On 7/26/21 1:44 PM, Sudip Mukherjee wrote: > Hi Greg, > > On Mon, Jul 26, 2021 at 01:08:38PM +0200, Greg Kroah-Hartman wrote: >> On Mon, Jul 26, 2021 at 11:57:22AM +0100, Pavel Begunkov wrote: >>> On 7/26/21 11:29 AM, Sudip Mukherjee wrote: >>>> Hi Pavel, >>>> >>>> We had been running syzkaller on v5.10.y and a "use after free" is being >>>> reported for v5.10.43+ kernels. >>> >>> "... # 5.12+", weird, but perhaps due to dependencies. >>> Thanks for letting know. >>> >>> >>> Greg, Sasha, should be same as reported for 5.12 >>> >>> https://www.spinics.net/lists/stable/msg485116.html >>> >>> Can you try to apply it to 5.10 or should I resend? >> >> I just tried applying those patches and they did not work. So can you >> provide some new backports? > > Here is the backport for v5.10.y. I have also tested these with the > syzkaller repro and the issue is fixed. Thanks trying out, but it should be leaking requests (rarely), because io_cqring_add_event() doesn't put a ref unlike io_req_complete_post() from the original patch. I'll get to it today double checking refcounting. -- Pavel Begunkov
