Hello, I have been trying to decipher a bug that my local syzkaller instance discovered in the v5.11.12 stable tree. I have more details in [1]. Could someone please review. [1] https://oswalpalash.com/exploring-null-ptr-deref-io-uring-submit/ Signed-off-by: Palash Oswal <hello@xxxxxxxxxxxxxxx> --- fs/io_uring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/io_uring.c b/fs/io_uring.c index 8b4213de9e08..00b35079b91a 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -8995,7 +8995,7 @@ static void io_disable_sqo_submit(struct io_ring_ctx *ctx) { mutex_lock(&ctx->uring_lock); ctx->sqo_dead = 1; - if (ctx->flags & IORING_SETUP_R_DISABLED) + if (ctx->flags & IORING_SETUP_R_DISABLED && ctx->sq_data) io_sq_offload_start(ctx); mutex_unlock(&ctx->uring_lock); -- 2.27.0
