| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250527142217.GA7747@noisy.programming.kicks-ass.net> Date: Tue, 27 May 2025 16:22:17 +0200 From: Peter Zijlstra <peterz@...radead.org> To: syzbot <syzbot+9afaf6749e3a7aa1bdf3@...kaller.appspotmail.com> Cc: andrealmeid@...lia.com, dave@...olabs.net, dvhart@...radead.org, linux-kernel@...r.kernel.org, mingo@...hat.com, syzkaller-bugs@...glegroups.com, tglx@...utronix.de, Sebastian Andrzej Siewior <bigeasy@...utronix.de> Subject: Re: [syzbot] [kernel?] KASAN: wild-memory-access Read in get_futex_key On Tue, May 27, 2025 at 06:36:35AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 785cdec46e92 Merge tag 'x86-core-2025-05-25' of git://git... > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=13e47df4580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d7ed3189f3c3d3f3 > dashboard link: https://syzkaller.appspot.com/bug?extid=9afaf6749e3a7aa1bdf3 > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17ad26d4580000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=157f3170580000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/af5446d375b0/disk-785cdec4.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/eb59d48f91fb/vmlinux-785cdec4.xz > kernel image: https://storage.googleapis.com/syzbot-assets/188617605a08/bzImage-785cdec4.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+9afaf6749e3a7aa1bdf3@...kaller.appspotmail.com > > ================================================================== > BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG: KASAN: wild-memory-access in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] > BUG: KASAN: wild-memory-access in node_state include/linux/nodemask.h:429 [inline] > BUG: KASAN: wild-memory-access in get_futex_key+0x595/0x1540 kernel/futex/core.c:587 > Read of size 8 at addr 1fffffff818b9088 by task syz-executor931/5831 > > CPU: 0 UID: 0 PID: 5831 Comm: syz-executor931 Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full) > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 > Call Trace: > <TASK> > __dump_stack lib/dump_stack.c:94 [inline] > dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 > kasan_report+0xe0/0x110 mm/kasan/report.c:634 > check_region_inline mm/kasan/generic.c:183 [inline] > kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189 > instrument_atomic_read include/linux/instrumented.h:68 [inline] > _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] > node_state include/linux/nodemask.h:429 [inline] > get_futex_key+0x595/0x1540 kernel/futex/core.c:587 Does the this help? --- diff --git a/kernel/futex/core.c b/kernel/futex/core.c index 19a2c65f3d37..e9e46293c0c1 100644 --- a/kernel/futex/core.c +++ b/kernel/futex/core.c @@ -583,8 +583,7 @@ int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key, if (futex_get_value(&node, naddr)) return -EFAULT; - if (node != FUTEX_NO_NODE && - (node >= MAX_NUMNODES || !node_possible(node))) + if ((unsigned)node >= nr_node_ids || !node_possible(node)) return -EINVAL; }
Powered by blists - more mailing lists