CVE-2021-47512

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: fq_pie: prevent dismantle issue<br /> <br /> For some reason, fq_pie_destroy() did not copy<br /> working code from pie_destroy() and other qdiscs,<br /> thus causing elusive bug.<br /> <br /> Before calling del_timer_sync(&amp;q-&gt;adapt_timer),<br /> we need to ensure timer will not rearm itself.<br /> <br /> rcu: INFO: rcu_preempt self-detected stall on CPU<br /> rcu: 0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579<br /> (t=10501 jiffies g=13085 q=3989)<br /> NMI backtrace for cpu 0<br /> CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011<br /> Call Trace:<br /> <br /> __dump_stack lib/dump_stack.c:88 [inline]<br /> dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106<br /> nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111<br /> nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62<br /> trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]<br /> rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343<br /> print_cpu_stall kernel/rcu/tree_stall.h:627 [inline]<br /> check_cpu_stall kernel/rcu/tree_stall.h:711 [inline]<br /> rcu_pending kernel/rcu/tree.c:3878 [inline]<br /> rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597<br /> update_process_times+0x16d/0x200 kernel/time/timer.c:1785<br /> tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226<br /> tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428<br /> __run_hrtimer kernel/time/hrtimer.c:1685 [inline]<br /> __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749<br /> hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811<br /> local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]<br /> __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103<br /> sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097<br /> <br /> <br /> asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638<br /> RIP: 0010:write_comp_data kernel/kcov.c:221 [inline]<br /> RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273<br /> Code: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02 00 48 89 ce 4c 8b 54 24 08 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00<br /> RSP: 0018:ffffc90000d27b28 EFLAGS: 00000246<br /> RAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000<br /> RDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003<br /> RBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000<br /> R10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000<br /> R13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000<br /> pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418<br /> fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383<br /> call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421<br /> expire_timers kernel/time/timer.c:1466 [inline]<br /> __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734<br /> __run_timers kernel/time/timer.c:1715 [inline]<br /> run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747<br /> __do_softirq+0x29b/0x9c2 kernel/softirq.c:558<br /> run_ksoftirqd kernel/softirq.c:921 [inline]<br /> run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913<br /> smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164<br /> kthread+0x405/0x4f0 kernel/kthread.c:327<br /> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295<br />