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491
> >  bio_poll+0x275/0x3c0 block/blk-core.c:942
> >  __iomap_dio_rw+0x10ee/0x1ae0 fs/iomap/direct-io.c:658
> >  iomap_dio_rw+0x38/0x90 fs/iomap/direct-io.c:681
> >  ext4_dio_write_iter fs/ext4/file.c:566 [inline]
> >  ext4_file_write_iter+0xe4d/0x1510 fs/ext4/file.c:677
> >  call_write_iter include/linux/fs.h:2050 [inline]
> >  do_iter_readv_writev+0x3d1/0x640 fs/read_write.c:726
> >  do_iter_write+0x182/0x700 fs/read_write.c:852
> >  vfs_writev+0x1aa/0x630 fs/read_write.c:925
> >  do_pwritev+0x1b6/0x270 fs/read_write.c:1022
> >  __do_sys_pwritev2 fs/read_write.c:1081 [inline]
> >  __se_sys_pwritev2 fs/read_write.c:1072 [inline]
> >  __x64_sys_pwritev2+0xeb/0x150 fs/read_write.c:1072
> >  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> >  do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> >  entry_SYSCALL_64_after_hwframe+0x44/0xae
> > RIP: 0033:0x7f6846af7e69
> 
> Guys, should we just queue:
> 
> ommit 9650b453a3d4b1b8ed4ea8bcb9b40109608d1faf
> Author: Ming Lei <ming.lei@redhat.com>
> Date:   Wed Apr 20 22:31:10 2022 +0800
> 
>     block: ignore RWF_HIPRI hint for sync dio
> 
> up for 5.18 and stable?

I am fine with merging to 5.18 & stable.


Thanks,
Ming


  reply	other threads:[~2022-05-10  0:14 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-09 16:14 [syzbot] KASAN: use-after-free Read in bio_poll syzbot
2022-05-09 17:02 ` Jens Axboe
2022-05-10  0:13   ` Ming Lei [this message]
2022-05-10  5:50     ` Christoph Hellwig
2022-05-10 12:45       ` Jens Axboe
2022-05-19 11:01         ` Dmitry Vyukov
2022-05-09 21:50 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YnmuRuO4yplt8p/p@T590 \
    --to=ming.lei@redhat.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=axboe@kernel.dk \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=hch@lst.de \
    --cc=john.fastabend@gmail.com \
    --cc=kafai@fb.com \
    --cc=kpsingh@kernel.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=songliubraving@fb.com \
    --cc=syzbot+99938118dfd9e1b0741a@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.