Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9A99C38142 for ; Fri, 27 Jan 2023 07:09:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232259AbjA0HJZ (ORCPT ); Fri, 27 Jan 2023 02:09:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232141AbjA0HJW (ORCPT ); Fri, 27 Jan 2023 02:09:22 -0500 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66A523928B for ; Thu, 26 Jan 2023 23:09:21 -0800 (PST) Received: by mail-lf1-x133.google.com with SMTP id o20so6770808lfk.5 for ; Thu, 26 Jan 2023 23:09:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WemP22SNSMVMbLWy+Pc4nysxoGXi6mbk91cpruNFrDU=; b=E1MVf/aQXs+c4b3AC/WhtICxVhvPHRbx3ZYDVojqsIgNloReWpa6Z9wbGURFKohm6i +Lcj/4AxwcN61+pn+ZVDUY80BhrTEI9DZADjx21rJYtjd7Q2Q1n6ORlMJTUgY8cx0CdS 5AsfCIO8ZdkXKbInYPUeydRKgYwR+YUW4tqU2jdxy5a3uf6w/D2v1d+4ojTf3eG2rKXm z61NptGViFXeCptS2VvwJPLaeWPm1Vuony7VgmeGNl7EzIxDNwm4b7B4iAVheLet4OaL T/6yo2dLI8cLsHu/4gYzGoNrcWeH4KwHVFMIwUQRxfCDEr5QKQjso0H8HPcNNPPzGzZ5 mmeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WemP22SNSMVMbLWy+Pc4nysxoGXi6mbk91cpruNFrDU=; b=dZQZaRdf0cllo4XJ0uw/4Egy9e7YiG6hvUIZwKOFXWYeByvceebNxkdFucc61V7rDN dzNmuq0IUcG96QV4wqaqpEoRQ84Zgi1YO2RT9MszZzKjhetNYk+jfq9xYpfH8QCnLLtM tAjuUj7RZVVXL9PiJQ4oV577f+psiQhjBhXyR6f+gCPOTTkAjZcKhUw79wDk+mTG9NIF oCPKwe/jx+apMlFxb2CoTBCruooGc6cE0cqVM8AeddgZxlbmSxKjls+2A7u2UbLCRqjN VqAWQ8wvl8Dhki9usgtE5ezvXOZWyckYErgoNzF609uywT6IW5Q49U/qAU1N7vDKm5iz +1sg== X-Gm-Message-State: AFqh2kogXahPtrXPoyEZ+9nww5clvS5ck3zQ/AkHZXWcsbPqbYF7Pr69 AeEBsA8Z22CrRpqlTE9YLHU8bHStg4AhqwBZh8gNjQ== X-Google-Smtp-Source: AMrXdXtU8P5hhlqeiJHPIC4HN23au/K/crO29UIaMieQS5VJNVl9PP2xWiYFAsjJY5jbTyxF2z6gILNBjNQ6CiBxs5Y= X-Received: by 2002:a19:7712:0:b0:4cc:9c4b:6dfa with SMTP id s18-20020a197712000000b004cc9c4b6dfamr1998600lfc.307.1674803359488; Thu, 26 Jan 2023 23:09:19 -0800 (PST) MIME-Version: 1.0 References: <0000000000009ecbf205dda227bd@google.com> <0000000000004dc42605f31dd05c@google.com> <20230126131424.ufk6zspn6fyzw5l6@revolver> In-Reply-To: <20230126131424.ufk6zspn6fyzw5l6@revolver> From: Dmitry Vyukov Date: Fri, 27 Jan 2023 08:09:07 +0100 Message-ID: Subject: Re: [syzbot] KASAN: use-after-free Read in mas_next_nentry To: "Liam R. Howlett" Cc: syzbot , brauner@kernel.org, dan.carpenter@oracle.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, torvalds@linux-foundation.org, viro@zeniv.linux.org.uk, wanjiabing@vivo.com, willy@infradead.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 26 Jan 2023 at 14:14, Liam R. Howlett wrote: > > syz fix: fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() > > * syzbot [230125 17:04]: > > syzbot suspects this issue was fixed by commit: syzbot needs the hash to parse the command: #syz fix: fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() > > commit 59f2f4b8a757412fce372f6d0767bdb55da127a8 > > Author: Liam Howlett > > Date: Mon Nov 7 20:11:42 2022 +0000 > > > > fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=129e8afe480000 > > start commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-.. > > git tree: upstream > > kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8 > > dashboard link: https://syzkaller.appspot.com/bug?extid=7170d66493145b71afd4 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11bfb2a9880000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1d319880000 > > > > If the result looks correct, please mark the issue as fixed by replying with: > > > > #syz fix: fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection