lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Y1b205IpQEzBwB+T@monkey>
Date:   Mon, 24 Oct 2022 13:34:27 -0700
From:   Mike Kravetz <mike.kravetz@...cle.com>
To:     syzbot <syzbot+1b27d7a2722eabc2c5d5@...kaller.appspotmail.com>
Cc:     akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, llvm@...ts.linux.dev, nathan@...nel.org,
        ndesaulniers@...gle.com, songmuchun@...edance.com,
        syzkaller-bugs@...glegroups.com, trix@...hat.com
Subject: Re: [syzbot] KASAN: use-after-free Read in hugetlb_fault

On 10/23/22 15:03, syzbot wrote:
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    4d48f589d294 Add linux-next specific files for 20221021
> git tree:       linux-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=165e09b4880000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=2c4b7d600a5739a6
> dashboard link: https://syzkaller.appspot.com/bug?extid=1b27d7a2722eabc2c5d5
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1546e96a880000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=123eabd2880000

Thanks for the reproducer!

> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0c86bd0b39a0/disk-4d48f589.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/074059d37f1f/vmlinux-4d48f589.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+1b27d7a2722eabc2c5d5@...kaller.appspotmail.com
> 
> ==================================================================
> BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:72 [inline]
> BUG: KASAN: use-after-free in atomic_long_read include/linux/atomic/atomic-instrumented.h:1265 [inline]
> BUG: KASAN: use-after-free in is_rwsem_reader_owned kernel/locking/rwsem.c:193 [inline]
> BUG: KASAN: use-after-free in __down_read_common kernel/locking/rwsem.c:1262 [inline]
> BUG: KASAN: use-after-free in __down_read_common kernel/locking/rwsem.c:1255 [inline]
> BUG: KASAN: use-after-free in __down_read kernel/locking/rwsem.c:1269 [inline]
> BUG: KASAN: use-after-free in down_read+0x1d3/0x450 kernel/locking/rwsem.c:1511
> Read of size 8 at addr ffff88801263a508 by task syz-executor409/3698

Verified this is indeed addressed with,
https://lore.kernel.org/linux-mm/20221023025047.470646-1-mike.kravetz@oracle.com/
-- 
Mike Kravetz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ