Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp4576824ybf; Wed, 4 Mar 2020 06:40:34 -0800 (PST) X-Google-Smtp-Source: ADFU+vvonmrqCRmPGa61rm4uMFwxqp1EiirOBWr9KDAUhBNtqrVL9bP2mFa5hmSiPOQX6acCPaWU X-Received: by 2002:a54:468a:: with SMTP id k10mr2029750oic.3.1583332834649; Wed, 04 Mar 2020 06:40:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583332834; cv=none; d=google.com; s=arc-20160816; b=W0KX3LGgo5PHuO670TX1Puahy0pTCj7y5n22KfCQC3t6ZmFKlRQah4gMTbi+Ot5tUs 7sbGEf3BZVQv/rrTN+4MEZdXVWXFGWn6Jk3zy16uPvmrk06LgsJfJ6lexye/dyskGXxX RDR6PxTCNIhYhAiq28MVFaXOtti7TLwmQZrmbcupqtT1qfqJP6PzqPfVL8JtNnwkfhBD DrYayFp9RUnghFK9Mql2mUIbNjuWx5JNmiIg+AFEGdbirIooKoKftSiCx1OUck/NgWjc WwKOLpQzqlrNUmJgAnz7xcoBcWIeZlhM0vt2/3/2xqvkqiLAymBVXKJiNaxUXRZta1o2 gDdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=dMGVVFarDw73CfV5fUTk6Su35UJvJOifOzDgrmDUXRc=; b=yR3iztObN6LQwCkQl8O4+TvgzHaWpo5m4odQnbD5A9GTKDOZfMbPA3fdCers254Ejd TasurK/PEE3kGEg5pMFss1sQezGGnXF2K93RM/Hdp++ChfR9In1lgrFpQUpF3Hy+ZZF0 B5UfHKiyXNpDEQBmxHsGcZ6sOuJfY6pAK4GWISJuTX/XLEfTbQlxKpCXw0PceZMD8UNd r7PVbbcea6ft2JFDM7iGwejje+CbZHzTML3sE/nSZmbhMl++tN4vGDBXWHSdCZhiwZIt kmJKTthtGWp4qPnbgSriQwrz4Fyp5kJtDhbC+HkmcnGFKdUbeXGLeeAwkS5V5dvGg5Xm pQcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=Zn9CxSVl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p200si1277446oic.213.2020.03.04.06.40.22; Wed, 04 Mar 2020 06:40:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=Zn9CxSVl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726752AbgCDOkG (ORCPT + 99 others); Wed, 4 Mar 2020 09:40:06 -0500 Received: from mail-io1-f67.google.com ([209.85.166.67]:36369 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725765AbgCDOkF (ORCPT ); Wed, 4 Mar 2020 09:40:05 -0500 Received: by mail-io1-f67.google.com with SMTP id d15so2649868iog.3 for ; Wed, 04 Mar 2020 06:40:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=dMGVVFarDw73CfV5fUTk6Su35UJvJOifOzDgrmDUXRc=; b=Zn9CxSVlchouOG4GZgk7Nm4O/NAB0SnMeBa/JRkGZQ9G1OUrvvluEsXpyBEz8p0mbm 7wYFzOiTNUdcvsrB6Rvv5CcuSi1CFmYKyGmQmVo8he30G67WaU8kY5ZmaCpX13/5okzl KA6BcOXHqW21m8kffBdz9LGa8fLlHe/L+vgJkgYOgJU1kYf0fqdurzWAaaMthk9C24R4 PZ/4+OTiTWx44fuJjJuJajQQLJPFuchVQ9vRd62Ti3X+1x87hzclf65iIwzpQLwcyk9S juAGN51NgAopyDzlSLFxItv/TCemR9SYKMqZSNW27phIVAWaxpAEjIXz34t1ePEh6V+R cxLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=dMGVVFarDw73CfV5fUTk6Su35UJvJOifOzDgrmDUXRc=; b=bNbEnku/acRhfy4qQcnz6wV027s869VLa/ZTEiZmwA0W7VKOA17ZL2QjYm6uhX1LUK pDABTkYV4IqJWWDYjqEBirwBvNfUsvKQ4K/B6rraKR84p2wLayTbViWNSc+ZcMxSpfPg vTKIQENjX5td8mkCJrSFVoM2aR3bUDNsfMZ4AMKPsrPlqH2p85hJOk1BlHUWdRAMv7AW b/UReXstUDgsD+w6rpRC5MeiGt1qKKQpQzGyfu8w2LjaPNKyG0yrqIpKR6zn1CMTOlOU V6zgT2Q2hnbeOu1F49L5PiSSssTGlpG2qdq13YJx8q++W8OKBxs2+J5Ao96kYOTj2U6Z v0XQ== X-Gm-Message-State: ANhLgQ2QFakIWgdhtxAgTiP9nggKJIu8W1Q/Lc+nBxk4im7p0rVGut33 YHG1wuyxaCjxAXzpfxwJRfMKB9F7SpU= X-Received: by 2002:a6b:3756:: with SMTP id e83mr2523436ioa.133.1583332805008; Wed, 04 Mar 2020 06:40:05 -0800 (PST) Received: from [192.168.1.159] ([65.144.74.34]) by smtp.gmail.com with ESMTPSA id c24sm6544597iom.0.2020.03.04.06.40.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Mar 2020 06:40:04 -0800 (PST) Subject: Re: KASAN: use-after-free Read in percpu_ref_switch_to_atomic_rcu To: Dmitry Vyukov , syzbot , Al Viro , io-uring@vger.kernel.org, linux-fsdevel Cc: Borislav Petkov , "H. Peter Anvin" , LKML , Ingo Molnar , Peter Zijlstra , syzkaller-bugs , Thomas Gleixner , tony.luck@intel.com, the arch/x86 maintainers References: <00000000000067c6df059df7f9f5@google.com> From: Jens Axboe Message-ID: <3f805e51-1db7-3e57-c9a3-15a20699ea54@kernel.dk> Date: Wed, 4 Mar 2020 07:40:02 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/4/20 12:59 AM, Dmitry Vyukov wrote: > On Fri, Feb 7, 2020 at 9:14 AM syzbot > wrote: >> >> Hello, >> >> syzbot found the following crash on: >> >> HEAD commit: 4c7d00cc Merge tag 'pwm/for-5.6-rc1' of git://git.kernel.o.. >> git tree: upstream >> console output: https://syzkaller.appspot.com/x/log.txt?x=12fec785e00000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=e162021ddededa72 >> dashboard link: https://syzkaller.appspot.com/bug?extid=e017e49c39ab484ac87a >> compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) >> >> Unfortunately, I don't have any reproducer for this crash yet. >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit: >> Reported-by: syzbot+e017e49c39ab484ac87a@syzkaller.appspotmail.com > > +io_uring maintainers > > Here is a repro: > https://gist.githubusercontent.com/dvyukov/6b340beab6483a036f4186e7378882ce/raw/cd1922185516453c201df8eded1d4b006a6d6a3a/gistfile1.txt I've queued up a fix for this: https://git.kernel.dk/cgit/linux-block/commit/?h=io_uring-5.6&id=9875fe3dc4b8cff1f1b440fb925054a5124403c3 -- Jens Axboe