Re: [syzbot] KASAN: use-after-free Read in tctx_task_work (2)

From: Pavel Begunkov
Date: Thu Aug 19 2021 - 16:57:03 EST


On 8/19/21 6:25 PM, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger any issue

https://git.kernel.dk/cgit/linux-block/commit/?h=for-5.15/io_uring&id=84a8ffdcd42da1f0710819e863a7db4309d4ceac

Ok, looks this patch broke it. I need to look where I'm wrong,
but for now it should be dropped.

>
> Reported-and-tested-by: syzbot+9c3492b27d10dc49ffa6@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> Tested on:
>
> commit: 923ffe35 Revert "io_uring: improve tctx_task_work() ct..
> git tree: https://github.com/isilence/linux.git syztest_ctx_tw
> kernel config: https://syzkaller.appspot.com/x/.config?x=cb4282936412304f
> dashboard link: https://syzkaller.appspot.com/bug?extid=9c3492b27d10dc49ffa6
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
>
> Note: testing is done by a robot and is best-effort only.
>

--
Pavel Begunkov