From: Zubin Mithra <zsm@chromium.org>
To: stable@vger.kernel.org
Cc: gregkh@linuxfoundation.org, groeck@chromium.org, axboe@kernel.dk,
hch@lst.de, ming.lei@redhat.com, osandov@fb.com
Subject: 3d75ca0adef4 ("block: introduce multi-page bvec helpers")
Date: Fri, 5 Nov 2021 09:17:10 -0700 [thread overview]
Message-ID: <YYVZBuDaWBKT3vOS@google.com> (raw)
Hello,
A Syzkaller PoC causes a GPF with the following stacktrace in linux-4.14.y and linux-4.19.y.
BUG: KASAN: null-ptr-deref in get_page+0xf/0x65
Read of size 8 at addr 0000000000000008 by task poc2/3395
CPU: 0 PID: 3395 Comm: poc2 Not tainted 4.19.214-00936-g38ec06730e44 #59
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack+0xe7/0x131
kasan_report+0x22a/0x272
get_page+0xf/0x65
submit_page_section+0xf4/0x202
do_blockdev_direct_IO+0xb90/0xfb9
? dio_set_defer_completion+0x57/0x57
? lock_is_held_type+0x78/0x86
? jbd2_journal_stop+0x6fa/0x742
? ext4_get_block_trans+0x188/0x188
? lock_downgrade+0x29a/0x29a
? __blockdev_direct_IO+0x52/0x93
? do_journal_get_write_access+0x7b/0x7b
ext4_direct_IO+0x4eb/0x7ad
? ext4_get_block_trans+0x188/0x188
generic_file_direct_write+0x132/0x1d8
__generic_file_write_iter+0xa6/0x1c0
? generic_write_checks+0x173/0x19d
ext4_file_write_iter+0x450/0x549
? ext4_unwritten_wait+0x153/0x153
? iter_file_splice_write+0x11a/0x4d7
? lock_acquire+0x1a7/0x1e7
? iter_file_splice_write+0x11a/0x4d7
? lock_acquire+0x1b7/0x1e7
? match_held_lock+0x2e/0x102
? __lock_is_held+0x2a/0x87
do_iter_readv_writev+0x145/0x1b1
? file_start_write.isra.0+0x34/0x34
? avc_policy_seqno+0x1d/0x25
? selinux_file_permission+0xce/0x115
do_iter_write+0xa6/0xe6
iter_file_splice_write+0x337/0x4d7
? __do_compat_sys_vmsplice+0x16c/0x16c
? match_held_lock+0x2e/0x102
? lock_is_held_type+0x78/0x86
__do_sys_splice+0x6cc/0x8f6
? ipipe_prep.part.0+0x99/0x99
? mark_held_locks+0x2d/0x84
? do_syscall_64+0x14/0x90
do_syscall_64+0x74/0x90
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43f579
Could the following patch be applied to linux-4.19.y and linux-4.14.y?
linux-5.4.y has this commit.
3d75ca0adef4 ("block: introduce multi-page bvec helpers")
Tests run:
* Syzkaller reproducer
* Chrome OS tryjobs
Thanks,
- Zubin
next reply other threads:[~2021-11-05 16:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-05 16:17 Zubin Mithra [this message]
2021-11-08 7:01 ` 3d75ca0adef4 ("block: introduce multi-page bvec helpers") Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYVZBuDaWBKT3vOS@google.com \
--to=zsm@chromium.org \
--cc=axboe@kernel.dk \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=hch@lst.de \
--cc=ming.lei@redhat.com \
--cc=osandov@fb.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.