* Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
[not found] <20230827123619.3750-1-hdanton@sina.com>
@ 2023-08-27 13:19 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2023-08-27 13:19 UTC (permalink / raw)
To: hdanton, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+f25c61df1ec3d235d52f@syzkaller.appspotmail.com
Tested on:
commit: 28c736b0 Add linux-next specific files for 20230822
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=13e2b3bba80000
kernel config: https://syzkaller.appspot.com/x/.config?x=20999f779fa96017
dashboard link: https://syzkaller.appspot.com/bug?extid=f25c61df1ec3d235d52f
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1362b3bba80000
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
2023-08-26 16:53 syzbot
2023-08-28 9:20 ` Christian Brauner
@ 2023-08-28 9:22 ` Christian Brauner
1 sibling, 0 replies; 8+ messages in thread
From: Christian Brauner @ 2023-08-28 9:22 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, jack, linux-fsdevel, linux-kernel, syzkaller-bugs, tj
#syz dup: KASAN: slab-use-after-free Read in fuse_test_super
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
2023-08-28 9:20 ` Christian Brauner
@ 2023-08-28 9:20 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2023-08-28 9:20 UTC (permalink / raw)
To: brauner
Cc: brauner, gregkh, jack, linux-fsdevel, linux-kernel, syzkaller-bugs, tj
> #syz dup: [syzbot] [fuse?] KASAN: slab-use-after-free Read in fuse_test_super
can't find the dup bug
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
2023-08-26 16:53 syzbot
@ 2023-08-28 9:20 ` Christian Brauner
2023-08-28 9:20 ` syzbot
2023-08-28 9:22 ` Christian Brauner
1 sibling, 1 reply; 8+ messages in thread
From: Christian Brauner @ 2023-08-28 9:20 UTC (permalink / raw)
To: syzbot; +Cc: gregkh, jack, linux-fsdevel, linux-kernel, syzkaller-bugs, tj
#syz dup: [syzbot] [fuse?] KASAN: slab-use-after-free Read in fuse_test_super
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
[not found] <20230827100849.3681-1-hdanton@sina.com>
@ 2023-08-27 11:04 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2023-08-27 11:04 UTC (permalink / raw)
To: hdanton, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
T1] RPL Segment Routing with IPv6
[ 22.153462][ T1] In-situ OAM (IOAM) with IPv6
[ 22.158633][ T1] mip6: Mobile IPv6
[ 22.167745][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 22.185212][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 22.197237][ T1] NET: Registered PF_PACKET protocol family
[ 22.203406][ T1] NET: Registered PF_KEY protocol family
[ 22.209481][ T1] Bridge firewalling registered
[ 22.214972][ T1] NET: Registered PF_X25 protocol family
[ 22.220716][ T1] X25: Linux Version 0.2
[ 22.301783][ T1] NET: Registered PF_NETROM protocol family
[ 22.389320][ T1] NET: Registered PF_ROSE protocol family
[ 22.395297][ T1] NET: Registered PF_AX25 protocol family
[ 22.401145][ T1] can: controller area network core
[ 22.407441][ T1] NET: Registered PF_CAN protocol family
[ 22.413109][ T1] can: raw protocol
[ 22.417186][ T1] can: broadcast manager protocol
[ 22.422248][ T1] can: netlink gateway - max_hops=1
[ 22.427654][ T1] can: SAE J1939
[ 22.431196][ T1] can: isotp protocol (max_pdu_size 8300)
[ 22.437369][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 22.443097][ T1] Bluetooth: RFCOMM socket layer initialized
[ 22.449713][ T1] Bluetooth: RFCOMM ver 1.11
[ 22.454468][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 22.460598][ T1] Bluetooth: BNEP filters: protocol multicast
[ 22.467157][ T1] Bluetooth: BNEP socket layer initialized
[ 22.472946][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 22.478826][ T1] Bluetooth: CMTP socket layer initialized
[ 22.484665][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 22.491508][ T1] Bluetooth: HIDP socket layer initialized
[ 22.502104][ T1] NET: Registered PF_RXRPC protocol family
[ 22.508020][ T1] Key type rxrpc registered
[ 22.512934][ T1] Key type rxrpc_s registered
[ 22.519379][ T1] NET: Registered PF_KCM protocol family
[ 22.526198][ T1] lec:lane_module_init: lec.c: initialized
[ 22.532235][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 22.538764][ T1] l2tp_core: L2TP core driver, V2.0
[ 22.544063][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 22.549753][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 22.556606][ T1] l2tp_netlink: L2TP netlink interface
[ 22.562260][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 22.569431][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 22.577749][ T1] NET: Registered PF_PHONET protocol family
[ 22.584800][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 22.608369][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 22.614078][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 22.621209][ T1] DCCP is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 22.632363][ T1] sctp: Hash tables configured (bind 32/56)
[ 22.641253][ T1] NET: Registered PF_RDS protocol family
[ 22.647757][ T1] Registered RDS/infiniband transport
[ 22.653720][ T1] Registered RDS/tcp transport
[ 22.658688][ T1] tipc: Activated (version 2.0.0)
[ 22.664367][ T1] NET: Registered PF_TIPC protocol family
[ 22.670831][ T1] tipc: Started in single node mode
[ 22.676860][ T1] NET: Registered PF_SMC protocol family
[ 22.682686][ T1] 9pnet: Installing 9P2000 support
[ 22.688768][ T1] NET: Registered PF_CAIF protocol family
[ 22.702700][ T1] NET: Registered PF_IEEE802154 protocol family
[ 22.710080][ T1] Key type dns_resolver registered
[ 22.715485][ T1] Key type ceph registered
[ 22.720499][ T1] libceph: loaded (mon/osd proto 15/24)
[ 22.728520][ T1] batman_adv: B.A.T.M.A.N. advanced 2023.3 (compatibility version 15) loaded
[ 22.737761][ T1] openvswitch: Open vSwitch switching datapath
[ 22.747749][ T1] NET: Registered PF_VSOCK protocol family
[ 22.753909][ T1] mpls_gso: MPLS GSO support
[ 22.767156][ T1] start plist test
[ 22.776649][ T1] end plist test
[ 22.789647][ T1] IPI shorthand broadcast: enabled
[ 22.795205][ T1] AVX2 version of gcm_enc/dec engaged.
[ 22.800844][ T1] AES CTR mode by8 optimization enabled
[ 24.946860][ T1] sched_clock: Marking stable (24900021811, 44080130)->(24947471898, -3369957)
[ 24.963256][ T1] registered taskstats version 1
[ 24.991977][ T1] Loading compiled-in X.509 certificates
[ 25.002988][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 6ff01a4b96c932563103f4d4fff2d5d5224413d4'
[ 25.018103][ T1] zswap: loaded using pool lzo/zbud
[ 25.254541][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 28.206068][ T1] Key type .fscrypt registered
[ 28.210844][ T1] Key type fscrypt-provisioning registered
[ 28.225620][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 28.251109][ T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[ 28.259400][ T1] Key type big_key registered
[ 28.266816][ T1] Key type encrypted registered
[ 28.271690][ T1] AppArmor: AppArmor sha1 policy hashing enabled
[ 28.278086][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 28.284455][ T1] Loading compiled-in module X.509 certificates
[ 28.295355][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 6ff01a4b96c932563103f4d4fff2d5d5224413d4'
[ 28.306295][ T1] ima: Allocated hash algorithm: sha256
[ 28.311992][ T1] ima: No architecture policies found
[ 28.317903][ T1] evm: Initialising EVM extended attributes:
[ 28.323988][ T1] evm: security.selinux (disabled)
[ 28.329111][ T1] evm: security.SMACK64 (disabled)
[ 28.334298][ T1] evm: security.SMACK64EXEC (disabled)
[ 28.340638][ T1] evm: security.SMACK64TRANSMUTE (disabled)
[ 28.346557][ T1] evm: security.SMACK64MMAP (disabled)
[ 28.352203][ T1] evm: security.apparmor
[ 28.356464][ T1] evm: security.ima
[ 28.360293][ T1] evm: security.capability
[ 28.364715][ T1] evm: HMAC attrs: 0x1
[ 28.371158][ T1] PM: Magic number: 3:991:932
[ 28.379710][ T1] printk: console [netcon0] enabled
[ 28.384982][ T1] netconsole: network logging started
[ 28.390833][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 28.398542][ T1] rdma_rxe: loaded
[ 28.403224][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 28.415177][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 28.423103][ T54] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 28.432796][ T54] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 28.442788][ T1] clk: Disabling unused clocks
[ 28.448246][ T1] ALSA device list:
[ 28.452320][ T1] #0: Dummy 1
[ 28.456220][ T1] #1: Loopback 1
[ 28.459931][ T1] #2: Virtual MIDI Card 1
[ 28.466828][ T1] md: Waiting for all devices to be available before autodetect
[ 28.474753][ T1] md: If you don't use raid, use raid=noautodetect
[ 28.481592][ T1] md: Autodetecting RAID arrays.
[ 28.486591][ T1] md: autorun ...
[ 28.490209][ T1] md: ... autorun DONE.
[ 28.550861][ T1] EXT4-fs (sda1): mounted filesystem 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 ro with ordered data mode. Quota mode: none.
[ 28.563733][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 28.584466][ T1] devtmpfs: mounted
[ 28.752930][ T1] Freeing unused kernel image (initmem) memory: 3396K
[ 28.759784][ T1] Write protecting the kernel read-only data: 188416k
[ 28.769443][ T1] Freeing unused kernel image (rodata/data gap) memory: 700K
[ 28.896155][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 28.908769][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 28.918782][ T1] Run /sbin/init as init process
[ 28.923727][ T1] with arguments:
[ 28.927591][ T1] /sbin/init
[ 28.931132][ T1] with environment:
[ 28.935216][ T1] HOME=/
[ 28.938421][ T1] TERM=linux
[ 28.941948][ T1] spec_store_bypass_disable=prctl
[ 28.947789][ T1] BOOT_IMAGE=/boot/bzImage
[ 29.033669][ T1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 29.045504][ T1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 29.053923][ T1] CPU: 1 PID: 1 Comm: init Not tainted 6.5.0-rc7-next-20230822-syzkaller-dirty #0
[ 29.063122][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 29.073176][ T1] RIP: 0010:do_raw_spin_lock+0x6e/0x2b0
[ 29.078757][ T1] Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
[ 29.098364][ T1] RSP: 0000:ffffc90000067b28 EFLAGS: 00010247
[ 29.104512][ T1] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 29.112477][ T1] RDX: 0000000000000000 RSI: ffffffff8ae8fc60 RDI: 0000000000000004
[ 29.120616][ T1] RBP: 1ffff9200000cf66 R08: 0000000000000000 R09: fffffbfff1d9ba3a
[ 29.128598][ T1] R10: ffffffff8ecdd1d7 R11: ffffffff8a3cdc9d R12: 0000000000000000
[ 29.136743][ T1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000680000
[ 29.144714][ T1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 29.153649][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.160258][ T1] CR2: 00007ffc17ddb229 CR3: 0000000026fb0000 CR4: 00000000003506e0
[ 29.168335][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.176321][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.184297][ T1] Call Trace:
[ 29.187574][ T1] <TASK>
[ 29.190504][ T1] ? show_regs+0x8f/0xa0
[ 29.194762][ T1] ? die_addr+0x4f/0xd0
[ 29.198926][ T1] ? exc_general_protection+0x154/0x230
[ 29.204761][ T1] ? asm_exc_general_protection+0x26/0x30
[ 29.210679][ T1] ? syscall_exit_to_user_mode+0x1d/0x60
[ 29.216327][ T1] ? do_raw_spin_lock+0x6e/0x2b0
[ 29.221382][ T1] ? spin_bug+0x1d0/0x1d0
[ 29.225722][ T1] ? lock_release+0x4bf/0x680
[ 29.230413][ T1] ? dput+0x251/0xfd0
[ 29.234447][ T1] list_lru_add+0xce/0x540
[ 29.238877][ T1] ? dput+0x39/0xfd0
[ 29.243068][ T1] dput+0x87f/0xfd0
[ 29.246888][ T1] proc_kill_sb+0x6d/0x100
[ 29.251320][ T1] deactivate_locked_super+0x19c/0x2d0
[ 29.256793][ T1] deactivate_super+0xde/0x100
[ 29.261580][ T1] cleanup_mnt+0x222/0x3d0
[ 29.266442][ T1] mntput_no_expire+0x864/0xbc0
[ 29.271303][ T1] ? do_raw_spin_unlock+0x173/0x230
[ 29.276528][ T1] ? _raw_spin_unlock+0x28/0x40
[ 29.281394][ T1] ? mnt_get_count+0x1e0/0x1e0
[ 29.286165][ T1] ? _raw_spin_unlock+0x28/0x40
[ 29.291024][ T1] mntput+0x6b/0x90
[ 29.294874][ T1] __fput+0x560/0xa70
[ 29.298875][ T1] task_work_run+0x14d/0x240
[ 29.303486][ T1] ? task_work_cancel+0x30/0x30
[ 29.308359][ T1] ? kernel_execve+0x3f9/0x4e0
[ 29.313223][ T1] exit_to_user_mode_prepare+0x210/0x240
[ 29.318874][ T1] syscall_exit_to_user_mode+0x1d/0x60
[ 29.324339][ T1] ? rest_init+0x2b0/0x2b0
[ 29.328762][ T1] ret_from_fork_asm+0x11/0x20
[ 29.333545][ T1] </TASK>
[ 29.336557][ T1] Modules linked in:
[ 29.340653][ T1] ---[ end trace 0000000000000000 ]---
[ 29.346320][ T1] RIP: 0010:do_raw_spin_lock+0x6e/0x2b0
[ 29.351867][ T1] Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
[ 29.371529][ T1] RSP: 0000:ffffc90000067b28 EFLAGS: 00010247
[ 29.380525][ T1] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 29.388593][ T1] RDX: 0000000000000000 RSI: ffffffff8ae8fc60 RDI: 0000000000000004
[ 29.396657][ T1] RBP: 1ffff9200000cf66 R08: 0000000000000000 R09: fffffbfff1d9ba3a
[ 29.405013][ T1] R10: ffffffff8ecdd1d7 R11: ffffffff8a3cdc9d R12: 0000000000000000
[ 29.413142][ T1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000680000
[ 29.421293][ T1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 29.430837][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.437428][ T1] CR2: 00007ffc17ddb229 CR3: 0000000026fb0000 CR4: 00000000003506e0
[ 29.445508][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.453478][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.461546][ T1] Kernel panic - not syncing: Fatal exception
[ 29.467789][ T1] Kernel Offset: disabled
[ 29.472099][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build503812671=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at b81ca3f66
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=11f109eba80000
Tested on:
commit: 28c736b0 Add linux-next specific files for 20230822
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
kernel config: https://syzkaller.appspot.com/x/.config?x=20999f779fa96017
dashboard link: https://syzkaller.appspot.com/bug?extid=f25c61df1ec3d235d52f
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=159e79b0680000
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
[not found] <20230827044001.3605-1-hdanton@sina.com>
@ 2023-08-27 5:30 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2023-08-27 5:30 UTC (permalink / raw)
To: hdanton, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
T1] RPL Segment Routing with IPv6
[ 22.143888][ T1] In-situ OAM (IOAM) with IPv6
[ 22.150994][ T1] mip6: Mobile IPv6
[ 22.161364][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 22.179155][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 22.191706][ T1] NET: Registered PF_PACKET protocol family
[ 22.199145][ T1] NET: Registered PF_KEY protocol family
[ 22.205140][ T1] Bridge firewalling registered
[ 22.210671][ T1] NET: Registered PF_X25 protocol family
[ 22.216780][ T1] X25: Linux Version 0.2
[ 22.296503][ T1] NET: Registered PF_NETROM protocol family
[ 22.377913][ T1] NET: Registered PF_ROSE protocol family
[ 22.387790][ T1] NET: Registered PF_AX25 protocol family
[ 22.393849][ T1] can: controller area network core
[ 22.399609][ T1] NET: Registered PF_CAN protocol family
[ 22.405627][ T1] can: raw protocol
[ 22.409851][ T1] can: broadcast manager protocol
[ 22.415185][ T1] can: netlink gateway - max_hops=1
[ 22.420907][ T1] can: SAE J1939
[ 22.424586][ T1] can: isotp protocol (max_pdu_size 8300)
[ 22.431307][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 22.437283][ T1] Bluetooth: RFCOMM socket layer initialized
[ 22.443663][ T1] Bluetooth: RFCOMM ver 1.11
[ 22.449206][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 22.455555][ T1] Bluetooth: BNEP filters: protocol multicast
[ 22.462111][ T1] Bluetooth: BNEP socket layer initialized
[ 22.468496][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 22.474693][ T1] Bluetooth: CMTP socket layer initialized
[ 22.480545][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 22.487463][ T1] Bluetooth: HIDP socket layer initialized
[ 22.497445][ T1] NET: Registered PF_RXRPC protocol family
[ 22.503428][ T1] Key type rxrpc registered
[ 22.508789][ T1] Key type rxrpc_s registered
[ 22.514308][ T1] NET: Registered PF_KCM protocol family
[ 22.520678][ T1] lec:lane_module_init: lec.c: initialized
[ 22.526588][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 22.532594][ T1] l2tp_core: L2TP core driver, V2.0
[ 22.538346][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 22.544240][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 22.550976][ T1] l2tp_netlink: L2TP netlink interface
[ 22.556596][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 22.563621][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 22.571468][ T1] NET: Registered PF_PHONET protocol family
[ 22.578014][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 22.598850][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 22.604774][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 22.612016][ T1] DCCP is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 22.623666][ T1] sctp: Hash tables configured (bind 32/56)
[ 22.631042][ T1] NET: Registered PF_RDS protocol family
[ 22.637590][ T1] Registered RDS/infiniband transport
[ 22.643554][ T1] Registered RDS/tcp transport
[ 22.648634][ T1] tipc: Activated (version 2.0.0)
[ 22.654067][ T1] NET: Registered PF_TIPC protocol family
[ 22.660718][ T1] tipc: Started in single node mode
[ 22.666750][ T1] NET: Registered PF_SMC protocol family
[ 22.672715][ T1] 9pnet: Installing 9P2000 support
[ 22.678148][ T1] NET: Registered PF_CAIF protocol family
[ 22.691455][ T1] NET: Registered PF_IEEE802154 protocol family
[ 22.698427][ T1] Key type dns_resolver registered
[ 22.703574][ T1] Key type ceph registered
[ 22.708510][ T1] libceph: loaded (mon/osd proto 15/24)
[ 22.715393][ T1] batman_adv: B.A.T.M.A.N. advanced 2023.3 (compatibility version 15) loaded
[ 22.724699][ T1] openvswitch: Open vSwitch switching datapath
[ 22.734037][ T1] NET: Registered PF_VSOCK protocol family
[ 22.740995][ T1] mpls_gso: MPLS GSO support
[ 22.754002][ T1] start plist test
[ 22.761434][ T1] end plist test
[ 22.774743][ T1] IPI shorthand broadcast: enabled
[ 22.780393][ T1] AVX2 version of gcm_enc/dec engaged.
[ 22.786114][ T1] AES CTR mode by8 optimization enabled
[ 24.907765][ T1] sched_clock: Marking stable (24860021136, 46836333)->(24908384501, -1527032)
[ 24.929653][ T1] registered taskstats version 1
[ 24.948815][ T1] Loading compiled-in X.509 certificates
[ 24.959723][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: b076a2c54e475ca22371b28873485011e7dd859f'
[ 24.975272][ T1] zswap: loaded using pool lzo/zbud
[ 25.211781][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 28.158064][ T1] Key type .fscrypt registered
[ 28.162837][ T1] Key type fscrypt-provisioning registered
[ 28.177370][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 28.201312][ T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[ 28.209912][ T1] Key type big_key registered
[ 28.217693][ T1] Key type encrypted registered
[ 28.222659][ T1] AppArmor: AppArmor sha1 policy hashing enabled
[ 28.229280][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 28.235739][ T1] Loading compiled-in module X.509 certificates
[ 28.246592][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: b076a2c54e475ca22371b28873485011e7dd859f'
[ 28.257470][ T1] ima: Allocated hash algorithm: sha256
[ 28.263308][ T1] ima: No architecture policies found
[ 28.269223][ T1] evm: Initialising EVM extended attributes:
[ 28.275766][ T1] evm: security.selinux (disabled)
[ 28.281188][ T1] evm: security.SMACK64 (disabled)
[ 28.286370][ T1] evm: security.SMACK64EXEC (disabled)
[ 28.292383][ T1] evm: security.SMACK64TRANSMUTE (disabled)
[ 28.298408][ T1] evm: security.SMACK64MMAP (disabled)
[ 28.303943][ T1] evm: security.apparmor
[ 28.308199][ T1] evm: security.ima
[ 28.311986][ T1] evm: security.capability
[ 28.316938][ T1] evm: HMAC attrs: 0x1
[ 28.323242][ T1] PM: Magic number: 3:393:366
[ 28.331352][ T1] printk: console [netcon0] enabled
[ 28.336951][ T1] netconsole: network logging started
[ 28.343286][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 28.351710][ T1] rdma_rxe: loaded
[ 28.356689][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 28.368757][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 28.376230][ T2518] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 28.386651][ T2518] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 28.387079][ T1] clk: Disabling unused clocks
[ 28.400702][ T1] ALSA device list:
[ 28.404510][ T1] #0: Dummy 1
[ 28.408586][ T1] #1: Loopback 1
[ 28.412475][ T1] #2: Virtual MIDI Card 1
[ 28.419437][ T1] md: Waiting for all devices to be available before autodetect
[ 28.427528][ T1] md: If you don't use raid, use raid=noautodetect
[ 28.434064][ T1] md: Autodetecting RAID arrays.
[ 28.439026][ T1] md: autorun ...
[ 28.443095][ T1] md: ... autorun DONE.
[ 28.518373][ T1] EXT4-fs (sda1): mounted filesystem 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 ro with ordered data mode. Quota mode: none.
[ 28.532156][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 28.544130][ T1] devtmpfs: mounted
[ 28.705830][ T1] Freeing unused kernel image (initmem) memory: 3396K
[ 28.712759][ T1] Write protecting the kernel read-only data: 188416k
[ 28.722628][ T1] Freeing unused kernel image (rodata/data gap) memory: 700K
[ 28.850831][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 28.862668][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 28.872769][ T1] Run /sbin/init as init process
[ 28.878031][ T1] with arguments:
[ 28.881875][ T1] /sbin/init
[ 28.885406][ T1] with environment:
[ 28.889432][ T1] HOME=/
[ 28.892622][ T1] TERM=linux
[ 28.896156][ T1] spec_store_bypass_disable=prctl
[ 28.901656][ T1] BOOT_IMAGE=/boot/bzImage
[ 28.923260][ T1] general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN
[ 28.935261][ T1] KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]
[ 28.944174][ T1] CPU: 1 PID: 1 Comm: init Not tainted 6.5.0-rc7-next-20230822-syzkaller-dirty #0
[ 28.953449][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 28.963636][ T1] RIP: 0010:do_raw_spin_lock+0x6e/0x2b0
[ 28.969485][ T1] Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
[ 28.989805][ T1] RSP: 0000:ffffc90000067b28 EFLAGS: 00010203
[ 28.996053][ T1] RAX: dffffc0000000000 RBX: 0000000000000080 RCX: 0000000000000000
[ 29.004565][ T1] RDX: 0000000000000010 RSI: ffffffff8ae8fc60 RDI: 0000000000000084
[ 29.012980][ T1] RBP: 1ffff9200000cf66 R08: 0000000000000000 R09: fffffbfff1d9ba3a
[ 29.021053][ T1] R10: ffffffff8ecdd1d7 R11: ffffffff8a3cdc9d R12: 0000000000000001
[ 29.030158][ T1] R13: 0000000000000080 R14: 0000000000000080 R15: 0000000000680000
[ 29.038224][ T1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 29.048195][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.054876][ T1] CR2: 00007ffcfc6d3c19 CR3: 0000000029462000 CR4: 00000000003506e0
[ 29.062944][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.070919][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.078911][ T1] Call Trace:
[ 29.082255][ T1] <TASK>
[ 29.085186][ T1] ? show_regs+0x8f/0xa0
[ 29.089548][ T1] ? die_addr+0x4f/0xd0
[ 29.093887][ T1] ? exc_general_protection+0x154/0x230
[ 29.099564][ T1] ? asm_exc_general_protection+0x26/0x30
[ 29.105314][ T1] ? syscall_exit_to_user_mode+0x1d/0x60
[ 29.110958][ T1] ? do_raw_spin_lock+0x6e/0x2b0
[ 29.116445][ T1] ? spin_bug+0x1d0/0x1d0
[ 29.121142][ T1] ? lock_release+0x4bf/0x680
[ 29.125833][ T1] ? dput+0x251/0xfd0
[ 29.129836][ T1] list_lru_add+0xce/0x540
[ 29.134390][ T1] ? dput+0x39/0xfd0
[ 29.138402][ T1] dput+0x87f/0xfd0
[ 29.142254][ T1] proc_kill_sb+0x6d/0x100
[ 29.146689][ T1] deactivate_locked_super+0x19c/0x2d0
[ 29.152353][ T1] deactivate_super+0xde/0x100
[ 29.157227][ T1] cleanup_mnt+0x222/0x3d0
[ 29.161657][ T1] mntput_no_expire+0x864/0xbc0
[ 29.166632][ T1] ? do_raw_spin_unlock+0x173/0x230
[ 29.171874][ T1] ? _raw_spin_unlock+0x28/0x40
[ 29.176855][ T1] ? mnt_get_count+0x1e0/0x1e0
[ 29.181899][ T1] ? _raw_spin_unlock+0x28/0x40
[ 29.186955][ T1] mntput+0x6b/0x90
[ 29.190962][ T1] __fput+0x560/0xa70
[ 29.195145][ T1] task_work_run+0x14d/0x240
[ 29.199756][ T1] ? task_work_cancel+0x30/0x30
[ 29.204622][ T1] ? kernel_execve+0x3f9/0x4e0
[ 29.209830][ T1] exit_to_user_mode_prepare+0x210/0x240
[ 29.215568][ T1] syscall_exit_to_user_mode+0x1d/0x60
[ 29.221126][ T1] ? rest_init+0x2b0/0x2b0
[ 29.225547][ T1] ret_from_fork_asm+0x11/0x20
[ 29.230361][ T1] </TASK>
[ 29.233475][ T1] Modules linked in:
[ 29.237562][ T1] ---[ end trace 0000000000000000 ]---
[ 29.243328][ T1] RIP: 0010:do_raw_spin_lock+0x6e/0x2b0
[ 29.249089][ T1] Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
[ 29.269244][ T1] RSP: 0000:ffffc90000067b28 EFLAGS: 00010203
[ 29.276026][ T1] RAX: dffffc0000000000 RBX: 0000000000000080 RCX: 0000000000000000
[ 29.284590][ T1] RDX: 0000000000000010 RSI: ffffffff8ae8fc60 RDI: 0000000000000084
[ 29.293010][ T1] RBP: 1ffff9200000cf66 R08: 0000000000000000 R09: fffffbfff1d9ba3a
[ 29.301669][ T1] R10: ffffffff8ecdd1d7 R11: ffffffff8a3cdc9d R12: 0000000000000001
[ 29.309787][ T1] R13: 0000000000000080 R14: 0000000000000080 R15: 0000000000680000
[ 29.318102][ T1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 29.327776][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.334660][ T1] CR2: 00007ffcfc6d3c19 CR3: 0000000029462000 CR4: 00000000003506e0
[ 29.342695][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.350892][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.359108][ T1] Kernel panic - not syncing: Fatal exception
[ 29.365720][ T1] Kernel Offset: disabled
[ 29.370311][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1047880574=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at b81ca3f66
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=14283c87a80000
Tested on:
commit: 28c736b0 Add linux-next specific files for 20230822
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
kernel config: https://syzkaller.appspot.com/x/.config?x=20999f779fa96017
dashboard link: https://syzkaller.appspot.com/bug?extid=f25c61df1ec3d235d52f
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=17809340680000
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
[not found] <20230827020301.3530-1-hdanton@sina.com>
@ 2023-08-27 3:15 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2023-08-27 3:15 UTC (permalink / raw)
To: hdanton, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KASAN: slab-use-after-free Read in kernfs_test_super
==================================================================
BUG: KASAN: slab-use-after-free in kernfs_test_super+0x122/0x150 fs/kernfs/mount.c:295
Read of size 8 at addr ffff88807559d608 by task syz-executor.3/5904
CPU: 0 PID: 5904 Comm: syz-executor.3 Not tainted 6.5.0-rc7-next-20230822-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:364 [inline]
print_report+0xc4/0x620 mm/kasan/report.c:475
kasan_report+0xda/0x110 mm/kasan/report.c:588
kernfs_test_super+0x122/0x150 fs/kernfs/mount.c:295
sget_fc+0x582/0x9b0 fs/super.c:776
kernfs_get_tree+0x198/0x9a0 fs/kernfs/mount.c:346
sysfs_get_tree+0x41/0x140 fs/sysfs/mount.c:31
vfs_get_tree+0x8c/0x370 fs/super.c:1711
do_new_mount fs/namespace.c:3335 [inline]
path_mount+0x1492/0x1ed0 fs/namespace.c:3662
do_mount fs/namespace.c:3675 [inline]
__do_sys_mount fs/namespace.c:3884 [inline]
__se_sys_mount fs/namespace.c:3861 [inline]
__x64_sys_mount+0x293/0x310 fs/namespace.c:3861
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbfa307cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbfa3e170c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fbfa319bf80 RCX: 00007fbfa307cae9
RDX: 0000000020000300 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 00007fbfa30c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fbfa319bf80 R15: 00007ffccce39108
</TASK>
Allocated by task 5895:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:374 [inline]
__kasan_kmalloc+0xa2/0xb0 mm/kasan/common.c:383
kmalloc include/linux/slab.h:599 [inline]
kzalloc include/linux/slab.h:720 [inline]
kernfs_get_tree+0x78/0x9a0 fs/kernfs/mount.c:337
sysfs_get_tree+0x41/0x140 fs/sysfs/mount.c:31
vfs_get_tree+0x8c/0x370 fs/super.c:1711
do_new_mount fs/namespace.c:3335 [inline]
path_mount+0x1492/0x1ed0 fs/namespace.c:3662
do_mount fs/namespace.c:3675 [inline]
__do_sys_mount fs/namespace.c:3884 [inline]
__se_sys_mount fs/namespace.c:3861 [inline]
__x64_sys_mount+0x293/0x310 fs/namespace.c:3861
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Freed by task 5409:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522
____kasan_slab_free mm/kasan/common.c:236 [inline]
____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200
kasan_slab_free include/linux/kasan.h:164 [inline]
slab_free_hook mm/slub.c:1800 [inline]
slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826
slab_free mm/slub.c:3809 [inline]
__kmem_cache_free+0xb8/0x2f0 mm/slub.c:3822
sysfs_kill_sb+0x21/0x30 fs/sysfs/mount.c:86
deactivate_locked_super+0xa0/0x2d0 fs/super.c:454
deactivate_super+0xde/0x100 fs/super.c:504
cleanup_mnt+0x222/0x3d0 fs/namespace.c:1254
task_work_run+0x14d/0x240 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:297
do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The buggy address belongs to the object at ffff88807559d600
which belongs to the cache kmalloc-64 of size 64
The buggy address is located 8 bytes inside of
freed 64-byte region [ffff88807559d600, ffff88807559d640)
The buggy address belongs to the physical page:
page:ffffea0001d56740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7559d
flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000800 ffff888012c41640 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 4495, tgid 4495 (udevd), ts 112776006479, free_ts 112762382812
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x2cf/0x340 mm/page_alloc.c:1530
prep_new_page mm/page_alloc.c:1537 [inline]
get_page_from_freelist+0x10d7/0x31b0 mm/page_alloc.c:3213
__alloc_pages+0x1d0/0x4a0 mm/page_alloc.c:4469
alloc_pages+0x1a9/0x270 mm/mempolicy.c:2298
alloc_slab_page mm/slub.c:1870 [inline]
allocate_slab+0x251/0x380 mm/slub.c:2017
new_slab mm/slub.c:2070 [inline]
___slab_alloc+0x8be/0x1570 mm/slub.c:3223
__slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3322
__slab_alloc_node mm/slub.c:3375 [inline]
slab_alloc_node mm/slub.c:3468 [inline]
__kmem_cache_alloc_node+0x137/0x350 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1022 [inline]
__kmalloc+0x4f/0x100 mm/slab_common.c:1036
kmalloc include/linux/slab.h:603 [inline]
kzalloc include/linux/slab.h:720 [inline]
tomoyo_encode2+0x100/0x3d0 security/tomoyo/realpath.c:45
tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
tomoyo_realpath_from_path+0x196/0x710 security/tomoyo/realpath.c:283
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_check_open_permission+0x2aa/0x3b0 security/tomoyo/file.c:771
tomoyo_file_open security/tomoyo/tomoyo.c:332 [inline]
tomoyo_file_open+0xa8/0xd0 security/tomoyo/tomoyo.c:327
security_file_open+0x6a/0xe0 security/security.c:2836
do_dentry_open+0x538/0x1730 fs/open.c:916
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1130 [inline]
free_unref_page_prepare+0x476/0xa40 mm/page_alloc.c:2342
free_unref_page+0x33/0x3b0 mm/page_alloc.c:2435
__unfreeze_partials+0x21d/0x240 mm/slub.c:2655
qlink_free mm/kasan/quarantine.c:166 [inline]
qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:185
kasan_quarantine_reduce+0x18b/0x1d0 mm/kasan/quarantine.c:292
__kasan_slab_alloc+0x65/0x90 mm/kasan/common.c:305
kasan_slab_alloc include/linux/kasan.h:188 [inline]
slab_post_alloc_hook mm/slab.h:762 [inline]
slab_alloc_node mm/slub.c:3478 [inline]
__kmem_cache_alloc_node+0x19b/0x350 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1022 [inline]
__kmalloc+0x4f/0x100 mm/slab_common.c:1036
kmalloc include/linux/slab.h:603 [inline]
tomoyo_realpath_from_path+0xb9/0x710 security/tomoyo/realpath.c:251
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_number_perm+0x243/0x590 security/tomoyo/file.c:723
security_file_ioctl+0x72/0xb0 security/security.c:2647
__do_sys_ioctl fs/ioctl.c:865 [inline]
__se_sys_ioctl fs/ioctl.c:857 [inline]
__x64_sys_ioctl+0xbb/0x210 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Memory state around the buggy address:
ffff88807559d500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffff88807559d580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff88807559d600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
^
ffff88807559d680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffff88807559d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
==================================================================
Tested on:
commit: 28c736b0 Add linux-next specific files for 20230822
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=145d11e0680000
kernel config: https://syzkaller.appspot.com/x/.config?x=20999f779fa96017
dashboard link: https://syzkaller.appspot.com/bug?extid=f25c61df1ec3d235d52f
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1570f187a80000
^ permalink raw reply [flat|nested] 8+ messages in thread
* [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super
@ 2023-08-26 16:53 syzbot
2023-08-28 9:20 ` Christian Brauner
2023-08-28 9:22 ` Christian Brauner
0 siblings, 2 replies; 8+ messages in thread
From: syzbot @ 2023-08-26 16:53 UTC (permalink / raw)
To: brauner, gregkh, jack, linux-fsdevel, linux-kernel, syzkaller-bugs, tj
Hello,
syzbot found the following issue on:
HEAD commit: 28c736b0e92e Add linux-next specific files for 20230822
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=15515d53a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=20999f779fa96017
dashboard link: https://syzkaller.appspot.com/bug?extid=f25c61df1ec3d235d52f
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15783640680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=164da860680000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/37bc881cd0b2/disk-28c736b0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4512f7892b3d/vmlinux-28c736b0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/052fe1287e05/bzImage-28c736b0.xz
The issue was bisected to:
commit 2c18a63b760a0f68f14cb8bb4c3840bb0b63b73e
Author: Christian Brauner <brauner@kernel.org>
Date: Fri Aug 18 14:00:51 2023 +0000
super: wait until we passed kill super
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14e6a360680000
final oops: https://syzkaller.appspot.com/x/report.txt?x=16e6a360680000
console output: https://syzkaller.appspot.com/x/log.txt?x=12e6a360680000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f25c61df1ec3d235d52f@syzkaller.appspotmail.com
Fixes: 2c18a63b760a ("super: wait until we passed kill super")
==================================================================
BUG: KASAN: slab-use-after-free in kernfs_test_super+0x122/0x150 fs/kernfs/mount.c:295
Read of size 8 at addr ffff88807249d808 by task syz-executor493/5717
CPU: 1 PID: 5717 Comm: syz-executor493 Not tainted 6.5.0-rc7-next-20230822-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:364 [inline]
print_report+0xc4/0x620 mm/kasan/report.c:475
kasan_report+0xda/0x110 mm/kasan/report.c:588
kernfs_test_super+0x122/0x150 fs/kernfs/mount.c:295
sget_fc+0x582/0x9b0 fs/super.c:778
kernfs_get_tree+0x198/0x9a0 fs/kernfs/mount.c:346
sysfs_get_tree+0x41/0x140 fs/sysfs/mount.c:31
vfs_get_tree+0x8c/0x370 fs/super.c:1713
do_new_mount fs/namespace.c:3335 [inline]
path_mount+0x1492/0x1ed0 fs/namespace.c:3662
do_mount fs/namespace.c:3675 [inline]
__do_sys_mount fs/namespace.c:3884 [inline]
__se_sys_mount fs/namespace.c:3861 [inline]
__x64_sys_mount+0x293/0x310 fs/namespace.c:3861
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f126c3d79c9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff40e973e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f126c3d79c9
RDX: 0000000020000300 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fff40e9741c
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff40e9741c
R13: 0000000000000069 R14: 431bde82d7b634db R15: 00007fff40e97450
</TASK>
Allocated by task 5716:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:374 [inline]
__kasan_kmalloc+0xa2/0xb0 mm/kasan/common.c:383
kmalloc include/linux/slab.h:599 [inline]
kzalloc include/linux/slab.h:720 [inline]
kernfs_get_tree+0x78/0x9a0 fs/kernfs/mount.c:337
sysfs_get_tree+0x41/0x140 fs/sysfs/mount.c:31
vfs_get_tree+0x8c/0x370 fs/super.c:1713
do_new_mount fs/namespace.c:3335 [inline]
path_mount+0x1492/0x1ed0 fs/namespace.c:3662
do_mount fs/namespace.c:3675 [inline]
__do_sys_mount fs/namespace.c:3884 [inline]
__se_sys_mount fs/namespace.c:3861 [inline]
__x64_sys_mount+0x293/0x310 fs/namespace.c:3861
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Freed by task 5053:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522
____kasan_slab_free mm/kasan/common.c:236 [inline]
____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200
kasan_slab_free include/linux/kasan.h:164 [inline]
slab_free_hook mm/slub.c:1800 [inline]
slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826
slab_free mm/slub.c:3809 [inline]
__kmem_cache_free+0xb8/0x2f0 mm/slub.c:3822
sysfs_kill_sb+0x21/0x30 fs/sysfs/mount.c:86
deactivate_locked_super+0xa0/0x2d0 fs/super.c:454
deactivate_super+0xde/0x100 fs/super.c:504
cleanup_mnt+0x222/0x3d0 fs/namespace.c:1254
task_work_run+0x14d/0x240 kernel/task_work.c:179
ptrace_notify+0x10c/0x130 kernel/signal.c:2387
ptrace_report_syscall include/linux/ptrace.h:411 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]
syscall_exit_work kernel/entry/common.c:252 [inline]
syscall_exit_to_user_mode_prepare+0x120/0x220 kernel/entry/common.c:279
__syscall_exit_to_user_mode_work kernel/entry/common.c:284 [inline]
syscall_exit_to_user_mode+0xd/0x60 kernel/entry/common.c:297
do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The buggy address belongs to the object at ffff88807249d800
which belongs to the cache kmalloc-64 of size 64
The buggy address is located 8 bytes inside of
freed 64-byte region [ffff88807249d800, ffff88807249d840)
The buggy address belongs to the physical page:
page:ffffea0001c92740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7249d
anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000800 ffff888012c41640 ffffea0000a28500 dead000000000005
raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 4493, tgid 4493 (udevd), ts 94419071514, free_ts 94405327131
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook+0x2cf/0x340 mm/page_alloc.c:1530
prep_new_page mm/page_alloc.c:1537 [inline]
get_page_from_freelist+0x10d7/0x31b0 mm/page_alloc.c:3213
__alloc_pages+0x1d0/0x4a0 mm/page_alloc.c:4469
alloc_pages+0x1a9/0x270 mm/mempolicy.c:2298
alloc_slab_page mm/slub.c:1870 [inline]
allocate_slab+0x251/0x380 mm/slub.c:2017
new_slab mm/slub.c:2070 [inline]
___slab_alloc+0x8be/0x1570 mm/slub.c:3223
__slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3322
__slab_alloc_node mm/slub.c:3375 [inline]
slab_alloc_node mm/slub.c:3468 [inline]
__kmem_cache_alloc_node+0x137/0x350 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1022 [inline]
__kmalloc+0x4f/0x100 mm/slab_common.c:1036
kmalloc include/linux/slab.h:603 [inline]
kzalloc include/linux/slab.h:720 [inline]
tomoyo_encode2+0x100/0x3d0 security/tomoyo/realpath.c:45
tomoyo_encode+0x29/0x50 security/tomoyo/realpath.c:80
tomoyo_realpath_from_path+0x196/0x710 security/tomoyo/realpath.c:283
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x271/0x450 security/tomoyo/file.c:822
security_inode_getattr+0xf1/0x150 security/security.c:2153
vfs_getattr fs/stat.c:206 [inline]
vfs_statx+0x180/0x430 fs/stat.c:281
vfs_fstatat+0x90/0xb0 fs/stat.c:315
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1130 [inline]
free_unref_page_prepare+0x476/0xa40 mm/page_alloc.c:2342
free_unref_page+0x33/0x3b0 mm/page_alloc.c:2435
mm_free_pgd kernel/fork.c:803 [inline]
__mmdrop+0xd7/0x490 kernel/fork.c:921
mmdrop include/linux/sched/mm.h:54 [inline]
__mmput+0x409/0x4d0 kernel/fork.c:1367
mmput+0x62/0x70 kernel/fork.c:1378
exit_mm kernel/exit.c:567 [inline]
do_exit+0x9b4/0x2a20 kernel/exit.c:861
do_group_exit+0xd4/0x2a0 kernel/exit.c:1024
__do_sys_exit_group kernel/exit.c:1035 [inline]
__se_sys_exit_group kernel/exit.c:1033 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1033
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Memory state around the buggy address:
ffff88807249d700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffff88807249d780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff88807249d800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
^
ffff88807249d880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffff88807249d900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-08-28 9:24 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20230827123619.3750-1-hdanton@sina.com>
2023-08-27 13:19 ` [syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_test_super syzbot
[not found] <20230827100849.3681-1-hdanton@sina.com>
2023-08-27 11:04 ` syzbot
[not found] <20230827044001.3605-1-hdanton@sina.com>
2023-08-27 5:30 ` syzbot
[not found] <20230827020301.3530-1-hdanton@sina.com>
2023-08-27 3:15 ` syzbot
2023-08-26 16:53 syzbot
2023-08-28 9:20 ` Christian Brauner
2023-08-28 9:20 ` syzbot
2023-08-28 9:22 ` Christian Brauner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).