Re: [syzbot] KASAN: use-after-free Read in mas_next_nentry
From: Dmitry Vyukov
Date: Fri Jan 27 2023 - 02:09:26 EST
On Thu, 26 Jan 2023 at 14:14, Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> wrote:
>
> syz fix: fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()
>
> * syzbot <syzbot+7170d66493145b71afd4@xxxxxxxxxxxxxxxxxxxxxxxxx> [230125 17:04]:
> > syzbot suspects this issue was fixed by commit:
syzbot needs the hash to parse the command:
#syz fix: fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()
> > commit 59f2f4b8a757412fce372f6d0767bdb55da127a8
> > Author: Liam Howlett <liam.howlett@xxxxxxxxxx>
> > Date: Mon Nov 7 20:11:42 2022 +0000
> >
> > fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()
> >
> > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=129e8afe480000
> > start commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-..
> > git tree: upstream
> > kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8
> > dashboard link: https://syzkaller.appspot.com/bug?extid=7170d66493145b71afd4
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11bfb2a9880000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1d319880000
> >
> > If the result looks correct, please mark the issue as fixed by replying with:
> >
> > #syz fix: fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()
> >
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection