Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6074362rwb; Mon, 14 Nov 2022 13:59:12 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Kwpt2IpSqF2K8ypCyvnvbBdS90tWe5IU4vRlLrnVG+yrIVfzn4pcJmWQVv7RImDoqayp4 X-Received: by 2002:a17:902:bd4c:b0:185:4ec3:c703 with SMTP id b12-20020a170902bd4c00b001854ec3c703mr1004923plx.165.1668463151916; Mon, 14 Nov 2022 13:59:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668463151; cv=none; d=google.com; s=arc-20160816; b=vNslVI1AUDAXTyL2qYyXhkP3T6/iWH/gG2f4umMjy2XBQSAUiEWVXUYeENc95U89Nw x4xCPdzrKxhUEdoVOE6rZyzA71AYo7huegsV/StP6XxrlUHJDdh/WTo00uzjgvSYbBqv alEf/PVumEbzwySiZLa4F0+VEF0/zGtVt4LMYHYiRCbh+yCxAGVULGP5zRM+Bc1xiKHV GQ1l0SQfoicDQI0JailnXSzN2eTFCX1h+ebXx3NaeYUCTdKZ2vxnyvLjK3DL5+xM7LsG xfgSYE4mFs44X9p27ssGKDtxrBk7AY/UPDnEALuDR9Q7y9rCy4Qsbd6NaVE3l2UBaKVO PU5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:dkim-signature; bh=kPn/wfFTp3jxDOdfQANEH8KPamufk9IhmkNP8DK3lpI=; b=eGXhsPVLARPLcO1zIP//Ir1VMoDEF8J7I62vanHZaGMiFBHVa79CYf4wwJm5UwLG6/ PpW4bKBh62D0+4cNE38IWArtBQDtPxCE3a4Yb1npXqI9CTqYtgpK3EjHAyN7UWQWj9ux uQj9bb9bt/jUf/ZYBQu7iNiTfrJElO7z6xwh+TsNAqv0VVeXzmA/QUkn5VcYqSjD3Xgc Oqnwdmg+wPNyDZ7RlsGmXYkiz2Nxa0FjtT2aXem3acJ6rA6JAQ9WHOOQexUEZzOqqX/B l2OtOmTNp0PXQiWDrePSJb35D/+IiEfDK/P0hW1FznauwOupZTCZvYtvnrhV4HpoX0SM 03tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=CSSVtIIs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w9-20020a631609000000b0046fef65f738si10244023pgl.793.2022.11.14.13.59.00; Mon, 14 Nov 2022 13:59:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=CSSVtIIs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237384AbiKNVmx (ORCPT + 88 others); Mon, 14 Nov 2022 16:42:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235836AbiKNVmu (ORCPT ); Mon, 14 Nov 2022 16:42:50 -0500 Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 02C1819001 for ; Mon, 14 Nov 2022 13:42:50 -0800 (PST) Received: by mail-pg1-x52e.google.com with SMTP id r18so11380466pgr.12 for ; Mon, 14 Nov 2022 13:42:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=kPn/wfFTp3jxDOdfQANEH8KPamufk9IhmkNP8DK3lpI=; b=CSSVtIIsW/hqYyvPfSqEPJm2HNU//6Yy6iuKqDGypiUHEpC5hdnv/fz0XPNei8kXIc Q/r3cO1NeJdoeCbrws0o9sfCyj3RzaMcCcm7T7qED/owqurw4rEJsKvNgyakjQ4TQgXL Iq6XQPwOsumHT7Uykbutg3+EIJUhkZfBITabFPnQhQyqu7WWvy4s7tDlbRx+0BiyNqJU nvqV4EJqVVdOsURr6aHrR6uqIzAR8ySvtGz91Hd0GgluCutekS4r5m5T/usgw9TIO4bI skDq6KgXRn3rZ5DfXLBj2e/PCIi/cD1fe+vrke8lZSEV0zb97DhLKJVuHuOmHswAXGmX OkTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kPn/wfFTp3jxDOdfQANEH8KPamufk9IhmkNP8DK3lpI=; b=WtfrnxK5Feh45vNN3z2rZs0EMvHISUagoIfAaDoY4RKq2+TIeQrbrazzEQ2vmVpnaQ 3CTYO1k+ova1+jjViPiN+NRzOrSN21aqEkzZ5DFDsY8AAvQbQ87SZvSvMzaUDmuzfIf3 Jo3Aqvqy5kyOUCPfRDvFs9pNW40ePXTycymGH5fteZ00OJUTLaYDwt+4RtFfuAUooPRO 0B5FTVqJoLIuILSG/k9nw+r0ODCUVpMi3bK4kvmpiQFhJpf9KQyA+X6XsRTl6TpF3IAv IGo/693Vymv225O4tJ/6EWqlu+o0DwOI+a8NnI8MSNbeP9Gt32iUXAuI6vt6ZJ5nH/oY 2zgA== X-Gm-Message-State: ANoB5pnqEfOMe82lC57nysyHp2ATShmjTFl+TAOh5aIWxVmpFhm0aRiV /6rT9QdmXZ8CdORFiPhaRrM= X-Received: by 2002:a62:c546:0:b0:56b:d03d:fdb4 with SMTP id j67-20020a62c546000000b0056bd03dfdb4mr15242062pfg.79.1668462169254; Mon, 14 Nov 2022 13:42:49 -0800 (PST) Received: from localhost (2603-800c-1a02-1bae-a7fa-157f-969a-4cde.res6.spectrum.com. [2603:800c:1a02:1bae:a7fa:157f:969a:4cde]) by smtp.gmail.com with ESMTPSA id 5-20020a170902c20500b0017f36638010sm7944272pll.276.2022.11.14.13.42.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Nov 2022 13:42:48 -0800 (PST) Sender: Tejun Heo Date: Mon, 14 Nov 2022 11:42:47 -1000 From: Tejun Heo To: syzbot Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] KASAN: use-after-free Read in kernfs_activate (2) Message-ID: References: <000000000000e4e4fe05ed5bf2b0@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000000000000e4e4fe05ed5bf2b0@google.com> X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Nov 13, 2022 at 07:40:56AM -0800, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 59f2f4b8a757 fs/userfaultfd: Fix maple tree iterator in us.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=14e836fa880000 > kernel config: https://syzkaller.appspot.com/x/.config?x=480ba0fb2fd243ac > dashboard link: https://syzkaller.appspot.com/bug?extid=782984d6f1701b526edb > compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/619de907b82c/disk-59f2f4b8.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/bcd0dc7d69ef/vmlinux-59f2f4b8.xz > kernel image: https://storage.googleapis.com/syzbot-assets/a8dbe0bc7228/bzImage-59f2f4b8.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+782984d6f1701b526edb@syzkaller.appspotmail.com > > usb 4-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 > usb 4-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw > ================================================================== > BUG: KASAN: use-after-free in kernfs_root fs/kernfs/kernfs-internal.h:66 [inline] > BUG: KASAN: use-after-free in kernfs_next_descendant_post fs/kernfs/dir.c:1289 [inline] > BUG: KASAN: use-after-free in kernfs_activate+0xd0/0x3a0 fs/kernfs/dir.c:1344 > Read of size 8 at addr ffff888079194b10 by task kworker/1:12/5383 Likely the same one as: http://lkml.kernel.org/r/0000000000003a95ce05cd867417@google.com This is a bug on the firmware loader side. Thanks. -- tejun