Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10534741rwl;
        Mon, 2 Jan 2023 04:21:39 -0800 (PST)
X-Google-Smtp-Source: AMrXdXs/y0hcswSEjj4NrwuWoxQa9AJjnTV6zsvIMuJfW0ouEZ1tfoAlyQ2PtmX2MPm7DMWLhaE0
X-Received: by 2002:a05:6402:f28:b0:46d:cf78:8c62 with SMTP id i40-20020a0564020f2800b0046dcf788c62mr35596924eda.27.1672662099053;
        Mon, 02 Jan 2023 04:21:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672662099; cv=none;
        d=google.com; s=arc-20160816;
        b=WozKfcyO/wfK8V3gnNpY4vePywSwRLy7xkwhGW0Y7MxWME4NcUTQCHEXs4OQQ8fVbB
         nf18TpzghC3+6bc3eCreISgOqzjbFdvU/Xc5mdpW0UeCQqZu26dPTSByEL+yiahrx1Ih
         uUzjs0JFzlsYd59wmbZk4lRm8sn0rWVlbgWEYNfGGOtU2tvTcHdsE2a+peLN51IgDDbI
         VBZzgrzQYu+Dq3B+KQR2z95xOnFLyRPQiYLUy1xO4FM84eDxs8i8OdfVeyjVsOx008AR
         u6s+ZKmXW62ITTgg2Sl0PrGmRApo2I+i2cBNQXfP+tMiOiQvmz6TQJeXQ7JuWmaoQC/Q
         ydig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=F0S4U7+fTNn/PPM2LEUUIETOtpqfY5ngMCVLsBSOEE0=;
        b=XIWRVIwOiImemUzK+Dn4grRk39TexaFkopaPoymQwwV7b9H1ubEzRgdjJLlSMLWWKI
         swMaqg0aUT285mYwYc+U9gdsTGo6B89d9l88wzicTfYcFbDZINzVeVXIP2JaoalOs8bA
         ajXplDsdtAIaFzhzWf2atHNbFO4w4NaovD27xL1MFgz7SOC/B1fJOHWsmU0yH0Y6kGH+
         MhfpqaGIkZBEYLtGqxk0SUGnEAsSMKPbxM6MDk9y+a5J8SO4vB+hRVMcnYubMdUhiDHz
         8voq8wOJcX2izNtAJTJW/B6Zyma7xLqIgMEi/QCSo+cvDeQ+5w7jAEvfxQb2GbzzbYqu
         8DEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@natalenko.name header.s=dkim-20170712 header.b=uPiO7YSk;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=natalenko.name
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id s13-20020a50ab0d000000b0046125ddf5easi24233014edc.185.2023.01.02.04.21.24;
        Mon, 02 Jan 2023 04:21:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@natalenko.name header.s=dkim-20170712 header.b=uPiO7YSk;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=natalenko.name
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232932AbjABLwP (ORCPT <rfc822;a839024@gmail.com> + 60 others);
        Mon, 2 Jan 2023 06:52:15 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32810 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232782AbjABLv7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Jan 2023 06:51:59 -0500
X-Greylist: delayed 154 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Mon, 02 Jan 2023 03:51:57 PST
Received: from vulcan.natalenko.name (vulcan.natalenko.name [IPv6:2001:19f0:6c00:8846:5400:ff:fe0c:dfa0])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF5FA26E6;
        Mon,  2 Jan 2023 03:51:56 -0800 (PST)
Received: from spock.localnet (unknown [83.148.33.151])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (No client certificate requested)
        by vulcan.natalenko.name (Postfix) with ESMTPSA id A023C119FCC3;
        Mon,  2 Jan 2023 12:45:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=natalenko.name;
        s=dkim-20170712; t=1672659931;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding;
        bh=F0S4U7+fTNn/PPM2LEUUIETOtpqfY5ngMCVLsBSOEE0=;
        b=uPiO7YSknuvcCgL1H6yNmgOF5bOChiPH/002jUE1asG+IosqDHn1E8zQN8f59FRQclKqj2
        QbSUA0X7K5qc0QaEG0QS4cbgMtCGLMzb88FegIolWhsQeifH+Cl3n2vZhTa1el7M1Hc0M+
        RkW80XTKXe2ZNjhWO7synZ1judcMu7k=
From:   Oleksandr Natalenko <oleksandr@natalenko.name>
To:     linux-kernel@vger.kernel.org
Cc:     Paolo Valente <paolo.valente@linaro.org>,
        Jens Axboe <axboe@kernel.dk>, linux-block@vger.kernel.org
Subject: BUG: KFENCE: use-after-free read in bfq_exit_icq_bfqq+0x132/0x270
Date:   Mon, 02 Jan 2023 12:45:30 +0100
Message-ID: <8202004.NyiUUSuA9g@natalenko.name>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello.

This is a sudden splash I've got while just using my workstation:

==================================================================
BUG: KFENCE: use-after-free read in bfq_exit_icq_bfqq+0x132/0x270
Use-after-free read at 0x00000000e57c579c (in kfence-#173):
 bfq_exit_icq_bfqq+0x132/0x270
 bfq_exit_icq+0x5e/0x80
 exit_io_context+0x88/0xb0
 do_exit+0x66c/0xb80
 kthread_exit+0x29/0x30
 kthread+0xbd/0x110
 ret_from_fork+0x22/0x30

kfence-#173: 0x000000005d7be631-0x000000006ad0b684, size=568, cache=bfq_queue
allocated by task 40147 on cpu 16 at 13975.114285s:
 bfq_get_queue+0xdf/0x4e0
 bfq_get_bfqq_handle_split+0x75/0x170
 bfq_insert_requests+0x832/0x2580
 blk_mq_sched_insert_requests+0x63/0x150
 blk_mq_flush_plug_list+0x122/0x360
 __blk_flush_plug+0x106/0x160
 blk_finish_plug+0x29/0x40
 dm_bufio_prefetch+0x108/0x4d0 [dm_bufio]
 dm_tm_issue_prefetches+0x44/0x70 [dm_persistent_data]
 dm_pool_issue_prefetches+0x39/0x43 [dm_thin_pool]
 do_worker+0x4c/0xd60 [dm_thin_pool]
 process_one_work+0x258/0x410
 worker_thread+0x55/0x4c0
 kthread+0xde/0x110
 ret_from_fork+0x22/0x30

freed by task 40147 on cpu 20 at 14500.096700s:
 bfq_put_queue+0x185/0x2d0
 bfq_exit_icq_bfqq+0x129/0x270
 bfq_exit_icq+0x5e/0x80
 exit_io_context+0x88/0xb0
 do_exit+0x66c/0xb80
 kthread_exit+0x29/0x30
 kthread+0xbd/0x110
 ret_from_fork+0x22/0x30

CPU: 20 PID: 40147 Comm: kworker/dying Tainted: G        W          6.1.0-pf2 #1 ff5dbde5ea280110a73397797e059b8558cda111
Hardware name: ASUS System Product Name/Pro WS X570-ACE, BIOS 4304 12/12/2022
==================================================================

I'm using v6.1.2, never experienced this before and cannot reproduce it at will. This kernel does not have any extra patches for the block layer on top of v6.1.2.

In case you know what's going on, please let me know.

Thanks!

-- 
Oleksandr Natalenko (post-factum)