syzbot

 sign-in | mailing list | source | docs
🐞 Open [1504]
Subsystems
🐞 Fixed [6662]
🐞 Invalid [17054]
Missing Backports [214]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in run_irq_workd

Status: upstream: reported C repro on 2025/08/31 00:33
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+2617fc732430968b45d2@syzkaller.appspotmail.com
First crash: 52d, last: 26m
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] bpf: sync pending IRQ work before freeing ring buffer 1 (2) 2025/10/17 21:22
[syzbot] [kernel?] KASAN: vmalloc-out-of-bounds Read in run_irq_workd 0 (2) 2025/10/09 15:12
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/10/17 20:56 25m nooraineqbal@gmail.com patch upstream OK log
2025/09/24 16:03 22m retest repro upstream report log

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in irq_work_run_list kernel/irq_work.c:251 [inline]
BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190 kernel/irq_work.c:305
Read of size 8 at addr ffffc9000cc08090 by task irq_work/1/26

CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xca/0x240 mm/kasan/report.c:482
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 irq_work_run_list kernel/irq_work.c:251 [inline]
 run_irq_workd+0x116/0x190 kernel/irq_work.c:305
 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4b9/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc9000cc07f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000cc08000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc9000cc08080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                         ^
 ffffc9000cc08100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000cc08180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (162):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/09 15:11 upstream ec714e371f22 7e2882b3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/08/27 18:31 upstream fab1beda7597 e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/18 07:03 upstream cf1ea8854e4f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/18 04:41 upstream cf1ea8854e4f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/18 02:53 upstream cf1ea8854e4f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/17 20:37 upstream cf1ea8854e4f 7adf5298 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/17 18:40 upstream cf1ea8854e4f 7adf5298 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/17 14:51 upstream 98ac9cc4b445 7adf5298 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/17 13:06 upstream 98ac9cc4b445 7adf5298 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/17 08:41 upstream 98ac9cc4b445 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/17 04:32 upstream 98ac9cc4b445 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/15 09:45 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/15 08:23 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/15 03:27 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/15 03:21 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/15 02:15 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/14 22:29 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/14 20:57 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/14 14:00 upstream 3a8660878839 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/13 18:02 upstream 3a8660878839 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/13 07:26 upstream 3a8660878839 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/13 02:01 upstream 3a8660878839 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/13 00:38 upstream 67029a49db6c ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/12 19:09 upstream 67029a49db6c ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/12 17:47 upstream 67029a49db6c ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/12 12:51 upstream 67029a49db6c ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/12 11:38 upstream 98906f9d850e ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/12 07:47 upstream 98906f9d850e ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/11 21:27 upstream 0739473694c4 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/11 18:16 upstream 0739473694c4 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/11 16:10 upstream 0739473694c4 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/11 14:19 upstream 0739473694c4 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/11 12:51 upstream 0739473694c4 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/11 11:10 upstream 0739473694c4 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/11 06:12 upstream 917167ed1211 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/10 21:05 upstream 917167ed1211 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/10 04:30 upstream 18a7e218cfcd 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/10 03:11 upstream 18a7e218cfcd 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/09 22:06 upstream 18a7e218cfcd 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/09 17:30 upstream ec714e371f22 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/09 07:35 upstream ec714e371f22 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/08 03:07 upstream 971199ad2a0f 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/07 19:42 upstream 971199ad2a0f 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/07 17:09 upstream c746c3b51698 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/07 08:44 upstream c746c3b51698 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
* Struck through repros no longer work on HEAD.