syzbot |
sign-in | mailing list | source | docs |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2021/10/30 10:32 | 10m | bisect fix | linux-4.19.y | error job log | |
| 2021/09/29 09:08 | 23m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/08/30 08:38 | 29m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/07/31 08:09 | 29m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/07/01 06:43 | 24m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/04/26 05:32 | 27m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/03/22 14:47 | 22m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/02/20 14:24 | 22m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2021/02/17 20:56 | 18m | bisect fix | linux-4.19.y | error job log | |
| 2021/02/03 22:43 | 0m | bisect fix | linux-4.19.y | error job log | |
| 2021/01/04 22:18 | 24m | bisect fix | linux-4.19.y | OK (0) job log log | |
| 2020/12/05 21:41 | 26m | bisect fix | linux-4.19.y | OK (0) job log log |
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 kvm: failed to shrink bus, removing it completely ================================================================== BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:178 Read of size 8 at addr ffff8880a3fa4a00 by task syz-executor303/8118 CPU: 0 PID: 8118 Comm: syz-executor303 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354 kasan_report mm/kasan/report.c:412 [inline] __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433 kvm_vm_ioctl_unregister_coalesced_mmio+0x25a/0x2c0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:178 kvm_vm_ioctl+0x532/0x1700 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3276 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f0647b6d759 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd5619c6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0647b6d759 RDX: 00000000200000c0 RSI: 000000004010ae68 RDI: 0000000000000004 RBP: 00007ffd5619c6f0 R08: 0000000000000001 R09: 00007f0647b30031 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 8118: kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625 kmalloc include/linux/slab.h:515 [inline] kzalloc include/linux/slab.h:709 [inline] kvm_vm_ioctl_register_coalesced_mmio+0x51/0x350 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:146 kvm_vm_ioctl+0xc63/0x1700 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3267 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 8118: __cache_free mm/slab.c:3503 [inline] kfree+0xcc/0x210 mm/slab.c:3822 kvm_iodevice_destructor include/kvm/iodev.h:73 [inline] kvm_io_bus_unregister_dev.cold+0xf0/0x110 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3899 kvm_vm_ioctl_unregister_coalesced_mmio+0x1be/0x2c0 arch/x86/kvm/../../../virt/kvm/coalesced_mmio.c:180 kvm_vm_ioctl+0x532/0x1700 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3276 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8880a3fa4a00 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff8880a3fa4a00, ffff8880a3fa4a40) The buggy address belongs to the page: page:ffffea00028fe900 count:1 mapcount:0 mapping:ffff88813bff0340 index:0x0 flags: 0xfff00000000100(slab) raw: 00fff00000000100 ffffea0002919108 ffffea00028cf188 ffff88813bff0340 raw: 0000000000000000 ffff8880a3fa4000 0000000100000020 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a3fa4900: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc ffff8880a3fa4980: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc >ffff8880a3fa4a00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ^ ffff8880a3fa4a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc ffff8880a3fa4b00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2022/10/19 02:16 | linux-4.19.y | 3f8a27f9e27b | b31320fc | .config | console log | report | syz | C | [disk image] [vmlinux] | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |
| 2022/06/30 20:00 | linux-4.19.y | 3f8a27f9e27b | 1434eec0 | .config | console log | report | syz | C | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | ||
| 2020/11/05 19:25 | linux-4.19.y | b94de4d19498 | cba33199 | .config | console log | report | syz | C | ci2-linux-4-19 | |||
| 2022/09/04 15:46 | linux-4.19.y | 3f8a27f9e27b | 28811d0a | .config | console log | report | info | [disk image] [vmlinux] | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | ||
| 2022/08/19 05:19 | linux-4.19.y | 3f8a27f9e27b | 26a13b38 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2022/08/16 14:12 | linux-4.19.y | 3f8a27f9e27b | 7a7cb304 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2022/07/26 18:54 | linux-4.19.y | 3f8a27f9e27b | 279b89c2 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2022/06/30 19:45 | linux-4.19.y | 3f8a27f9e27b | 1434eec0 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2021/12/15 11:54 | linux-4.19.y | 3f8a27f9e27b | f752fb53 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2021/11/20 15:57 | linux-4.19.y | 3f8a27f9e27b | 4eb20a4e | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2021/06/01 06:21 | linux-4.19.y | 6b7b0056defc | 032639db | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2021/05/23 14:09 | linux-4.19.y | 1e986fe9ad15 | 3c7fef33 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2021/03/27 05:03 | linux-4.19.y | 78fec1611cbf | a8529b82 | .config | console log | report | info | ci2-linux-4-19 | KASAN: use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio | |||
| 2020/11/05 19:12 | linux-4.19.y | b94de4d19498 | cba33199 | .config | console log | report | info | ci2-linux-4-19 |