On 9/9/20 4:03 AM, Stefano Garzarella wrote: > On Wed, Sep 09, 2020 at 01:49:22AM -0700, syzbot wrote: >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: dff9f829 Add linux-next specific files for 20200908 >> git tree: linux-next >> console output: https://syzkaller.appspot.com/x/log.txt?x=112f880d900000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=37b3426c77bda44c >> dashboard link: https://syzkaller.appspot.com/bug?extid=3c23789ea938faaef049 >> compiler: gcc (GCC) 10.1.0-syz 20200507 >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17c082a5900000 >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1474f5f9900000 >> >> Bisection is inconclusive: the first bad commit could be any of: >> >> d730b1a2 io_uring: add IOURING_REGISTER_RESTRICTIONS opcode >> 7ec3d1dd io_uring: allow disabling rings during the creation > > I'm not sure it is related, but while rebasing I forgot to update the > right label in the error path. > > Since the check of ring state is after the increase of ctx refcount, we > need to decrease it jumping to 'out' label instead of 'out_fput': > diff --git a/fs/io_uring.c b/fs/io_uring.c > index d00eb6bf6ce9..f35da516095a 100644 > --- a/fs/io_uring.c > +++ b/fs/io_uring.c > @@ -8649,7 +8649,7 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, > goto out_fput; > > if (ctx->flags & IORING_SETUP_R_DISABLED) > - goto out_fput; > + goto out; > > /* > * For SQ polling, the thread will do all submissions and completions. > > I'll send a patch ASAP and check if it solves this issue. I think that's a separate bug, it's definitely a bug. So please do send the fix, thanks. -- Jens Axboe
