syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

UBSAN: undefined-behaviour in vhost_vq_reset

Status: upstream: reported C repro on 2020/09/17 01:38
Reported-by: syzbot+8d8e8804f63dd6b5c44c@syzkaller.appspotmail.com
First crash: 1556d, last: 1521d
Fix bisection: failed (error log, bisect log)
  

Sample crash report:
audit: type=1400 audit(1602764252.246:8): avc:  denied  { execmem } for  pid=6487 comm="syz-executor129" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
================================================================================
UBSAN: Undefined behaviour in drivers/vhost/vhost.c:116:62
load of value 127 is not a valid value for type '_Bool'
CPU: 0 PID: 6489 Comm: syz-executor129 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_load_invalid_value.cold+0x63/0x6f lib/ubsan.c:454
 vhost_init_is_le drivers/vhost/vhost.c:116 [inline]
 vhost_reset_is_le drivers/vhost/vhost.c:143 [inline]
 vhost_vq_reset.constprop.0.cold+0x15/0x1a drivers/vhost/vhost.c:325
 vhost_dev_init+0x442/0x780 drivers/vhost/vhost.c:463
 vhost_vsock_dev_open+0x1c9/0x310 drivers/vhost/vsock.c:629
 misc_open+0x372/0x4a0 drivers/char/misc.c:141
 chrdev_open+0x266/0x770 fs/char_dev.c:423
 do_dentry_open+0x4aa/0x1160 fs/open.c:796
 do_last fs/namei.c:3421 [inline]
 path_openat+0x7d5/0x2e90 fs/namei.c:3537
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441209
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe589ced48 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441209
RDX: 0000000000000002 RSI: 00000000200000c0 RDI: ffffffffffffff9c
RBP: 000000000000a255 R08: 0000000000000004 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401fb0
R13: 0000000000402040 R14: 0000000000000000 R15: 0000000000000000
================================================================================

Crashes (7602):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/10/15 12:19 linux-4.19.y a1b977b49b66 63869021 .config console log report syz C ci2-linux-4-19
2020/10/10 18:24 linux-4.19.y a1b977b49b66 b74c49a6 .config console log report syz C ci2-linux-4-19
2020/10/09 13:43 linux-4.19.y a1b977b49b66 fa79ed2a .config console log report syz C ci2-linux-4-19
2020/10/08 16:51 linux-4.19.y a1b977b49b66 92390980 .config console log report syz C ci2-linux-4-19
2020/10/07 15:28 linux-4.19.y a1b977b49b66 1880b4a9 .config console log report syz C ci2-linux-4-19
2020/10/07 15:08 linux-4.19.y a1b977b49b66 1880b4a9 .config console log report syz C ci2-linux-4-19
2020/10/07 13:24 linux-4.19.y a1b977b49b66 1880b4a9 .config console log report syz C ci2-linux-4-19
2020/10/05 17:24 linux-4.19.y b09c34517e1a 1880b4a9 .config console log report syz C ci2-linux-4-19
2020/10/04 17:49 linux-4.19.y b09c34517e1a 5ef9c291 .config console log report syz C ci2-linux-4-19
2020/10/03 13:23 linux-4.19.y b09c34517e1a 2653fa43 .config console log report syz C ci2-linux-4-19
2020/10/01 19:16 linux-4.19.y b09c34517e1a 4103fce0 .config console log report syz C ci2-linux-4-19
2020/09/29 08:57 linux-4.19.y 10ad6cfd5736 1b88c6d5 .config console log report syz C ci2-linux-4-19
2020/09/23 23:47 linux-4.19.y d09b80172c22 54289b08 .config console log report syz C ci2-linux-4-19
2020/09/22 12:56 linux-4.19.y 015e94d0e37b 3e8f6c27 .config console log report syz C ci2-linux-4-19
2020/09/22 04:01 linux-4.19.y 015e94d0e37b 9e1fa68e .config console log report syz C ci2-linux-4-19
2020/09/20 18:51 linux-4.19.y 015e94d0e37b 9564d2e9 .config console log report syz C ci2-linux-4-19
2020/10/21 22:16 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 20:23 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 19:10 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 17:54 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 17:21 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 16:13 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 15:08 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 13:59 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 12:44 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 12:03 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 11:26 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 10:58 linux-4.19.y ad326970d25c 99c64d5c .config console log report info ci2-linux-4-19
2020/10/21 09:34 linux-4.19.y ad326970d25c e761439e .config console log report info ci2-linux-4-19
2020/10/21 09:00 linux-4.19.y ad326970d25c e761439e .config console log report info ci2-linux-4-19
2020/10/21 07:42 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/21 06:40 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/21 05:17 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/21 04:03 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/21 02:11 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/21 01:14 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 23:27 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 22:22 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 22:15 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 21:14 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 20:06 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 18:13 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 18:05 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 16:59 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 15:40 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 14:29 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 14:05 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 12:58 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 11:25 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 10:34 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 09:30 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 08:18 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 07:19 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 06:07 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 05:02 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 04:23 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/10/20 03:11 linux-4.19.y ad326970d25c ff4a3345 .config console log report info ci2-linux-4-19
2020/09/17 01:37 linux-4.19.y a87f96283793 8247808b .config console log report info ci2-linux-4-19
* Struck through repros no longer work on HEAD.