[Android 5.10] KASAN: use-after-free Read in rcu_cblist_dequeue (2)
0 views
Skip to first unread message
syzbot
5:37 PM (2 hours ago) 5:37 PM
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 72aefab72b3d Merge android13-5.10 into android13-5.10-lts
git tree: android13-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=157b41ae580000
kernel config: https://syzkaller.appspot.com/x/.config?x=29727da16e7886e6
dashboard link: https://syzkaller.appspot.com/bug?extid=9af7a950e2022ebb6dd4
compiler: Debian clang version 22.1.6 (++20260514074242+fc4aad7b5db3-1~exp1~20260514074407.73), Debian LLD 22.1.6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145b7986580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16e592ae580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d25a985f17e2/disk-72aefab7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/809e35bb9cae/vmlinux-72aefab7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/63dd8b1da3d1/bzImage-72aefab7.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9af7a9...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x6c/0xb0 kernel/rcu/rcu_segcblist.c:75
Read of size 8 at addr ffff8881115d3590 by task ksoftirqd/0/12
CPU: 0 PID: 12 Comm: ksoftirqd/0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
__dump_stack+0x21/0x24 lib/dump_stack.c:77
dump_stack_lvl+0x1a7/0x208 lib/dump_stack.c:118
print_address_description+0x7f/0x2c0 mm/kasan/report.c:248
__kasan_report mm/kasan/report.c:435 [inline]
kasan_report+0x100/0x140 mm/kasan/report.c:452
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309
rcu_cblist_dequeue+0x6c/0xb0 kernel/rcu/rcu_segcblist.c:75
rcu_do_batc
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 72aefab72b3d Merge android13-5.10 into android13-5.10-lts
git tree: android13-5.10-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=157b41ae580000
kernel config: https://syzkaller.appspot.com/x/.config?x=29727da16e7886e6
dashboard link: https://syzkaller.appspot.com/bug?extid=9af7a950e2022ebb6dd4
compiler: Debian clang version 22.1.6 (++20260514074242+fc4aad7b5db3-1~exp1~20260514074407.73), Debian LLD 22.1.6
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145b7986580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16e592ae580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d25a985f17e2/disk-72aefab7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/809e35bb9cae/vmlinux-72aefab7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/63dd8b1da3d1/bzImage-72aefab7.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9af7a9...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x6c/0xb0 kernel/rcu/rcu_segcblist.c:75
Read of size 8 at addr ffff8881115d3590 by task ksoftirqd/0/12
CPU: 0 PID: 12 Comm: ksoftirqd/0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
__dump_stack+0x21/0x24 lib/dump_stack.c:77
dump_stack_lvl+0x1a7/0x208 lib/dump_stack.c:118
print_address_description+0x7f/0x2c0 mm/kasan/report.c:248
__kasan_report mm/kasan/report.c:435 [inline]
kasan_report+0x100/0x140 mm/kasan/report.c:452
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309
rcu_cblist_dequeue+0x6c/0xb0 kernel/rcu/rcu_segcblist.c:75
rcu_do_batc
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages