Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1446990iob; Thu, 19 May 2022 06:54:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrgmilA9tYrxwS210M4dE5NAc6R0w8y4QUhL2mnbiIXy5M13qZSYzrgaJRlzC5mPahY/5X X-Received: by 2002:a17:907:161f:b0:6f6:b288:b397 with SMTP id hb31-20020a170907161f00b006f6b288b397mr4350092ejc.303.1652968494434; Thu, 19 May 2022 06:54:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652968494; cv=none; d=google.com; s=arc-20160816; b=guMmDdstwBdD+xRYQaRxUQx2J7+R2JnIGXWPGq7+wV5xLxOa+cTJcM9po0s0uo8Eza dimbyII8+56lOSIXrT+UacmPWosvSCFnMUxTp+kvi1xyZe4dQh+j8Vt54n8KSnvvte4o 3jOlK6vSS5hcuIjFqjPRp87wM5JDJ2001CTfilLStfwc9Q3O+xIPq2a+Z7qQueOIk6UE RoVOwtxEp/zXcf85TkRek0an8lzTrzOWeKxmJcpTMTQm35oIZaFfXYcZRDZjIhZw/cKy MffkDHTFdScUW63afYGn+jl5r+NcZdRdVQr5jz1mQvBxT/dOLUIFs7+D+aL6M7dhD1AB clTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=gS9JeUMKm9gLH6I0YioZSKZRpDTxg6jGf/FW7Dub0V8=; b=lUyIFDfIoezP99ajwrzKsfYwWmiScUo12fAlhfoVr5Mwx7R+9oZsbhUGMk0qCx4lXy mDW9Z4UjCkJZNc4ga9mg76jcwZeTfWuAmDfsXbq+dWtgXQK+dRVLCXjKa4Y62CkowE0X qkB3vvHbvPT2EAyt3GLDq2ykwkN+X+LDXhKtiSnxOK7BRPSdyfMa3FSd0KTcczpfcNkN BUNhMCd61+Pamp4YHxnXFggOBMJa3lXd7V3kX1n95l1oErkCvHQU1TeTrimXYZn2zXKZ dG1JNuYIKv4snV+NrH29AdVYbZ/T3ZLzCRLJbQC2vnR/IC5UDeye25yrzh4ZFd/qozXU +YUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=HeZ4SGYO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id do19-20020a170906c11300b006fe8a47df0fsi4736460ejc.697.2022.05.19.06.54.27; Thu, 19 May 2022 06:54:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=HeZ4SGYO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237126AbiESLB4 (ORCPT + 99 others); Thu, 19 May 2022 07:01:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44608 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229882AbiESLBn (ORCPT ); Thu, 19 May 2022 07:01:43 -0400 Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA3B525CD for ; Thu, 19 May 2022 04:01:39 -0700 (PDT) Received: by mail-lf1-x136.google.com with SMTP id l13so1799112lfp.11 for ; Thu, 19 May 2022 04:01:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gS9JeUMKm9gLH6I0YioZSKZRpDTxg6jGf/FW7Dub0V8=; b=HeZ4SGYOa+2JHEfI08Yn/5kzSBr64/rwPIJu2FmEX4E1rjIoJLOOFID5KiiSbR2+Nn +8yE3t89kPEm3aXfx9O7JeuBHM9uh584pY5M2vIS3SK+oKNAiHfRaJPos5xNt0hpjwkE /Xtypl54qoYJMXYc+OJGCxDvFa36dNB8OqhkVcsRICX3Ue/gi3kTvB3leaITh2rbETSW lOx81NBdXrXwI1aYDCTILOgN2JUSICoEsujF0JiHKt24V1jsy8sczyQY0Ato4JRcBkrc y0sWuklE48qtX7GDOqya0p2rHIr3bIJJ4q4iGhcFcfL+SZOqQoLyaIVQgfVWqSbMfd8r 2SkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gS9JeUMKm9gLH6I0YioZSKZRpDTxg6jGf/FW7Dub0V8=; b=fbKSaFfH7xNMqDCqPjIffeK45vSkOgESuW44d0KxKfRGoSVyfoOcqmc07nM8iYB3+/ 74nz6/jNz6keCiq1Aib+Iavr67VXaLdvRWcMvLXafAcNoXTBE8wZbdUYgLLvXCfZvFuL bdkSQucdYqIFO4lUjcNrwE0+mMhDncyI1YAHTxB4APWQOyj6HgNeK1fWJLAGHgWjqltt 1biPRwgvvigcKHA3X9w846kLIUnl6klpzBRvAjXHM1V3g09Mz24O/toBaZJzY2Myemxr LOHOETRymDPaXvstWy9/KEt545lX9sMuTRhYx45OpyMp9Ag1d6M7MpoTI7zTRf4EkejO 2duA== X-Gm-Message-State: AOAM533So8qzsALjBNK9YuQeqIoZhBJy8qIGWPcZwp51HRxsUolt/B9r Bl7IcmWFHdcqGu2u+Xp4yUBI27v5m+/Un7ZLf296Mnnb3khB5g== X-Received: by 2002:a05:6512:3f13:b0:464:f55f:7806 with SMTP id y19-20020a0565123f1300b00464f55f7806mr2934429lfa.598.1652958097345; Thu, 19 May 2022 04:01:37 -0700 (PDT) MIME-Version: 1.0 References: <00000000000029572505de968021@google.com> <20220510055039.GA10576@lst.de> <0e1b3d10-ae79-f987-187e-58109441ccee@kernel.dk> In-Reply-To: <0e1b3d10-ae79-f987-187e-58109441ccee@kernel.dk> From: Dmitry Vyukov Date: Thu, 19 May 2022 13:01:25 +0200 Message-ID: Subject: Re: [syzbot] KASAN: use-after-free Read in bio_poll To: syzbot , syzkaller-bugs@googlegroups.com Cc: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 10 May 2022 at 14:45, Jens Axboe wrote: > > On 5/9/22 11:50 PM, Christoph Hellwig wrote: > > On Tue, May 10, 2022 at 08:13:58AM +0800, Ming Lei wrote: > >>> Guys, should we just queue: > >>> > >>> ommit 9650b453a3d4b1b8ed4ea8bcb9b40109608d1faf > >>> Author: Ming Lei > >>> Date: Wed Apr 20 22:31:10 2022 +0800 > >>> > >>> block: ignore RWF_HIPRI hint for sync dio > >>> > >>> up for 5.18 and stable? > >> > >> I am fine with merging to 5.18 & stable. > > > > I'm fine, too. But are we sure this actually is one and the same > > issue? Otherwise I'll try to find some time to feed it to syzbot > > first. > > I re-wrote the reproducer a bit and can reproduce it, so I can certainly > test a backport. But yes, I was skeptical on this being the same issue > too. My initial reaction was that this is likely due to the bio being > "downgraded" from polled to IRQ driven, and hence completes without an > extra reference before the bio_poll() is done on it. Which is not the > issue described in the referenced commit. #syz fix: block: ignore RWF_HIPRI hint for sync dio