Re: KASAN: use-after-free Read in _free_event

From: Alexander Shishkin
Date: Mon Jun 24 2019 - 04:39:08 EST

Next message: Dan Carpenter: "Re: [PATCH -next v3] drm/amdgpu: return 'ret' immediately if failed in amdgpu_pmu_init"
Previous message: Suzuki K Poulose: "Re: [PATCH v2 13/28] drivers: Introduce class_find_device_by_of_node() helper"
In reply to: syzbot: "KASAN: use-after-free Read in _free_event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

syzbot <syzbot+37100ea87beb0cac28f4@xxxxxxxxxxxxxxxxxxxxxxxxx> writes:

> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+37100ea87beb0cac28f4@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> ==================================================================
> BUG: KASAN: use-after-free in atomic_read
> include/asm-generic/atomic-instrumented.h:26 [inline]
> BUG: KASAN: use-after-free in refcount_sub_and_test_checked+0x87/0x200
> lib/refcount.c:182
> Read of size 4 at addr ffff88804e9f06e0 by task syz-executor.5/13046

Looks exactly like [1]. There's a proposed fix there, too.

[1] https://marc.info/?l=linux-kernel&m=153111554522295

Regards,
--
Alex

Next message: Dan Carpenter: "Re: [PATCH -next v3] drm/amdgpu: return 'ret' immediately if failed in amdgpu_pmu_init"
Previous message: Suzuki K Poulose: "Re: [PATCH v2 13/28] drivers: Introduce class_find_device_by_of_node() helper"
In reply to: syzbot: "KASAN: use-after-free Read in _free_event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]