general protection fault in tomoyo_check_acl

Tetsuo Handa penguin-kernel at
Tue May 26 12:58:29 UTC 2020

On 2020/05/26 12:46, syzbot wrote:
> general protection fault, probably for non-canonical address 0xe000026660000003: 0000 [#1] PREEMPT SMP KASAN
> KASAN: probably user-memory-access in range [0x0000333300000018-0x000033330000001f]
> CPU: 0 PID: 12489 Comm: systemd-rfkill Not tainted 5.7.0-rc6-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:tomoyo_check_acl+0xa9/0x3e0 security/tomoyo/domain.c:173

struct tomoyo_acl_info *ptr == 0x0000333300000000 is strange; such pointer
can't be linked into standard doubly linked list using list_add_tail_rcu().
Thus, this report would to be an victim of memory corruption.

More information about the Linux-security-module-archive mailing list