lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87ldh0a07x.ffs@tglx>
Date: Tue, 10 Feb 2026 20:05:06 +0100
From: Thomas Gleixner <tglx@...utronix.de>
To: syzbot <syzbot+28bdcfc1dab2ffa279a5@...kaller.appspotmail.com>,
 bp@...en8.de, dave.hansen@...ux.intel.com, davem@...emloft.net,
 dsahern@...nel.org, edumazet@...gle.com, horms@...nel.org, hpa@...or.com,
 kuba@...nel.org, linux-kernel@...r.kernel.org, mingo@...hat.com,
 netdev@...r.kernel.org, pabeni@...hat.com,
 syzkaller-bugs@...glegroups.com, x86@...nel.org
Subject: Re: [syzbot] [net?] KMSAN: uninit-value in __schedule (5)

On Mon, Feb 09 2026 at 10:35, syzbot wrote:

> syzbot has found a reproducer for the following issue on:
>
> HEAD commit:    05f7e89ab973 Linux 6.19
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=17daf65a580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=df890e720d1bb80
> dashboard link: https://syzkaller.appspot.com/bug?extid=28bdcfc1dab2ffa279a5
> compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1029533a580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ea9f39c5175d/disk-05f7e89a.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/734edeebfa32/vmlinux-05f7e89a.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/a2cb36d849f0/bzImage-05f7e89a.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+28bdcfc1dab2ffa279a5@...kaller.appspotmail.com
>
> ==================================================================
> BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline]
> BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
> BUG: KASAN: slab-use-after-free in membarrier_switch_mm kernel/sched/sched.h:3666 [inline]
> BUG: KASAN: slab-use-after-free in context_switch kernel/sched/core.c:5230 [inline]
> BUG: KASAN: slab-use-after-free in __schedule+0xc56/0x5fa0 kernel/sched/core.c:6867
> Read of size 4 at addr ffff88801db4e2c0 by task kworker/u8:1/13

That's most likely the same issue as with the futex report. Caused by a
double mmdrop() in do_procmap_query(). The reproducer fiddles with
that...

See https://lore.kernel.org/all/20260129215340.3742283-1-andrii@kernel.org/T/#m5250c5bf0612d19c7991b6454f309e41776982be

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ