[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Y1b205IpQEzBwB+T@monkey>
Date: Mon, 24 Oct 2022 13:34:27 -0700
From: Mike Kravetz <mike.kravetz@...cle.com>
To: syzbot <syzbot+1b27d7a2722eabc2c5d5@...kaller.appspotmail.com>
Cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, llvm@...ts.linux.dev, nathan@...nel.org,
ndesaulniers@...gle.com, songmuchun@...edance.com,
syzkaller-bugs@...glegroups.com, trix@...hat.com
Subject: Re: [syzbot] KASAN: use-after-free Read in hugetlb_fault
On 10/23/22 15:03, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 4d48f589d294 Add linux-next specific files for 20221021
> git tree: linux-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=165e09b4880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2c4b7d600a5739a6
> dashboard link: https://syzkaller.appspot.com/bug?extid=1b27d7a2722eabc2c5d5
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1546e96a880000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123eabd2880000
Thanks for the reproducer!
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0c86bd0b39a0/disk-4d48f589.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/074059d37f1f/vmlinux-4d48f589.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+1b27d7a2722eabc2c5d5@...kaller.appspotmail.com
>
> ==================================================================
> BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:72 [inline]
> BUG: KASAN: use-after-free in atomic_long_read include/linux/atomic/atomic-instrumented.h:1265 [inline]
> BUG: KASAN: use-after-free in is_rwsem_reader_owned kernel/locking/rwsem.c:193 [inline]
> BUG: KASAN: use-after-free in __down_read_common kernel/locking/rwsem.c:1262 [inline]
> BUG: KASAN: use-after-free in __down_read_common kernel/locking/rwsem.c:1255 [inline]
> BUG: KASAN: use-after-free in __down_read kernel/locking/rwsem.c:1269 [inline]
> BUG: KASAN: use-after-free in down_read+0x1d3/0x450 kernel/locking/rwsem.c:1511
> Read of size 8 at addr ffff88801263a508 by task syz-executor409/3698
Verified this is indeed addressed with,
https://lore.kernel.org/linux-mm/20221023025047.470646-1-mike.kravetz@oracle.com/
--
Mike Kravetz
Powered by blists - more mailing lists