Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10534741rwl; Mon, 2 Jan 2023 04:21:39 -0800 (PST) X-Google-Smtp-Source: AMrXdXs/y0hcswSEjj4NrwuWoxQa9AJjnTV6zsvIMuJfW0ouEZ1tfoAlyQ2PtmX2MPm7DMWLhaE0 X-Received: by 2002:a05:6402:f28:b0:46d:cf78:8c62 with SMTP id i40-20020a0564020f2800b0046dcf788c62mr35596924eda.27.1672662099053; Mon, 02 Jan 2023 04:21:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672662099; cv=none; d=google.com; s=arc-20160816; b=WozKfcyO/wfK8V3gnNpY4vePywSwRLy7xkwhGW0Y7MxWME4NcUTQCHEXs4OQQ8fVbB nf18TpzghC3+6bc3eCreISgOqzjbFdvU/Xc5mdpW0UeCQqZu26dPTSByEL+yiahrx1Ih uUzjs0JFzlsYd59wmbZk4lRm8sn0rWVlbgWEYNfGGOtU2tvTcHdsE2a+peLN51IgDDbI VBZzgrzQYu+Dq3B+KQR2z95xOnFLyRPQiYLUy1xO4FM84eDxs8i8OdfVeyjVsOx008AR u6s+ZKmXW62ITTgg2Sl0PrGmRApo2I+i2cBNQXfP+tMiOiQvmz6TQJeXQ7JuWmaoQC/Q ydig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=F0S4U7+fTNn/PPM2LEUUIETOtpqfY5ngMCVLsBSOEE0=; b=XIWRVIwOiImemUzK+Dn4grRk39TexaFkopaPoymQwwV7b9H1ubEzRgdjJLlSMLWWKI swMaqg0aUT285mYwYc+U9gdsTGo6B89d9l88wzicTfYcFbDZINzVeVXIP2JaoalOs8bA ajXplDsdtAIaFzhzWf2atHNbFO4w4NaovD27xL1MFgz7SOC/B1fJOHWsmU0yH0Y6kGH+ MhfpqaGIkZBEYLtGqxk0SUGnEAsSMKPbxM6MDk9y+a5J8SO4vB+hRVMcnYubMdUhiDHz 8voq8wOJcX2izNtAJTJW/B6Zyma7xLqIgMEi/QCSo+cvDeQ+5w7jAEvfxQb2GbzzbYqu 8DEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@natalenko.name header.s=dkim-20170712 header.b=uPiO7YSk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=natalenko.name Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s13-20020a50ab0d000000b0046125ddf5easi24233014edc.185.2023.01.02.04.21.24; Mon, 02 Jan 2023 04:21:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@natalenko.name header.s=dkim-20170712 header.b=uPiO7YSk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=natalenko.name Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232932AbjABLwP (ORCPT + 60 others); Mon, 2 Jan 2023 06:52:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232782AbjABLv7 (ORCPT ); Mon, 2 Jan 2023 06:51:59 -0500 X-Greylist: delayed 154 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Mon, 02 Jan 2023 03:51:57 PST Received: from vulcan.natalenko.name (vulcan.natalenko.name [IPv6:2001:19f0:6c00:8846:5400:ff:fe0c:dfa0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF5FA26E6; Mon, 2 Jan 2023 03:51:56 -0800 (PST) Received: from spock.localnet (unknown [83.148.33.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by vulcan.natalenko.name (Postfix) with ESMTPSA id A023C119FCC3; Mon, 2 Jan 2023 12:45:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=natalenko.name; s=dkim-20170712; t=1672659931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F0S4U7+fTNn/PPM2LEUUIETOtpqfY5ngMCVLsBSOEE0=; b=uPiO7YSknuvcCgL1H6yNmgOF5bOChiPH/002jUE1asG+IosqDHn1E8zQN8f59FRQclKqj2 QbSUA0X7K5qc0QaEG0QS4cbgMtCGLMzb88FegIolWhsQeifH+Cl3n2vZhTa1el7M1Hc0M+ RkW80XTKXe2ZNjhWO7synZ1judcMu7k= From: Oleksandr Natalenko To: linux-kernel@vger.kernel.org Cc: Paolo Valente , Jens Axboe , linux-block@vger.kernel.org Subject: BUG: KFENCE: use-after-free read in bfq_exit_icq_bfqq+0x132/0x270 Date: Mon, 02 Jan 2023 12:45:30 +0100 Message-ID: <8202004.NyiUUSuA9g@natalenko.name> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello. This is a sudden splash I've got while just using my workstation: ================================================================== BUG: KFENCE: use-after-free read in bfq_exit_icq_bfqq+0x132/0x270 Use-after-free read at 0x00000000e57c579c (in kfence-#173): bfq_exit_icq_bfqq+0x132/0x270 bfq_exit_icq+0x5e/0x80 exit_io_context+0x88/0xb0 do_exit+0x66c/0xb80 kthread_exit+0x29/0x30 kthread+0xbd/0x110 ret_from_fork+0x22/0x30 kfence-#173: 0x000000005d7be631-0x000000006ad0b684, size=568, cache=bfq_queue allocated by task 40147 on cpu 16 at 13975.114285s: bfq_get_queue+0xdf/0x4e0 bfq_get_bfqq_handle_split+0x75/0x170 bfq_insert_requests+0x832/0x2580 blk_mq_sched_insert_requests+0x63/0x150 blk_mq_flush_plug_list+0x122/0x360 __blk_flush_plug+0x106/0x160 blk_finish_plug+0x29/0x40 dm_bufio_prefetch+0x108/0x4d0 [dm_bufio] dm_tm_issue_prefetches+0x44/0x70 [dm_persistent_data] dm_pool_issue_prefetches+0x39/0x43 [dm_thin_pool] do_worker+0x4c/0xd60 [dm_thin_pool] process_one_work+0x258/0x410 worker_thread+0x55/0x4c0 kthread+0xde/0x110 ret_from_fork+0x22/0x30 freed by task 40147 on cpu 20 at 14500.096700s: bfq_put_queue+0x185/0x2d0 bfq_exit_icq_bfqq+0x129/0x270 bfq_exit_icq+0x5e/0x80 exit_io_context+0x88/0xb0 do_exit+0x66c/0xb80 kthread_exit+0x29/0x30 kthread+0xbd/0x110 ret_from_fork+0x22/0x30 CPU: 20 PID: 40147 Comm: kworker/dying Tainted: G W 6.1.0-pf2 #1 ff5dbde5ea280110a73397797e059b8558cda111 Hardware name: ASUS System Product Name/Pro WS X570-ACE, BIOS 4304 12/12/2022 ================================================================== I'm using v6.1.2, never experienced this before and cannot reproduce it at will. This kernel does not have any extra patches for the block layer on top of v6.1.2. In case you know what's going on, please let me know. Thanks! -- Oleksandr Natalenko (post-factum)