On 10/27/22 4:04 AM, Kanchan Joshi wrote:
> If cache does not have any entry, make sure to detect that and return
> failure. Otherwise this leads to null pointer dereference.
>
> Fixes: 13a184e26965 ("block/bio: add pcpu caching for non-polling bio_put")
> Signed-off-by: Kanchan Joshi <joshi.k@xxxxxxxxxxx>
> ---
> Can be reproduced by:
> fio -direct=1 -iodepth=1 -rw=randread -ioengine=io_uring -bs=4k -numjobs=1 -size=4k -filename=/dev/nvme0n1 -hipri=1 -name=block
>
> BUG: KASAN: null-ptr-deref in bio_alloc_bioset.cold+0x2a/0x16a
> Read of size 8 at addr 0000000000000000 by task fio/1835
>
> CPU: 5 PID: 1835 Comm: fio Not tainted 6.1.0-rc2+ #226
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g
> Call Trace:
> <TASK>
> dump_stack_lvl+0x34/0x48
> print_report+0x490/0x4a1
> ? __virt_addr_valid+0x28/0x140
> ? bio_alloc_bioset.cold+0x2a/0x16a
> kasan_report+0xb3/0x130
> ? bio_alloc_bioset.cold+0x2a/0x16a
> bio_alloc_bioset.cold+0x2a/0x16a
> ? bvec_alloc+0xf0/0xf0
> ? iov_iter_is_aligned+0x130/0x2c0
> blkdev_direct_IO.part.0+0x16a/0x8d0
Was going to apply this, but after running some testing, it does
fix the initial crash but I still get weird corruption crashes
with the series it's fixing.
Pavel, I'm going to drop this series for now.
--
Jens Axboe
