Good afternoon Pavel, > syzbot has tested the proposed patch and the reproducer did not trigger any issue: > > Reported-and-tested-by: syzbot+9671693590ef5aad8953@xxxxxxxxxxxxxxxxxxxxxxxxx > > Tested on: > > commit: bff2c168 io_uring: don't retry with truncated iter > git tree: https://github.com/isilence/linux.git truncate > kernel config: https://syzkaller.appspot.com/x/.config?x=730106bfb5bf8ace > dashboard link: https://syzkaller.appspot.com/bug?extid=9671693590ef5aad8953 > compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1 > > Note: testing is done by a robot and is best-effort only. As you can see in the 'dashboard link' above this bug also affects android-5-10 which is currently based on v5.10.75. I see that the back-port of this patch failed in v5.10.y: https://lore.kernel.org/stable/163152589512611@xxxxxxxxx/ And after solving the build-error by back-porting both: 2112ff5ce0c11 iov_iter: track truncated size 89c2b3b749182 io_uring: reexpand under-reexpanded iters I now see execution tripping the WARN() in iov_iter_revert(): if (WARN_ON(unroll > MAX_RW_COUNT)) return Am I missing any additional patches required to fix stable/v5.10.y? Any help would be gratefully received. Kind regards, Lee -- Lee Jones [李琼斯] Senior Technical Lead - Developer Services Linaro.org │ Open source software for Arm SoCs Follow Linaro: Facebook | Twitter | Blog
