| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <jm44auneoeak3bwnqupyspmzc3u4kqbomrlzkdoetjt45ivogj@bcvh2633zioi> Date: Mon, 17 Jun 2024 11:12:06 -0700 From: Shakeel Butt <shakeel.butt@...ux.dev> To: Yu Zhao <yuzhao@...gle.com> Cc: syzbot <syzbot+12f0383f30f497b7f266@...kaller.appspotmail.com>, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in folio_evictable (2) On Sun, Jun 16, 2024 at 08:19:59PM GMT, Yu Zhao wrote: > On Sat, Jun 15, 2024 at 11:42 AM syzbot > <syzbot+12f0383f30f497b7f266@...kaller.appspotmail.com> wrote: > > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 2ef5971ff345 Merge tag 'vfs-6.10-rc4.fixes' of git://git.k.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=12873d96980000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=81c0d76ceef02b39 > > dashboard link: https://syzkaller.appspot.com/bug?extid=12f0383f30f497b7f266 > > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > > userspace arch: i386 > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > Downloadable assets: > > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-2ef5971f.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/85722ebc781d/vmlinux-2ef5971f.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/27fd8bd02a1e/bzImage-2ef5971f.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+12f0383f30f497b7f266@...kaller.appspotmail.com > > > > ================================================================== > > BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] > > BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] > > BUG: KASAN: slab-use-after-free in mapping_unevictable include/linux/pagemap.h:259 [inline] > > BUG: KASAN: slab-use-after-free in folio_evictable+0x7b/0x270 mm/internal.h:353 > > Read of size 8 at addr ffff88804b68ab18 by task kswapd0/111 > > > > CPU: 3 PID: 111 Comm: kswapd0 Not tainted 6.10.0-rc3-syzkaller-00021-g2ef5971ff345 #0 > > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 > > Call Trace: > > <TASK> > > __dump_stack lib/dump_stack.c:88 [inline] > > dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 > > print_address_description mm/kasan/report.c:377 [inline] > > print_report+0xc3/0x620 mm/kasan/report.c:488 > > kasan_report+0xd9/0x110 mm/kasan/report.c:601 > > check_region_inline mm/kasan/generic.c:183 [inline] > > kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 > > instrument_atomic_read include/linux/instrumented.h:68 [inline] > > _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] > > mapping_unevictable include/linux/pagemap.h:259 [inline] > > The memory folio->mapping pointed to was RCU freed and > mapping_unevictable() was under the RCU read lock. > > So probably the owner of that folio forgot to clear the mapping? > This seems like duplicate of another syzbot report at https://lore.kernel.org/all/0000000000008874480617ff1bad@google.com/T/ and https://lore.kernel.org/all/20240614131856.754-1-hdanton@sina.com/T/ #syz dup: [syzbot] [mm?] KASAN: slab-use-after-free Read in lru_add_fn
Powered by blists - more mailing lists