Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in mas_next_slot (2)

From: Hillf Danton
Date: Thu Jul 17 2025 - 19:42:42 EST

Next message: Kees Cook: "Re: [RFC v5 6/7] sprintf: Add [v]sprintf_array()"
Previous message: Jakub Kicinski: "Re: [PATCH net-next v09 1/8] hinic3: Async Event Queue interfaces"
In reply to: Lorenzo Stoakes: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in mas_next_slot (2)"
Next in thread: Lorenzo Stoakes: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in mas_next_slot (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 17 Jul 2025 17:06:34 +0100 Lorenzo Stoakes <lorenzo.stoakes@xxxxxxxxxx>

Top reply is not encouraged lad.

> OK on second thoughts, there is one additional thing we need to do on each
> loop to avoid observing the same VMA, either the prior logic of checking
> directly or a vma_next().
>
> So this may be a consequence of that.
>
> I will respin the series to make life easier...
>
Better after syzbot gives you Tested-by.

> On Thu, Jul 17, 2025 at 05:18:17AM +0100, Lorenzo Stoakes wrote:
> > This looks to be unrelated to my patch and some issue with syzbot (it's doing
> > weird injection stuff).
> >
> > As I said, I have tested the change with reproducer locally and it fixes the
> > issue, and I have been able to reliably observe that (note, without any of the
> > below stuff happening).
> >
> > Thanks

Next message: Kees Cook: "Re: [RFC v5 6/7] sprintf: Add [v]sprintf_array()"
Previous message: Jakub Kicinski: "Re: [PATCH net-next v09 1/8] hinic3: Async Event Queue interfaces"
In reply to: Lorenzo Stoakes: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in mas_next_slot (2)"
Next in thread: Lorenzo Stoakes: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in mas_next_slot (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]