lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250527142217.GA7747@noisy.programming.kicks-ass.net>
Date: Tue, 27 May 2025 16:22:17 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: syzbot <syzbot+9afaf6749e3a7aa1bdf3@...kaller.appspotmail.com>
Cc: andrealmeid@...lia.com, dave@...olabs.net, dvhart@...radead.org,
	linux-kernel@...r.kernel.org, mingo@...hat.com,
	syzkaller-bugs@...glegroups.com, tglx@...utronix.de,
	Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Subject: Re: [syzbot] [kernel?] KASAN: wild-memory-access Read in
 get_futex_key

On Tue, May 27, 2025 at 06:36:35AM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    785cdec46e92 Merge tag 'x86-core-2025-05-25' of git://git...
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=13e47df4580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=d7ed3189f3c3d3f3
> dashboard link: https://syzkaller.appspot.com/bug?extid=9afaf6749e3a7aa1bdf3
> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17ad26d4580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=157f3170580000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/af5446d375b0/disk-785cdec4.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/eb59d48f91fb/vmlinux-785cdec4.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/188617605a08/bzImage-785cdec4.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+9afaf6749e3a7aa1bdf3@...kaller.appspotmail.com
> 
> ==================================================================
> BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline]
> BUG: KASAN: wild-memory-access in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
> BUG: KASAN: wild-memory-access in node_state include/linux/nodemask.h:429 [inline]
> BUG: KASAN: wild-memory-access in get_futex_key+0x595/0x1540 kernel/futex/core.c:587
> Read of size 8 at addr 1fffffff818b9088 by task syz-executor931/5831
> 
> CPU: 0 UID: 0 PID: 5831 Comm: syz-executor931 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) 
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:94 [inline]
>  dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
>  kasan_report+0xe0/0x110 mm/kasan/report.c:634
>  check_region_inline mm/kasan/generic.c:183 [inline]
>  kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189
>  instrument_atomic_read include/linux/instrumented.h:68 [inline]
>  _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
>  node_state include/linux/nodemask.h:429 [inline]
>  get_futex_key+0x595/0x1540 kernel/futex/core.c:587

Does the this help?

---
diff --git a/kernel/futex/core.c b/kernel/futex/core.c
index 19a2c65f3d37..e9e46293c0c1 100644
--- a/kernel/futex/core.c
+++ b/kernel/futex/core.c
@@ -583,8 +583,7 @@ int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key,
 		if (futex_get_value(&node, naddr))
 			return -EFAULT;
 
-		if (node != FUTEX_NO_NODE &&
-		    (node >= MAX_NUMNODES || !node_possible(node)))
+		if ((unsigned)node >= nr_node_ids || !node_possible(node))
 			return -EINVAL;
 	}
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ