[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250527142217.GA7747@noisy.programming.kicks-ass.net>
Date: Tue, 27 May 2025 16:22:17 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: syzbot <syzbot+9afaf6749e3a7aa1bdf3@...kaller.appspotmail.com>
Cc: andrealmeid@...lia.com, dave@...olabs.net, dvhart@...radead.org,
linux-kernel@...r.kernel.org, mingo@...hat.com,
syzkaller-bugs@...glegroups.com, tglx@...utronix.de,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Subject: Re: [syzbot] [kernel?] KASAN: wild-memory-access Read in
get_futex_key
On Tue, May 27, 2025 at 06:36:35AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 785cdec46e92 Merge tag 'x86-core-2025-05-25' of git://git...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=13e47df4580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=d7ed3189f3c3d3f3
> dashboard link: https://syzkaller.appspot.com/bug?extid=9afaf6749e3a7aa1bdf3
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17ad26d4580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=157f3170580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/af5446d375b0/disk-785cdec4.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/eb59d48f91fb/vmlinux-785cdec4.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/188617605a08/bzImage-785cdec4.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+9afaf6749e3a7aa1bdf3@...kaller.appspotmail.com
>
> ==================================================================
> BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline]
> BUG: KASAN: wild-memory-access in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
> BUG: KASAN: wild-memory-access in node_state include/linux/nodemask.h:429 [inline]
> BUG: KASAN: wild-memory-access in get_futex_key+0x595/0x1540 kernel/futex/core.c:587
> Read of size 8 at addr 1fffffff818b9088 by task syz-executor931/5831
>
> CPU: 0 UID: 0 PID: 5831 Comm: syz-executor931 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full)
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
> kasan_report+0xe0/0x110 mm/kasan/report.c:634
> check_region_inline mm/kasan/generic.c:183 [inline]
> kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189
> instrument_atomic_read include/linux/instrumented.h:68 [inline]
> _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
> node_state include/linux/nodemask.h:429 [inline]
> get_futex_key+0x595/0x1540 kernel/futex/core.c:587
Does the this help?
---
diff --git a/kernel/futex/core.c b/kernel/futex/core.c
index 19a2c65f3d37..e9e46293c0c1 100644
--- a/kernel/futex/core.c
+++ b/kernel/futex/core.c
@@ -583,8 +583,7 @@ int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key,
if (futex_get_value(&node, naddr))
return -EFAULT;
- if (node != FUTEX_NO_NODE &&
- (node >= MAX_NUMNODES || !node_possible(node)))
+ if ((unsigned)node >= nr_node_ids || !node_possible(node))
return -EINVAL;
}
Powered by blists - more mailing lists