syzbot


KASAN: out-of-bounds Read in __switch_to (2)

Status: fixed on 2020/11/16 12:12
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+2667188e965125ab6e7a@syzkaller.appspotmail.com
Fix commit: a49145acfb97 fbmem: add margin check to fb_check_caps()
First crash: 1469d, last: 1469d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel paging request in cfb_imageblit (log)
Repro: syz .config
  
Fix bisection: fixed by (bisect log) :
commit a49145acfb975d921464b84fe00279f99827d816
Author: George Kennedy <george.kennedy@oracle.com>
Date: Tue Jul 7 19:26:03 2020 +0000

  fbmem: add margin check to fb_check_caps()

  
Discussions (1)
Title Replies (including bot) Last reply
KASAN: out-of-bounds Read in __switch_to (2) 1 (3) 2020/11/11 11:09
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: out-of-bounds Read in __switch_to kernel C 1 2103d 2103d 11/28 fixed on 2019/03/06 07:43
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/10/08 03:09 11m anant.thazhemadam@gmail.com upstream report log

Sample crash report:
==================================================================
BUG: KASAN: out-of-bounds in arch_end_context_switch arch/x86/include/asm/paravirt.h:625 [inline]
BUG: KASAN: out-of-bounds in __switch_to+0xddc/0xfe0 arch/x86/kernel/process_64.c:566
Read of size 8 at addr ffffffff89fc6bd8 by task swapper/1/0

CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

The buggy address belongs to the variable:
 pv_ops+0x118/0x2c0

Memory state around the buggy address:
 ffffffff89fc6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89fc6b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89fc6b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                       ^
 ffffffff89fc6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89fc6c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/09/29 11:04 upstream fb0155a09b02 1b88c6d5 .config console log report syz ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.