Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp3320687rwl; Mon, 27 Mar 2023 12:16:44 -0700 (PDT) X-Google-Smtp-Source: AKy350Ztm6OrcGs7aRw9vBTUKlHCkngGAhI0Ebaje2gjkO7IuZdqVDfDGXWZYqtLyhWDrrjDQC/W X-Received: by 2002:a17:906:e094:b0:862:c1d5:ea1b with SMTP id gh20-20020a170906e09400b00862c1d5ea1bmr12149051ejb.8.1679944604386; Mon, 27 Mar 2023 12:16:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679944604; cv=none; d=google.com; s=arc-20160816; b=nmXgGPBj51W+J3A9eyjN/gz1ck6Ez0YEn25Xa/NMzLO6lerrq1NyQzqVPA9ICrCCXQ 5QSm5p3nI2pB2X/7XnU0pvCTJCPESbiC9F5IO/e3FxNLLENK+tNUL/7EtxhSicCa75+u kk6qBEkupKNGf/ed9H3NF0hHaeR/Z0k7KDgJGW5ZzsPWjvozaoBIQOIW6FfwXJwfMF7S 42uKRmCyItatQbdz/h+bxU2GgKVlknL8ArDlcmAu/VNguWpWechJRWpOFj6xi35mrLS4 jyK8THRVrJlsWWZBrLppASHC2b8/ydDMqlU6q+RwFL4DvHSquFIZYFaP58G8FCCSwQix 7HPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=hCIxMCtVwvJudjfZUgG2jT2uTyvf4xuZUEIz2rDKMFI=; b=NkSsXuIjpPqGP7r4Yqf8WaMfKlJp6xey+Td86jzXUeyN656XJ0NyHIIQW6Rnk7r+pw hr7+JoQmLPmm43D6cTn+62eFBOebsqbDW2zLvm49qPqp3p0+o+99QEW1k1TPi6lAVj9E vDbGKZNAeh/BkjV+I9qkhSEuXuHvuqnJSkQ1gH8gGJ2DPLTbX4qBbxzkis/i5gQaG/nN zm/hPPys+bxCykPoorSl3Acshp5GM6qOnV1jLkIGTuyke/vOxxdpUZUpzDAzTIOizc0P cdS1s16wPcr5kXM1II5wJ2Fz23b0wYlpZQhzFpBPD8t26T4arGJqAlB/M6cLubbzWmH5 r+2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=NwtDg0rP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l5-20020a1709061c4500b0092ca204119esi13689948ejg.570.2023.03.27.12.16.19; Mon, 27 Mar 2023 12:16:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=NwtDg0rP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232694AbjC0TMx (ORCPT + 99 others); Mon, 27 Mar 2023 15:12:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232762AbjC0TMc (ORCPT ); Mon, 27 Mar 2023 15:12:32 -0400 Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7674D46A8 for ; Mon, 27 Mar 2023 12:12:20 -0700 (PDT) Received: by mail-qt1-x82f.google.com with SMTP id d75a77b69052e-3e392e10cc4so785571cf.0 for ; Mon, 27 Mar 2023 12:12:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1679944339; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=hCIxMCtVwvJudjfZUgG2jT2uTyvf4xuZUEIz2rDKMFI=; b=NwtDg0rPE+ibvY3zDSxy+0v5POp391qso4fB1BMcg/Ex+IctIn+nYEB6DEfvNSe1mc NETxtSk8dJM4AxayzkpUzYWIA+BI02N5f7IyeTsdZ6+qW4aU8zHNbmHAn40YwFI54rXn jTr8j8Qp4SdrhU9xAi4Nwkob1DaB6H7WlhcdHSm0z1mpuDOkVfPNPsljVcm+XE06Ffiy P1CvL5gVyQV8TsoV06LTDIokTfOuy3EuuuwfBU9eRY2WRLagh9sBc46ow1gu2RTyNXCi gZiBpL01x3x3e9E2luH9LssT/L10XPA5r4nhGnTP3SrRrM2X99csrWSimK+6iuAb3HmE 355Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679944339; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hCIxMCtVwvJudjfZUgG2jT2uTyvf4xuZUEIz2rDKMFI=; b=ShIB8PlwtO/2rZjqET1TRqMH+r1J9htZC2bEEODWsutB8Ssszpa/eYpMvxmWt/Fh6U tnN2uWIy6y8srgVSvNrd6DFw0RDRub5E94sO/MZnh4fV3VlIM+FekV+EYXogsEDnuVsP kSmHSQ++8nWQVRlnbJh/9bGX4tmzamx5yWiJLBQnLvvm1KqYagdaRZ1FjR8NX92n2Kqs 3PBoZCnXv5Ldrvds6rjViFoMzS+b3v+zEj1uVCCN6zT0ABb0VtBIbHO39Ha31cEHollW G7KwXKbHPM+N7xbnLQeNAxh7PK0h/cDRkV3tNqAM0JM29DEqdmls4TgtIYRs6KoMhuSd U2cw== X-Gm-Message-State: AAQBX9fYuCh4Uy48Y3bLW4x8f0lANgPMLKNw+iFY0RpQ+dzPKS9f/cQp rojeemp+U2fYToQNlmeCp40PJmNWAC3cnAOb4mCK+A== X-Received: by 2002:ac8:58cb:0:b0:3bf:b62a:508b with SMTP id u11-20020ac858cb000000b003bfb62a508bmr59524qta.12.1679944339546; Mon, 27 Mar 2023 12:12:19 -0700 (PDT) MIME-Version: 1.0 References: <000000000000bb028805f7dfab35@google.com> <2309ca53-a126-881f-1ffa-4f5415a32173@kernel.dk> In-Reply-To: <2309ca53-a126-881f-1ffa-4f5415a32173@kernel.dk> From: Aleksandr Nogikh Date: Mon, 27 Mar 2023 21:12:06 +0200 Message-ID: Subject: Re: [syzbot] Monthly io-uring report To: Jens Axboe Cc: syzbot , io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-15.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 27, 2023 at 8:23=E2=80=AFPM Jens Axboe wrote: > > On 3/27/23 5:01?AM, syzbot wrote: > > 1873 Yes WARNING in split_huge_page_to_list (2) > > https://syzkaller.appspot.com/bug?extid=3D07a218429c8d19b= 1fb25 > > 38 Yes KASAN: use-after-free Read in nfc_llcp_find_local > > https://syzkaller.appspot.com/bug?extid=3De7ac69e6a5d8061= 80b40 > > These two are not io_uring. Particularly for the latter, I think syzbot > has a tendency to guess it's io_uring if any kind of task_work is > involved. That means anything off fput ends up in that bucket. Can we > get that improved please? Sure, I'll update the rules and rerun the subsystem recognition. Currently syzbot sets io_uring if at least one is true a) The crash stack trace points to the io_uring sources (according to MAINTAINERS) b) At least one reproducer has the syz_io_uring_setup call (that's a helper function that's part of syzkaller). In general syzbot tries to minimize the reproducer, but unfortunately sometimes there remain some calls, which are not necessary per se. It definitely tried to get rid of them, but the reproducer was just not working with those calls cut out. Maybe they were just somehow affecting the global state and in the execution log there didn't exist any other call candidates, which could have fulfilled the purpose just as well. I can update b) to "all reproducers have syz_io_uring_setup". Then those two bugs won't match the criteria. If it doesn't suffice and there are still too many false positives, I can drop b) completely. By the way, should F: fs/io-wq.c also be added to the IO_URING's record in the MAINTAINERS file? -- Aleksandr > > -- > Jens Axboe >