syzbot


KASAN: use-after-free Read in unmap_page_range (2)
Status: upstream: reported C repro on 2021/10/31 17:40
Reported-by: syzbot+11210d36738191856de4@syzkaller.appspotmail.com
Fix commit: 337546e83fc7 mm/oom_kill.c: prevent a race between process_mrelease and exit_mmap
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 39d, last: 18d

Cause bisection: introduced by (bisect log) [no-op commit]:
commit 1ccf7294b76d28d5151f024351c747ccf101d66e
Author: Matthew Brost <matthew.brost@intel.com>
Date: Thu Jul 8 16:20:49 2021 +0000

  drm/i915/guc: Relax CTB response timeout

Crash: possible deadlock in fs_reclaim_acquire (log)
Repro: C syz .config
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in unmap_page_range 1 1573d 1498d 0/22 closed as invalid on 2017/10/30 19:42
linux-4.19 general protection fault in unmap_page_range 1 30d 30d 0/1 upstream: reported on 2021/11/06 09:02

Sample crash report:

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2021/10/28 21:57 upstream 1fc596a56b33 be531bb4 .config log report syz C general protection fault in unmap_page_range
ci-upstream-kasan-gce 2021/10/28 21:01 upstream 1fc596a56b33 be531bb4 .config log report info KASAN: use-after-free Read in unmap_page_range
ci-upstream-kasan-gce-smack-root 2021/11/18 12:42 upstream 42eb8fdac2fc cafff8b6 .config log report info general protection fault in unmap_page_range
ci-upstream-linux-next-kasan-gce-root 2021/10/29 22:25 linux-next bdcc9f6a5682 098b5d53 .config log report info general protection fault in unmap_page_range