KASAN: slab-out-of-bounds Read in __bfs

Status: auto-closed as invalid on 2022/01/14 09:46
First crash: 415d, last: 415d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Read in __bfs (2) 19 20d 229d 0/24 upstream: reported on 2022/04/20 20:21
linux-4.14 general protection fault in __bfs 4 633d 777d 0/1 auto-closed as invalid on 2021/07/10 18:06
linux-4.14 general protection fault in __bfs (2) C 2 17d 50d 0/1 upstream: reported C repro on 2022/10/16 12:07

Sample crash report:
BUG: KASAN: slab-out-of-bounds in __bfs+0xea/0x300 kernel/locking/lockdep.c:1696
Read of size 8 at addr ffffffe00e8bffe0 by task syz-executor.0/5818

CPU: 0 PID: 5818 Comm: syz-executor.0 Not tainted 5.15.0-rc1-syzkaller #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000957e>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:112

Allocated by task 140279808:
(stack is not available)

Freed by task 13624:
(stack is not available)

The buggy address belongs to the object at ffffffe00e8bf800
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 992 bytes to the right of
 1024-byte region [ffffffe00e8bf800, ffffffe00e8bfc00)
The buggy address belongs to the page:
page:ffffffcf023aae00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8eab8
head:ffffffcf023aae00 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xffe000000010200(slab|head|node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000010200 0000000000000100 0000000000000122 ffffffe005601dc0
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2021, ts 3184747689000, free_ts 3181123489900
page_owner allocation stack trace missing
page_owner free stack trace missing

Memory state around the buggy address:
 ffffffe00e8bfe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffffffe00e8bff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffffffe00e8bff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffffffe00e8c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffe00e8c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dead loop on virtual device ipvlan1, fix it urgently!

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu2-riscv64 2021/10/16 09:45 git:// fixes 3ef6ca4f354c 0c5d9412 .config log report info KASAN: slab-out-of-bounds Read in __bfs
* Struck through repros no longer work on HEAD.