syzbot

 sign-in | mailing list | source | docs
🐞 Open [1471]
Subsystems
🐞 Fixed [5846]
🐞 Invalid [14268]
Missing Backports [93]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap

Status: auto-obsoleted due to no activity on 2023/12/17 21:51
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+2f508e913916096bf53a@syzkaller.appspotmail.com
First crash: 474d, last: 415d
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly mm report (Sep 2023) 0 (1) 2023/09/11 10:07
[syzbot] [mm?] upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap 1 (2) 2023/08/14 18:28

Sample crash report:
Booting Linux on physical CPU 0x0000000000 [0x000f0510]
Linux version 6.6.0-rc5-syzkaller (syzkaller@syzkaller) (aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #0 SMP PREEMPT now
random: crng init done
Machine model: linux,dummy-virt
efi: UEFI not found.
NUMA: No NUMA configuration found
NUMA: Faking a node at [mem 0x0000000040000000-0x00000000bfffffff]
NUMA: NODE_DATA [mem 0xbf9f4000-0xbf9f6fff]
Zone ranges:
  DMA      [mem 0x0000000040000000-0x00000000bfffffff]
  DMA32    empty
  Normal   empty
  Device   empty
Movable zone start for each node
Early memory node ranges
  node   0: [mem 0x0000000040000000-0x00000000bfffffff]
Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff]
cma: Reserved 32 MiB at 0x00000000bb800000 on node -1
psci: probing for conduit method from DT.
psci: PSCIv1.1 detected in firmware.
psci: Using standard PSCI v0.2 function IDs
psci: Trusted OS migration not required
psci: SMC Calling Convention v1.0
percpu: Embedded 22 pages/cpu s51336 r8192 d30584 u90112
Detected PIPT I-cache on CPU0
CPU features: detected: Address authentication (architected QARMA5 algorithm)
CPU features: detected: HCRX_EL2 register
CPU features: detected: Virtualization Host Extensions
CPU features: detected: Hardware dirty bit management
CPU features: detected: Memory Tagging Extension
CPU features: detected: Asymmetric MTE Tag Check Fault
CPU features: detected: Spectre-v4
MTE: enabled in synchronous mode at EL1
alternatives: applying boot alternatives
kasan: KernelAddressSanitizer initialized (hw-tags, mode=sync, vmalloc=on, stacktrace=on)
Kernel command line: root=/dev/vda console=ttyAMA0 
Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
Fallback order for Node 0: 0 
Built 1 zonelists, mobility grouping on.  Total pages: 516096
Policy zone: DMA
mem auto-init: stack:all(zero), heap alloc:on, heap free:off
stackdepot: allocating hash table via alloc_large_system_hash
stackdepot hash table entries: 1048576 (order: 11, 8388608 bytes, linear)
software IO TLB: area num 2.
software IO TLB: mapped [mem 0x00000000b6d00000-0x00000000bad00000] (64MB)
Memory: 1904696K/2097152K available (25280K kernel code, 2454K rwdata, 10152K rodata, 1344K init, 1185K bss, 159688K reserved, 32768K cma-reserved)
==================================================================
BUG: KASAN: slab-out-of-bounds in __kasan_slab_alloc+0x7c/0xcc mm/kasan/common.c:331
Read at addr f2ff000002c01008 by task swapper/0
Pointer tag: [f2], memory tag: [f4]

CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc5-syzkaller #0
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x94/0xec arch/arm64/kernel/stacktrace.c:233
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:240
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x48/0x60 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0x108/0x618 mm/kasan/report.c:475
 kasan_report+0x88/0xac mm/kasan/report.c:588
 report_tag_fault arch/arm64/mm/fault.c:334 [inline]
 do_tag_recovery arch/arm64/mm/fault.c:346 [inline]
 __do_kernel_fault+0x17c/0x1e8 arch/arm64/mm/fault.c:393
 do_bad_area arch/arm64/mm/fault.c:493 [inline]
 do_tag_check_fault+0x78/0x8c arch/arm64/mm/fault.c:770
 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:846
 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:398
 el1h_64_sync_handler+0xd8/0xe4 arch/arm64/kernel/entry-common.c:458
 el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:590
 __kasan_slab_alloc+0x7c/0xcc mm/kasan/common.c:331
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook mm/slab.h:762 [inline]
 slab_alloc_node mm/slub.c:3478 [inline]
 slab_alloc mm/slub.c:3486 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3493 [inline]
 kmem_cache_alloc+0x144/0x290 mm/slub.c:3502
 kmem_cache_zalloc include/linux/slab.h:710 [inline]
 bootstrap+0x2c/0x174 mm/slub.c:4996
 kmem_cache_init+0x144/0x1c8 mm/slub.c:5059
 mm_core_init+0x240/0x2d4 mm/mm_init.c:2780
 start_kernel+0x220/0x5fc init/main.c:928
 __primary_switched+0xb4/0xbc arch/arm64/kernel/head.S:523

Allocated by task 0:
 kasan_save_stack+0x3c/0x64 mm/kasan/common.c:45
 save_stack_info+0x38/0x118 mm/kasan/tags.c:104
 kasan_save_alloc_info+0x14/0x20 mm/kasan/tags.c:138
 __kasan_slab_alloc+0x94/0xcc mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook mm/slab.h:762 [inline]
 slab_alloc_node mm/slub.c:3478 [inline]
 slab_alloc mm/slub.c:3486 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3493 [inline]
 kmem_cache_alloc+0x144/0x290 mm/slub.c:3502
 kmem_cache_zalloc include/linux/slab.h:710 [inline]
 bootstrap+0x2c/0x174 mm/slub.c:4996
 kmem_cache_init+0x134/0x1c8 mm/slub.c:5058
 mm_core_init+0x240/0x2d4 mm/mm_init.c:2780
 start_kernel+0x220/0x5fc init/main.c:928
 __primary_switched+0xb4/0xbc arch/arm64/kernel/head.S:523

The buggy address belongs to the object at ffff000002c01000
 which belongs to the cache kmem_cache of size 208
The buggy address is located 8 bytes inside of
 208-byte region [ffff000002c01000, ffff000002c010d0)

The buggy address belongs to the physical page:
page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42c01
flags: 0x1ffc00000000800(slab|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
page_type: 0xffffffff()
raw: 01ffc00000000800 f2ff000002c01000 dead000000000100 dead000000000122
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff000002c00e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff000002c00f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff000002c01000: f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4
                   ^
 ffff000002c01100: f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4
 ffff000002c01200: f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4
==================================================================
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
rcu: Preemptible hierarchical RCU implementation.
rcu: 	RCU restricting CPUs from NR_CPUS=8 to nr_cpu_ids=2.
	Trampoline variant of Tasks RCU enabled.
	Tracing variant of Tasks RCU enabled.
rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
Root IRQ handler: gic_handle_irq
GIC: Using split EOI/Deactivate mode
GICv2m: range[mem 0x08020000-0x08020fff], SPI[80:143]
rcu: srcu_init: Setting srcu_struct sizes based on contention.
arch_timer: cp15 timer(s) running at 62.50MHz (phys).
clocksource: arch_sys_counter: mask: 0x1ffffffffffffff max_cycles: 0x1cd42e208c, max_idle_ns: 881590405314 ns
sched_clock: 57 bits at 63MHz, resolution 16ns, wraps every 4398046511096ns
kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____)
Console: colour dummy device 80x25
Calibrating delay loop (skipped), value calculated using timer frequency.. 125.00 BogoMIPS (lpj=625000)
pid_max: default: 32768 minimum: 301
LSM: initializing lsm=lockdown,capability,landlock,yama,safesetid,tomoyo,smack,integrity
landlock: Up and running.
Yama: becoming mindful.
TOMOYO Linux initialized
Smack:  Initializing.
Smack:  Netfilter enabled.
Smack:  IPv6 Netfilter enabled.
Mount-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
Mountpoint-cache hash table entries: 4096 (order: 3, 32768 bytes, linear)
Detected PIPT I-cache on CPU1
CPU1: Booted secondary processor 0x0000000001 [0x000f0510]

Crashes (47):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/10/08 21:51 upstream 94f6f0550c62 5e837c76 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/10/07 18:50 upstream 59f3fd30af35 5e837c76 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/10/06 23:48 upstream 82714078aee4 ea12a918 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/10/05 17:05 upstream 3006adf3be79 becbb1de .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/10/02 18:33 upstream 8f1b4600373f 50b20e75 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/10/01 17:54 upstream ec8c298121e3 8e26a358 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/30 18:56 upstream 3b517966c561 8e26a358 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/29 17:36 upstream 71e58659bfc0 8e26a358 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/27 11:12 upstream 0e945134b680 2895a507 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/23 20:18 upstream 3aba70aed91f 0b6a67ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/23 20:18 upstream 3aba70aed91f 0b6a67ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/20 18:57 upstream a229cf67ab85 0b6a67ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/16 19:48 upstream ad8a69f361b9 0b6a67ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/15 20:28 upstream e42bebf6db29 0b6a67ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/15 20:28 upstream e42bebf6db29 0b6a67ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/13 22:27 upstream aed8aee11130 0b6a67ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/12 17:20 upstream a747acc0b752 59da8366 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/09 06:02 upstream 6099776f9f26 6654cf89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/08 20:46 upstream ca9c7abf9502 6654cf89 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/07 23:36 upstream d9b9ea589b47 72324844 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/07 19:21 upstream 4a0fc73da97e 72324844 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/06 17:18 upstream 744a759492b5 736a3c37 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/03 19:12 upstream 708283abf896 696ea0d2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/02 16:26 upstream 76be05d4fd6c 696ea0d2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/02 16:26 upstream 76be05d4fd6c 696ea0d2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/01 01:09 upstream 99d99825fc07 696ea0d2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/09/01 01:09 upstream 99d99825fc07 696ea0d2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/31 23:36 upstream 99d99825fc07 c9122619 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/31 00:48 upstream ef2a0b7cdbc5 84803932 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/30 18:53 upstream 1687d8aca548 84803932 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/30 17:28 upstream 872459663c52 84803932 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/29 23:55 upstream d68b4b6f307d ce731e62 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/29 22:54 upstream b96a3e9142fd ce731e62 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/29 21:54 upstream 651a00bc5640 ce731e62 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/29 19:03 upstream f97e18a3f2fb ce731e62 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/29 00:08 upstream 42a7f6e3ffe0 7ba13a15 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/26 19:35 upstream 28f20a19294d 7ba13a15 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/25 04:09 upstream 4f9e7fabf864 49be837e .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/25 00:12 upstream f8d6ff449094 6f19564f .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/23 22:39 upstream 93f5de5f648d 4d7ae7ab .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/23 16:44 upstream a5e505a99ca7 4d7ae7ab .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/21 06:09 upstream f7757129e3de d216d8a0 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/20 13:51 upstream 706a74159504 d216d8a0 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/12 16:58 upstream 3feecb1b8483 39990d51 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/11 20:19 upstream 360e694282fc 39990d51 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/11 10:35 upstream 25aa0bebba72 39990d51 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
2023/08/10 10:56 upstream 374a7f47bf40 da3c3ef8 .config console log report ci-qemu2-arm64-mte upstream boot error: KASAN: slab-out-of-bounds Read in bootstrap
* Struck through repros no longer work on HEAD.