lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 17 Jun 2024 11:12:06 -0700
From: Shakeel Butt <shakeel.butt@...ux.dev>
To: Yu Zhao <yuzhao@...gle.com>
Cc: syzbot <syzbot+12f0383f30f497b7f266@...kaller.appspotmail.com>, 
	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in
 folio_evictable (2)

On Sun, Jun 16, 2024 at 08:19:59PM GMT, Yu Zhao wrote:
> On Sat, Jun 15, 2024 at 11:42 AM syzbot
> <syzbot+12f0383f30f497b7f266@...kaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:    2ef5971ff345 Merge tag 'vfs-6.10-rc4.fixes' of git://git.k..
> > git tree:       upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=12873d96980000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=81c0d76ceef02b39
> > dashboard link: https://syzkaller.appspot.com/bug?extid=12f0383f30f497b7f266
> > compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> > userspace arch: i386
> >
> > Unfortunately, I don't have any reproducer for this issue yet.
> >
> > Downloadable assets:
> > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-2ef5971f.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/85722ebc781d/vmlinux-2ef5971f.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/27fd8bd02a1e/bzImage-2ef5971f.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+12f0383f30f497b7f266@...kaller.appspotmail.com
> >
> > ==================================================================
> > BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]
> > BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
> > BUG: KASAN: slab-use-after-free in mapping_unevictable include/linux/pagemap.h:259 [inline]
> > BUG: KASAN: slab-use-after-free in folio_evictable+0x7b/0x270 mm/internal.h:353
> > Read of size 8 at addr ffff88804b68ab18 by task kswapd0/111
> >
> > CPU: 3 PID: 111 Comm: kswapd0 Not tainted 6.10.0-rc3-syzkaller-00021-g2ef5971ff345 #0
> > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > Call Trace:
> >  <TASK>
> >  __dump_stack lib/dump_stack.c:88 [inline]
> >  dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
> >  print_address_description mm/kasan/report.c:377 [inline]
> >  print_report+0xc3/0x620 mm/kasan/report.c:488
> >  kasan_report+0xd9/0x110 mm/kasan/report.c:601
> >  check_region_inline mm/kasan/generic.c:183 [inline]
> >  kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
> >  instrument_atomic_read include/linux/instrumented.h:68 [inline]
> >  _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
> >  mapping_unevictable include/linux/pagemap.h:259 [inline]
> 
> The memory folio->mapping pointed to was RCU freed and
> mapping_unevictable() was under the RCU read lock.
> 
> So probably the owner of that folio forgot to clear the mapping?
> 

This seems like duplicate of another syzbot report at
https://lore.kernel.org/all/0000000000008874480617ff1bad@google.com/T/
and https://lore.kernel.org/all/20240614131856.754-1-hdanton@sina.com/T/

#syz dup: [syzbot] [mm?] KASAN: slab-use-after-free Read in lru_add_fn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ