syzbot

 sign-in | mailing list | source | docs
🐞 Open [1672]
Subsystems
🐞 Fixed [6088]
🐞 Invalid [15143]
Missing Backports [162]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: wild-memory-access Read in lookup_swap_cgroup_id

Status: upstream: reported on 2025/03/11 14:06
Subsystems: cgroups mm
[Documentation on labels]
Reported-by: syzbot+d26257274cf7b53db74a@syzkaller.appspotmail.com
First crash: 5d09h, last: 5d09h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [cgroups?] [mm?] KASAN: wild-memory-access Read in lookup_swap_cgroup_id 0 (1) 2025/03/11 14:06

Sample crash report:
==================================================================
BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: wild-memory-access in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: wild-memory-access in __swap_cgroup_id_lookup mm/swap_cgroup.c:28 [inline]
BUG: KASAN: wild-memory-access in lookup_swap_cgroup_id+0x82/0xf0 mm/swap_cgroup.c:127
Read of size 4 at addr 0007c8805a01cd3c by task udevd/5306

CPU: 0 UID: 0 PID: 5306 Comm: udevd Not tainted 6.14.0-rc5-syzkaller-00039-g848e07631744 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_report+0xe3/0x5b0 mm/kasan/report.c:524
 kasan_report+0x143/0x180 mm/kasan/report.c:634
 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 __swap_cgroup_id_lookup mm/swap_cgroup.c:28 [inline]
 lookup_swap_cgroup_id+0x82/0xf0 mm/swap_cgroup.c:127
 swap_pte_batch+0x142/0x330 mm/internal.h:333
 zap_nonpresent_ptes mm/memory.c:1634 [inline]
 do_zap_pte_range mm/memory.c:1702 [inline]
 zap_pte_range mm/memory.c:1742 [inline]
 zap_pmd_range mm/memory.c:1834 [inline]
 zap_pud_range mm/memory.c:1863 [inline]
 zap_p4d_range mm/memory.c:1884 [inline]
 unmap_page_range+0x1bb5/0x4510 mm/memory.c:1905
 unmap_vmas+0x3cc/0x5f0 mm/memory.c:1995
 exit_mmap+0x283/0xd40 mm/mmap.c:1284
 __mmput+0x115/0x420 kernel/fork.c:1356
 exit_mm+0x220/0x310 kernel/exit.c:570
 do_exit+0x9ad/0x28e0 kernel/exit.c:925
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x168c/0x1720 kernel/signal.c:3036
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 irqentry_exit_to_user_mode+0x7e/0x250 kernel/entry/common.c:231
 exc_page_fault+0x590/0x8b0 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x56281d3a39d0
Code: Unable to access opcode bytes at 0x56281d3a39a6.
RSP: 002b:00007ffd4e66dab0 EFLAGS: 00010246
RAX: 00007ffd4e66dac8 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00007ffd4e66dad8 RDI: 00007ffd4e66db10
RBP: 000056283b5a6980 R08: 0000000000000007 R09: a02c58fefe889121
R10: 00000000ffffffff R11: 0000000000000246 R12: 000056283b5a6980
R13: 00007ffd4e66db98 R14: 0000000000000000 R15: 000056281d3ae4df
 </TASK>
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/06 20:44 upstream 848e07631744 831e3629 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: wild-memory-access Read in lookup_swap_cgroup_id
* Struck through repros no longer work on HEAD.