Re: [syzbot] KASAN: use-after-free Read in idr_for_each (2)

From: Pavel Begunkov
Date: Mon Apr 19 2021 - 08:09:13 EST


On 4/15/21 7:28 PM, syzbot wrote:
> syzbot suspects this issue was fixed by commit:
>
> commit 61cf93700fe6359552848ed5e3becba6cd760efa
> Author: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
> Date: Mon Mar 8 14:16:16 2021 +0000
>
> io_uring: Convert personality_idr to XArray
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16f91b9ad00000
> start commit: dd86e7fa Merge tag 'pci-v5.11-fixes-2' of git://git.kernel..
> git tree: upstream
> kernel config: https://syzkaller.appspot.com/x/.config?x=e83e68d0a6aba5f6
> dashboard link: https://syzkaller.appspot.com/bug?extid=12056a09a0311d758e60
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=174b80ef500000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=165522d4d00000
>
> If the result looks correct, please mark the issue as fixed by replying with:
>
> #syz fix: io_uring: Convert personality_idr to XArray
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

#syz fix: io_uring: Convert personality_idr to XArray

--
Pavel Begunkov