syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields

Status: auto-closed as invalid on 2020/05/14 08:36
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+7b3b38c31d9cfd7c6f85@syzkaller.appspotmail.com
First crash: 1533d, last: 1533d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields 1 851d 851d 0/2 auto-closed as invalid on 2022/04/25 21:25
android-5-10 KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields (2) 1 608d 608d 0/2 auto-obsoleted due to no activity on 2022/11/25 15:27

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in init_srcu_struct_nodes kernel/rcu/srcutree.c:150 [inline]
BUG: KASAN: vmalloc-out-of-bounds in init_srcu_struct_fields+0x101a/0x1360 kernel/rcu/srcutree.c:180
Read of size 4 at addr ffffc9001621e8e0 by task syz-executor.1/14219

CPU: 1 PID: 14219 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x30b mm/kasan/report.c:374
 __kasan_report.cold+0x1b/0x32 mm/kasan/report.c:506
 kasan_report+0x12/0x20 mm/kasan/common.c:641
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:134
 init_srcu_struct_nodes kernel/rcu/srcutree.c:150 [inline]
 init_srcu_struct_fields+0x101a/0x1360 kernel/rcu/srcutree.c:180
 __init_srcu_struct+0x57/0x60 kernel/rcu/srcutree.c:196
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:696 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3604 [inline]
 kvm_dev_ioctl+0x37b/0x1520 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3656
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0x123/0x180 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:770
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c6c9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fd305ec0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd305ec16d4 RCX: 000000000045c6c9
RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000007
RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000038b R14: 00000000004c5eab R15: 000000000076bf2c


Memory state around the buggy address:
 ffffc9001621e780: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9001621e800: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
>ffffc9001621e880: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                                                       ^
 ffffc9001621e900: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9001621e980: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/14 08:36 upstream b19e8c684703 5d7b90f1 .config console log report ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.