* 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
@ 2021-11-05 16:17 Zubin Mithra
2021-11-08 7:01 ` Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Zubin Mithra @ 2021-11-05 16:17 UTC (permalink / raw)
To: stable; +Cc: gregkh, groeck, axboe, hch, ming.lei, osandov
Hello,
A Syzkaller PoC causes a GPF with the following stacktrace in linux-4.14.y and linux-4.19.y.
BUG: KASAN: null-ptr-deref in get_page+0xf/0x65
Read of size 8 at addr 0000000000000008 by task poc2/3395
CPU: 0 PID: 3395 Comm: poc2 Not tainted 4.19.214-00936-g38ec06730e44 #59
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack+0xe7/0x131
kasan_report+0x22a/0x272
get_page+0xf/0x65
submit_page_section+0xf4/0x202
do_blockdev_direct_IO+0xb90/0xfb9
? dio_set_defer_completion+0x57/0x57
? lock_is_held_type+0x78/0x86
? jbd2_journal_stop+0x6fa/0x742
? ext4_get_block_trans+0x188/0x188
? lock_downgrade+0x29a/0x29a
? __blockdev_direct_IO+0x52/0x93
? do_journal_get_write_access+0x7b/0x7b
ext4_direct_IO+0x4eb/0x7ad
? ext4_get_block_trans+0x188/0x188
generic_file_direct_write+0x132/0x1d8
__generic_file_write_iter+0xa6/0x1c0
? generic_write_checks+0x173/0x19d
ext4_file_write_iter+0x450/0x549
? ext4_unwritten_wait+0x153/0x153
? iter_file_splice_write+0x11a/0x4d7
? lock_acquire+0x1a7/0x1e7
? iter_file_splice_write+0x11a/0x4d7
? lock_acquire+0x1b7/0x1e7
? match_held_lock+0x2e/0x102
? __lock_is_held+0x2a/0x87
do_iter_readv_writev+0x145/0x1b1
? file_start_write.isra.0+0x34/0x34
? avc_policy_seqno+0x1d/0x25
? selinux_file_permission+0xce/0x115
do_iter_write+0xa6/0xe6
iter_file_splice_write+0x337/0x4d7
? __do_compat_sys_vmsplice+0x16c/0x16c
? match_held_lock+0x2e/0x102
? lock_is_held_type+0x78/0x86
__do_sys_splice+0x6cc/0x8f6
? ipipe_prep.part.0+0x99/0x99
? mark_held_locks+0x2d/0x84
? do_syscall_64+0x14/0x90
do_syscall_64+0x74/0x90
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43f579
Could the following patch be applied to linux-4.19.y and linux-4.14.y?
linux-5.4.y has this commit.
3d75ca0adef4 ("block: introduce multi-page bvec helpers")
Tests run:
* Syzkaller reproducer
* Chrome OS tryjobs
Thanks,
- Zubin
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
2021-11-05 16:17 3d75ca0adef4 ("block: introduce multi-page bvec helpers") Zubin Mithra
@ 2021-11-08 7:01 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2021-11-08 7:01 UTC (permalink / raw)
To: Zubin Mithra; +Cc: stable, groeck, axboe, hch, ming.lei, osandov
On Fri, Nov 05, 2021 at 09:17:10AM -0700, Zubin Mithra wrote:
> Hello,
>
> A Syzkaller PoC causes a GPF with the following stacktrace in linux-4.14.y and linux-4.19.y.
>
> BUG: KASAN: null-ptr-deref in get_page+0xf/0x65
> Read of size 8 at addr 0000000000000008 by task poc2/3395
>
> CPU: 0 PID: 3395 Comm: poc2 Not tainted 4.19.214-00936-g38ec06730e44 #59
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
> Call Trace:
> dump_stack+0xe7/0x131
> kasan_report+0x22a/0x272
> get_page+0xf/0x65
> submit_page_section+0xf4/0x202
> do_blockdev_direct_IO+0xb90/0xfb9
> ? dio_set_defer_completion+0x57/0x57
> ? lock_is_held_type+0x78/0x86
> ? jbd2_journal_stop+0x6fa/0x742
> ? ext4_get_block_trans+0x188/0x188
> ? lock_downgrade+0x29a/0x29a
> ? __blockdev_direct_IO+0x52/0x93
> ? do_journal_get_write_access+0x7b/0x7b
> ext4_direct_IO+0x4eb/0x7ad
> ? ext4_get_block_trans+0x188/0x188
> generic_file_direct_write+0x132/0x1d8
> __generic_file_write_iter+0xa6/0x1c0
> ? generic_write_checks+0x173/0x19d
> ext4_file_write_iter+0x450/0x549
> ? ext4_unwritten_wait+0x153/0x153
> ? iter_file_splice_write+0x11a/0x4d7
> ? lock_acquire+0x1a7/0x1e7
> ? iter_file_splice_write+0x11a/0x4d7
> ? lock_acquire+0x1b7/0x1e7
> ? match_held_lock+0x2e/0x102
> ? __lock_is_held+0x2a/0x87
> do_iter_readv_writev+0x145/0x1b1
> ? file_start_write.isra.0+0x34/0x34
> ? avc_policy_seqno+0x1d/0x25
> ? selinux_file_permission+0xce/0x115
> do_iter_write+0xa6/0xe6
> iter_file_splice_write+0x337/0x4d7
> ? __do_compat_sys_vmsplice+0x16c/0x16c
> ? match_held_lock+0x2e/0x102
> ? lock_is_held_type+0x78/0x86
> __do_sys_splice+0x6cc/0x8f6
> ? ipipe_prep.part.0+0x99/0x99
> ? mark_held_locks+0x2d/0x84
> ? do_syscall_64+0x14/0x90
> do_syscall_64+0x74/0x90
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x43f579
>
> Could the following patch be applied to linux-4.19.y and linux-4.14.y?
> linux-5.4.y has this commit.
> 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
>
> Tests run:
> * Syzkaller reproducer
> * Chrome OS tryjobs
Now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-08 7:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-05 16:17 3d75ca0adef4 ("block: introduce multi-page bvec helpers") Zubin Mithra
2021-11-08 7:01 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).