KASAN: vmalloc-out-of-bounds Read in __text

Title	Replies (including bot)	Last reply
[PATCH bpf-next] bpf: bpf_prog_pack: set proper size before freeing ro_header	2 (2)	2022/02/17 21:20
[syzbot] KASAN: vmalloc-out-of-bounds Read in __text_poke	1 (2)	2022/02/14 19:53

================================================================== BUG: KASAN: vmalloc-out-of-bounds in memcmp+0x16f/0x1c0 lib/string.c:770 Read of size 8 at addr ffffffffa0601f40 by task syz-executor.0/10382 CPU: 1 PID: 10382 Comm: syz-executor.0 Not tainted 5.18.0-rc1-syzkaller-14467-gc317ab71facc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x495 mm/kasan/report.c:313 print_report mm/kasan/report.c:429 [inline] kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491 memcmp+0x16f/0x1c0 lib/string.c:770 memcmp include/linux/fortify-string.h:404 [inline] __text_poke+0x5a2/0x8c0 arch/x86/kernel/alternative.c:1094 text_poke_copy+0x66/0xa0 arch/x86/kernel/alternative.c:1170 bpf_arch_text_copy+0x21/0x40 arch/x86/net/bpf_jit_comp.c:2458 bpf_jit_binary_pack_finalize+0x44/0x110 kernel/bpf/core.c:1140 bpf_int_jit_compile+0xa74/0x13e0 arch/x86/net/bpf_jit_comp.c:2414 bpf_prog_select_runtime+0x2da/0x4b0 kernel/bpf/core.c:2208 bpf_prog_load+0xfe6/0x2250 kernel/bpf/syscall.c:2579 __sys_bpf+0x674/0x56b0 kernel/bpf/syscall.c:4889 __do_sys_bpf kernel/bpf/syscall.c:4993 [inline] __se_sys_bpf kernel/bpf/syscall.c:4991 [inline] __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4991 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fdb052890e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdb063f2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007fdb0539bf60 RCX: 00007fdb052890e9 RDX: 0000000000000080 RSI: 0000000020000300 RDI: 0000000000000005 RBP: 00007fdb052e308d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc9a6d586f R14: 00007fdb063f2300 R15: 0000000000022000 </TASK> Memory state around the buggy address: ffffffffa0601e00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffffffa0601e80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffffffa0601f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffffffa0601f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffffffa0602000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Manager	Title
2022/04/27 09:27	bpf-next	c317ab71facc	1fa34c1b	.config	console log	report	info	ci-upstream-bpf-next-kasan-gce	KASAN: vmalloc-out-of-bounds Read in __text_poke
2022/04/21 14:20	bpf-next	e1a34e19ea96	d4befee1	.config	console log	report	info	ci-upstream-bpf-next-kasan-gce	KASAN: vmalloc-out-of-bounds Read in __text_poke
2022/03/06 11:22	bpf-next	c344b9fc2108	7bdd8b2c	.config	console log	report	info	ci-upstream-bpf-next-kasan-gce	KASAN: vmalloc-out-of-bounds Read in __text_poke
2022/02/11 11:44	bpf-next	e5313968c41b	0b33604d	.config	console log	report	info	ci-upstream-bpf-next-kasan-gce	KASAN: vmalloc-out-of-bounds Read in __text_poke
2022/03/20 07:30	linux-next	91265a6da44d	e2d91b1d	.config	console log	report	info	ci-upstream-linux-next-kasan-gce-root	KASAN: vmalloc-out-of-bounds Read in __text_poke

Crashes (5):

Assets (help?)